17 June 2024

Meeting recording

Attendees

Andy Rosen
Candice Ward
Christian Paquin, Microsoft
Clement Hecquet, Digimarc
Cole Davis, Switchchord
Drummond Reed, Gen Digital
Eric Scouten, Adobe
Jesse Carter, CIRA
Karen Kilroy, FileBaby
Konrad Bleyer-Simon, Global Media Registry
Lindsay Walker, Starling Labs
Loren Hart, Noosphere Technologies
Lorie Groth, Digicert
Nigel Earnshaw, BBC
Olaf Steenfadt, Global Media Registry
Patrick Boehler, independent consultant
Pia Blumenthal, Adobe
Radu Ghiorghisor, Adobe
Richard W. Kroon, EIDR
Scott Perry, Digital Governance Institute
Sébastien Testeau, Radio Canada
Will Kreth, HAND (Human & Digital) Identity

Notes

New members introduction

🎥 1'20": Richard W. Kroon, EIDR

Review PR #125: Define human trust and technical trust

🎥 2'00": Review PR #125, which adds definitions for human trust and technical trust as per discussion two weeks ago.

ACTION: Eric to revise PR with following feedback:

🎥 2'48" (via Drummond): Review Trust Over IP glossary, which evolved from the CIRA doc that I previously cited.
🎥 6'35" (via Olaf): Add clarification that technical trust is objective and human trust is subjective.
🎥 9'08" (via Scott): Or maybe it’s not objective/subjective as previously stated?

Review PR #124: Name collisions apply to organizations, too

🎥 12'16": Review PR #124, which adds a quick note to signal that name collisions apply to individuals and organizations.

ACTION (✅): Eric to merge PR.

Re-review PR #119: Change the definition of `expected_countersigners` to require the expected `signer_payload` for other identity assertions

🎥 15'20": Review PR #119, which refines how we describe expected other identity assertions in the same C2PA Manifest.

Updated with requested changes from Nigel and Paul.

ACTION: Eric to re-revise PR with recent feedback from Nigel. OK from group to merge if Paul and Nigel approve latest draft.

Discuss remaining 1.0 TO DO issues

🎥 19'40": We have TO DO items to provide guidance for four remaining issues, mostly to do with threat modelling:

🎥 20'24": #115: Provide meaningful differentiation between similarly-named actors – ACTION (✅): Move to 1.x-add-vc milestone. Potentially relevant there.
🎥 30'31": #116: Add guidance regarding parsing and validation errors – ACTION (✅): Eric to propose new language. (PR #127)
🎥 33'35": #117: Add guidance for homoglyph and typo-squatting attacks – ACTION (✅): Eric to propose new language. (PR #128)
🎥 36'29": #108: Expand on distinction between provenance and rights management (not threat model) – ACTION (✅): Move to 1.x-add-vc milestone. Potentially relevant there.

Can we provide meaningful guidance in a short timeline for these? If not, do these need to be blockers for 1.0 ratification?

Road to 1.0 ratification

🎥 39'27": ACTION (all members): In next 2-3 weeks, please read the 1.0-draft spec closely and flag any items that feel like blockers to you. I’d like to move for ratification in July or have concrete issues and action items associated with any remaining blockers by then.

Review PR #126: VC schema description

🎥 42'12": Review PR #126, which provides schema description for the VC flavor of the identity assertion.

ACTION (all members, especially VC experts): Please review the rendered version of the PR here. Most changes start with §8.1.2, “Creator identity assertion.” We’ll re-review in next Monday’s meeting.

Readout on VC / DID method study

🎥 52'27": Candice Ward has produced a survey of VC tech usage in larger production instances that is intended to help guide us toward a generally-interoperable set of VC tech (DID methods, etc.) for CAWG use.

A shortened summary of this report was discussed in today’s meeting and is available here.