11 March 2024
Attendees
-
Andy Parsons, Adobe
-
Andy Rosen
-
Carly Huitema, U of Guelph
-
Chris Staines, Arkeytyp
-
Christian Paquin, Microsoft
-
Drummond Reed, Gen Digital
-
Eric Scouten, Adobe
-
Gavin Peacock, Adobe
-
Jacques Latour, CIRA
-
Jesse Carter, CIRA
-
Judith Fleenor, Trust Over IP Foundation
-
Karen Kilroy, FileBaby
-
Leonard Rosenthol, Adobe
-
Lindsay Walker, Starling Labs
-
Michael Klein, Adobe
-
Orie Steele, Transmute
-
Orson Weems, FileBaby
-
Patrick Boehler
-
Paul England, Microsoft
-
Peleus Uhley, Adobe
-
Peter Carrescia, Confirm Identity
-
Will Kreth, HAND (Human & Digital) Identity
-
(unknown, via mobile)
Agenda
5 min: Start meeting
-
Start recording
-
Welcome and community specification license reminder
-
Agenda review and call for agenda items
5 min: New members introduction
🎥 1'40": New to this meeting:
-
Patrick Boehler, independent consultant
-
Judith Fleenor, Trust Over IP Foundation
5 min: Action item update
🎥 3'18": From previous meeting, most items will carry over to this week:
-
Issue #41: Privacy when verifying VCs – Eric to call subgroup meeting. CARRY OVER.
-
Issue #42: Add a Slack or Discord channel for this group – CARRY OVER.
-
Issue #43: Create an e-mail list for this group’s discussions – CARRY OVER.
-
Issue #44: Review presentation with key binding – discussed by Orie in meeting. Eric to follow up with Orie, Christian, and Riley. – CARRY OVER.
-
PR #59: Create
1.0-draftversion of the identity assertion specification – DONE (received the required approvals and was merged). -
PR #60: Create
1.x-add-w3c-vcversion of the identity assertion specification - UPDATED (re-review later in this meeting) -
PR #69: Resolve discussion about EKU requirements – UPDATED (review later in this meeting)
5 min: Invitation to review drafts
🎥 7'12": DISCUSSION: As per Community Specification License process §4: Specification development process, I intend to submit the following three assertion specifications for working group approval (currently in draft status) in the 18 March 2024 meeting:
4.2. Draft. Each Pre-Draft document of a Working Group must first be Approved to become a “Draft Specification.” Once the Working Group approves a document as a Draft Specification, the Draft Specification becomes the basis for all going forward work on that specification.
4.3. Working Group Approval. Once a Working Group believes it has achieved the objectives for its specification as described in the Scope, it will Approve that Draft Specification and progress it to “Approved Specification” status.
20 min: ICANN79 report
🎥 8'14": Jacques Latour (CIRA) shared a brief overview of the presentation that he, Darrell O’Donnell (Continuum Loop), Eric Scouten (Adobe), and Mathieu Glaude (Northern Block), delivered at the ICANN79 Community Forum. Our discussion centered around the theme of Digital Trust, exploring its various facets and implications. Details here: ICANN79: DNSSEC and Security Workshop and the recording is here.
Here’s a quick summary of what we covered:
-
The Path to Digital Trust Through Technical and Human Trust: We kicked off our presentation by discussing how both technical mechanisms and human factors contribute to establishing digital trust. (Starts at the 0-minute mark)
-
Content Authenticity: How to Trust Content Origin: Next, we delved into the importance of verifying the origin of digital content as a means to ensure its authenticity. (Begins at the 11-minute mark)
-
How Trust Registries Prevent Fraud, Scams, and Abuse: We also explored the role of trust registries in mitigating risks associated with fraud, scams, and abuse online. (Discussed at the 36-minute mark)
-
Closing Thoughts and Q&A from Forum Attendees: We concluded with a session for closing thoughts and addressed questions from the attendees, fostering an engaging dialogue on digital trust. (Concludes at the 56-minute mark)
We understand that achieving digital trust is a multifaceted effort, not limited to a single solution. It’s our belief that ongoing discussions across diverse communities are essential for exploring the wide range of tools and strategies at our disposal.
5 min: Follow-up on EKU restriction discussion
🎥 13'41": As requested in previous meeting, I raised PR #69: Resolve discussion about EKU requirements to close the discussion on EKU restrictions. Review and move to approve and merge.
ACTION: Group members, please review and approve or comment.
30 min: Review open issues for identity 1.0 milestone
🎥 14'01": There are 13 open issues that I’ve flagged as potentially relevant for the 1.0 version of the identity specification. Review these issues and make a plan for resolving them.
Reviewed the following issues:
-
🎥 14'44": #68: Is the ID assertion TBS-data expressive enough? — ACTION: Scouten to revise data structure to include a map as per Paul’s suggestion.
-
🎥 18'10": #26: Describe credential holder’s role in relation to the asset — ACTION: Review W3C VC version 2 (as previously commented in GH issue).
-
🎥 23'45": #67: Bidirectional binding of identity assertions and claims — ACTION: Paul England to propose wording once revised data structure in #68 is available.
-
🎥 30'57": #66: Lots of unnecessary hashing for identity assertions — DECISION: Not a blocker; reconsider after 1.0 specification.
-
🎥 40'16": #65: Identity signers cannot sign "dc:title" — DECISION: After discussion, this issue was withdrawn.
-
🎥 43'37": #64: Timestamping an identity assertion is not supported — DECISION: Not relevant for X.509 case because RFC 3161 countersignatures are supproted/encouraged. Moved this to W3C VC milestone, where it is relevant.
-
🎥 45'44": #63: Possible interaction in "multiple step processing" — ACTION: Scouten to draft PR with improved wording.
Impromptu discussions
-
🎥 48'35": Impromptu discussion about signatures and C2PA trust list. Referred the trust list discussion to C2PA TWG and Trust List TF.
-
🎥 52'07": Impromptu discussion about pluggable identity mechanisms and how CAWG will prioritize.
-
🎥 56'46": Christian Paquin has updated his proposal for Web domain trust anchor identity
10 min: Review 1.x-add-w3c-vc version of specification
Re-review PR #60, which creates a post-1.0 version of the specification with W3C VCs. Updated per @OR13 feedback. Did not cover in today’s meeting.