08 April 2024

Attendees

  • Andy Rosen

  • Brett Russell, Accuratius

  • Chris _, Verus

  • Christian Paquin, Microsoft

  • Drummond Reed, Gen Digital

  • Eric Scouten, Adobe

  • Jacques Latour, CIRA

  • Jesse Carter, CIRA

  • Judith Fleenor, Trust Over IP Foundation

  • Karen Kilroy, FileBaby

  • Leonard Rosenthol, Adobe

  • Lindsay Walker, Starling Labs

  • Lorie Groth, Digicert

  • Michael Becker, Identity Praxis

  • Nigel Earnshaw, BBC

  • Paul England, Microsoft

  • Peleus Uhley, Adobe

  • Radu Ghiorghisor, Adobe

  • Truman Esmond, Partnership for Insurance Information

  • Will Kreth, HAND (Human & Digital) Identity

Agenda

5 min: Start meeting

  • Start recording

  • Welcome and community specification license reminder

  • Agenda review and call for agenda items

5 min: New members introduction

New members in this meeting:

  • 🎥 3'14": Nigel Earnshaw, BBC

5 min: Update on endorsement assertion

🎥 4'27": If relevant members are present, discuss proposed update to endorsement assertion.

MOTION: Approve PR #2 to merge.

ACTION: Eric to follow up with Charlie Halford of BBC.

10 min: Review tbs to signer_payload PR

🎥 8'00": Follow-up to discussion from previous meeting about renaming tbs to signer_payload.

MOTION: Approve PR #89 to merge.

🎥 12'29": Approved with one minor wording change.

ACTION (✅): Eric to update wording as discussed and merge.

20 min: Review VC version take 3

🎥 12'57": Follow-up to discussions with Adobe stakeholders. Walk through proposed changes.

MOTION: Approve PR #90 as working draft for 1.x (VC) version of identity assertion specification.

Important discussion topics:

  • 🎥 17'09": Can we provide some kind of human-readable identifier for issuer?

  • 🎥 19'30": Delayed identification is possible with this mechanism.

  • 🎥 21'47": Use C2PA update manifest mechanism for re-issuing identifier with more info?

  • 🎥 24'46": Move to make this the current working draft of 1.x specification.

  • 🎥 25'35": Update on Rust toolkit for identity assertion. Available for experimentation now on GitHub: scouten-adobe/cawg-identity-core

  • 🎥 26'54": Invitation to connect with Open Wallet Foundation on wallet workflows.

ACTION (✅): Eric to mark PR #90 as draft for 1.x specification.

ACTION (issue #92): Drummond to arrange meeting with OWF Architecture SIG.

10 min: Review PR to allow additional credential mechanisms in 1.x spec

🎥 30'45": MOTION: Approve PR #74: Allow additional credential mechanisms to be added in future 1.x versions to merge.

Discuss two changes to PR #74: Allow additional credential mechanisms to be added in future 1.x versions since last week:

  • Change sig_type field to reserve cawg.* prefix for all CAWG-defined credential mechanisms.

  • Allow experimentation with other credential mechanisms (but require a non-CAWG prefix).

ACTION (issue #93): Leonard to add new language to C2PA Technical Specification regarding label assignment which may be reusable for CAWG purposes.

ACTION (✅): Eric to merge PR #74.

15 min: Review bidirectional binding issue (issue #67)

🎥 37'26": Discuss issue #67: Bidirectional binding of identity assertions and claims. Can we close this issue soon?

15 min: Discuss trust model (issue #22)

🎥 39'30": Discuss issue #22: Define identity assertion trust model. What are the basic requirements for the trust model?

Important discussion topics:

  • 🎥 40'39": Comparison to C2PA trust model; decentralized makes this more complicated

  • 🎥 42'04": Different credential types will require different trust types

  • 🎥 43'31": Also trust model will vary depending on how credentials are used (for example, pseudonymous identity)

  • 🎥 47'52": Perhaps adopt C2PA model of well-formed vs trusted credentials

  • 🎥 49'23": What are threat models?

  • 🎥 50'51": Argument against describing "valid" identity because it could be inaccessible to people with privacy concerns or access to tech

  • 🎥 52'08": Argument for digital trust ecosystems

  • 🎥 57'08": Can we add levels of assurance to some credentials? Otherwise, how is trust established?

  • 🎥 58'52": Tension between privacy preservation and measures for establishing trust

  • 🎥 1h00'16": Shout out to GLEIF as having established a digital trust mechanism

  • 🎥 1h01'40": Is assigning trust levels a tractable problem for this group?

  • 🎥 1h04'13": Call for prototype implementation

ACTION (issue #22): Eric to work up first draft of trust model section based on above discussion.

(if time): Follow up on zero-knowledge proof discussion (issue #84)

🎥 1h06'42": Christian Paquin added new comments about ZKP and AnonCreds in issue #89: Discussion of Zero Knowledge Identity Management.

Important discussion topics:

  • 🎥 1h07'32": There’s a big spectrum on privacy; design needs to follow choices about what scenarios we are attempting to address.

  • 🎥 1h07'53": Full-on privacy might be difficult due to the C2PA "inescapable super cookie" 🍪 (X.509 cert used to sign C2PA Manifests)

  • 🎥 1h11'32": AnonCreds 2.0 specification is compatible with W3C VC (yay!)

  • 🎥 1h13'35": Possible to address the "inescapable super cookie" problem by rotating self-signed certs?

No immediate action items.

5 min: Closing and review

🎥 1h20'45": Invitation to subsequent meetings, which will typically be on Mondays.

REMINDER: Next week’s meeting is cancelled in favor of Internet Identity Workshop. Several of us will be there and have extended invitations to connect in person.