05 August 2024

Meeting recording

Attendees

Andreas Reich, TrustNXT
Andy Rosen
Christian Paquin, Microsoft
Drummond Reed, Gen Digital
Eric Scouten, Adobe
Gavin Peacock, Adobe
Karen Kilroy, FileBaby
Liviu Gheorghe, Adobe
Loren Hart, Noosphere Technologies
Michael Becker, Identity Praxis
Misha Deville, Vidos
Pamela Dingle, Microsoft
Paul England, Microsoft
Peleus Uhley, Adobe
Scott Perry, Digital Governance Institute
Tim Cappalli, Okta

Notes

Review previous action items

🎥 1'07": Review action items from previous meeting:

Identity assertion 1.0

Review PR #138: Write up section on credential revocation: ACTION: Eric to make minor wording changes as discussed in the meeting and merge. ✅
Eric to prepare PR that removes the example questions section from the “Name collisions” section. ✅: PR #158: Fold name collisions discussion into existing homoglyph and typo-squatting attack discussion reviewed by Peleus and merged.

Identity assertion 1.x (VC edition)

Review PR #157: Unify namedActor, affiliations, and identities into a single verifiedIdentities property. ACTION: Liviu to re-read PR and approve. Group otherwise approves merge. ✅: PR #157 reviewed by Liviu and Andreas and merged.
Review PR #147: Remove requirement for id field. ACTION: Eric to merge. ✅
Review PR #146: Remove issuer section. ACTION: Eric to modify the PR to retain a link to the VC data model section on issuer and merge. ✅
Discuss issue #151: Review description of boundTo property. ACTION: Eric to create PR per items discussed in meeting. ✅: We will discuss PR #159 later in this meeting.
Discuss issue #155: Write section on proof mechanisms. ACTION (any interested members): Review comments added in this issue. Will discuss later in this meeting.
Discuss issue #115: Provide meaningful differentiation between similarly-named actors. ACTION: Eric to close as not currently feasible. ✅

Identity 1.0 ratification vote POSTPONED

🎥 3'26": Late last week, we received a request to consider some new feedback and so the ratification vote is delayed until we can meet with the involved parties.

Open issues for identity 1.x

Review PR #159: Rename `boundTo` to `c2paAsset` and clarify some items

🎥 4'19": Review PR #159: Rename boundTo to c2paAsset and clarify some items.

There was a lengthy discussion about alternatives for what to call the signer_payload entry within the asset-specific credential. Ultimately, the group zeroed in on the existing proposal to rename boundTo to c2paAsset.

ACTION (✅): Eric to merge PR 159 as is.

Review PR #162: Tweak wording of `provider.name` entry

🎥 23'07": Review PR #162: Tweak wording of provider.name entry.

ACTION: Eric to revise PR 162 to include some consideration of localization and possibly a definition of user-visible string.

Review issue #160: Determine structure for `verifiedIdentities[?\].proof`

🎥 30'50": Review issue #160: Determine structure for verifiedIdentities[?].proof.

ACTION: Liviu and Eric to do further coding / research work to describe what the proof data structure should look like in this case.

Review issue #155: Write section on proofs

🎥 32'26": Review issue #155: Write section on proofs.

Again, tentative agreement that we would should use only COSE signatures to secure the VCs.

ACTION: Pam to discuss with Microsoft engineering team and report back next week.

Review issue #64: Consider stronger timestamping mechanism than W3C VC requires

🎥 36'43": Review issue #64: Consider stronger timestamping mechanism than W3C VC requires.

ACTION: Eric to explore whether we can reuse the COSE protected header mechanism for RFC 3161 timestamping in the VC approach.

Review issue #163: Does the approach taken in §8.1 change if issuer == named actor?

🎥 56'59": Review issue #163: Does the approach taken in §8.1 change if issuer == named actor?

ACTION: Eric to reach out to Will Kreth to explore signature scenarios.