08 July 2024

Attendees

  • Andy Rosen

  • Candice Ward

  • Carly Huitema, U of Guelph

  • Clement Hecquet, Digimarc

  • Cole Davis, Switchchord

  • David Bigsby, Government of British Columbia

  • Edmond Cunningham, Arkeytyp

  • Eric Scouten, Adobe

  • Gavin Peacock, Adobe

  • Jacques Latour, CIRA

  • Jesse Carter, CIRA

  • Karen Kilroy, FileBaby

  • Konrad Bleyer-Simon, Global Media Registry

  • Loren Hart, Noosphere Technologies

  • Misha Deville, Vidos

  • Nigel Earnshaw, BBC

  • Pamela Dingle, Microsoft

  • Patrick Boehler, independent consultant

  • Peleus Uhley, Adobe

  • Richard W. Kroon, EIDR

  • Scott Perry, Digital Governance Institute

  • SΓ©bastien Testeau, Radio Canada

Notes

New members introduction

  • πŸŽ₯ 1'18": Misha Deville, Vidos

Meeting schedule going forward

πŸŽ₯ 2'06": Discussed meeting schedule going forward. I no longer have the schedule constraint that prevents an 8am meeting, so I’m now available to start meetings on the hour instead of at 8:30am Pacific.

ACTION (βœ…): Reschedule future meetings to start at 8:00am US Pacific / 11:00am US Eastern / 1500 UTC.

ACTION: Eric to propose an APAC-friendly meeting time in addition to current schedule.

Review PR #125: Define human trust vs technical trust

πŸŽ₯ 6'04": Review #125: Define human trust vs technical trust.

This PR and #128 were revised based on meetings with Jacques, Jesse, Lindsay, David B, and Peleus in the last week of June. Thank you all for great feedback!

ACTION: Eric to revise the PR to address the following feedback:

  • πŸŽ₯ 10'33": Add language around levels of assurance for credential issuance.

    • πŸŽ₯ 11'09": Stating do I understand the level of assurance offered by the issuing by the credential issuer and is it sufficient for me to accept the content as or the the statement of the named actor as? Valid and meaningful? Something like that.

  • πŸŽ₯ 15'05": Replace "human trust" with "reputation trust."

  • πŸŽ₯ 21'08": Add language to reputation trust section that reputation trust can evolve over time, even for the same identity assertion consumer.

  • πŸŽ₯ 21'50": Update section to make clear that it’s identity assertion consumer who is evaluating these topics. Also that reputation trust is subjective on the part of the identity assertion consumer.

Specific language proposals from chat:

  • Carly Huitema: Reputation trust - the history of understanding. I don’t necessarily always require to evaluate someone’s governance if they have always showed up after years of interactions

  • Jacques Latour: …​ while human trust requires both technical trust and governance trust to be established …​

  • Jacques Latour: Here’s my latest definition: Humans have β€œtrust lists” and we use them subconsciously:

    • Subjectivity: Trust is highly subjective and personal. What one person trusts, another might not.

    • Contextual: We might trust someone/something in one situation but not in another.

    • Dynamic: Trust is not static; it changes over time based on our experiences and interactions.

    • Unconscious Process: Often, our trust evaluations happen subconsciously, influenced by our past experiences, biases, and instincts.

    • Cultural Differences: Cultural backgrounds can significantly influence our trust evaluations.

Reviewers after above changes are made:

  • Jacques Latour

  • Pamela Dingle

OK to merge after their approval.

Review PR #128: Homoglyph attacks may not be directly solvable

πŸŽ₯ 27'28": Review #128: Homoglyph attacks may not be directly solvable.

ACTION: Eric to revise the PR to address the following feedback:

  • πŸŽ₯ 29'49": Fix typo: implementor should be implementer.

  • πŸŽ₯ 38'34": Rename section title to add duplicate names in addition to homoglyph attacks.

  • πŸŽ₯ 41'20": Add UX suggestion that the software tools that support identity assertion consumers are encouraged to provide at the user’s request additional detail, such as the unique identifiers behind the credential.

Reviewers after above changes are made:

  • Peleus Uhley

  • David Bigsby

OK to merge after their approval.

Review PR #119: Change the definition of expected_countersigners to require the expected signer_payload for other identity assertions

πŸŽ₯ 44'09": Review #119: Change the definition of expected_countersigners to require the expected signer_payload for other identity assertions

ACTION (βœ…): Eric to merge PR #119.

Road to 1.0 ratification

πŸŽ₯ 45'10": Once the above PRs are merged, that will leave one open item (#118: Refine wording for validation of credential status), which I have flagged for a follow-up discussion with Pia this week.

IMPORTANT: We will vote on ratification of the 1.0 version of the identity assertion in the 22 July 2024 meeting.

ACTION (all members): Last call for review of the 1.0-draft spec. Please flag any items that feel like blockers to you.

Review draft VC version of spec

πŸŽ₯ 48'35": Review recent changes to PR #126: Add VC schema description, which:

  • Replaces person with namedActor in the creator identity assertion schema.

  • Replaced Twitter with "Example Social Network" in the examples.

  • Added affiliations in the creator identity assertion schema.

ACTION: Eric to refine and prep PR updates for next week.

Early access to Rust SDK for identity assertion

πŸŽ₯ 55'15": I mentioned in the meeting that I’ve been working on a Rust implementation of the identity assertion that ties into the existing C2PA Rust SDK.

It’s early days and a lot needs to be implemented yet, but early access to this code is available on GitHub scouten-adobe/cawg-identity-core.