03 June 2024

🎥 4'10": Review rendered version of PR #99, which contains a discussion of the trust model for the identity assertion.

🎥 9'25": Olaf requests that we add a definition of the word "trust." Michael Becker offers to provide a definition that we can use. (Filed as issue #121, marked as 1.0 blocker.)

🎥 19'47": Karen points out that the §9.3.2, “Name collisions” scenario can happen to organizations, too. Long discussion followed (without specific new resolution) about how to treat context of individuals and organizations to help content viewers make correct associations between similarly-named content producers. (Filed as issue #122, marked as 1.0 blocker.)

🎥 29'58": Christian and Lorie caution us against over-specifying trust list mechanisms and exact resolution of some of these problems, as this might unnecessarily delay the ratification of a 1.0 version of this specification. Some details can be left for subsequent versions of the specification.

🎥 33'48": Scott calls for an assessment of the threats in §9.3, “Threats to trust model,” to give a sense of the level of risk associated with each of the identified threats. (Filed as issue #120, marked for post-1.0 milestone.)

ACTION (✅): Eric to add to-do notes for items flagged in this meeting and merge PR 99.

🎥 33'48": Review PR #119, which follows up on last week’s request to include the expected signer_payload for other identity assertion signers in the expected_countersigners field.

ACTION: Eric to review feedback from Nigel and update. (Not completed; will carry over.)

🎥 46'14": As mentioned in the e-mail I sent out on Wednesday, I’d like to dig into a few top-of-mind issues regarding VCs and then brainstorm on what else needs to be done to land that part of the spec.

I’ll be at European Identity Conference the rest of this week. Here are three panels and presentations I’ll be making this week.