24 February 2024 (APAC)

🎥 1'33": Eric announced a joint collaboration agreement with the Decentralized Identity Foundation and Trust over IP Foundation to further the work of the group under a larger standards development organization.

Eric explained that a joint participation agreement has been agreed upon by the steering committees of both organizations, allowing a broader community to weigh in on the discussions. Participants who have signed the Community Specification License will need to sign an intellectual property agreement with DIF to continue their participation.

Andrew raised a question about the signature process for the new agreement, to which Eric responded that the details would be made available in the next few days.

Drummond Reed expressed enthusiasm for the new direction and suggested making a broader announcement through a Trust Over IP blog post. Eric agreed and mentioned working with Kim, Scott, and Drummond to draft the post and invite members from both organizations to participate actively.

Since several members were new to each other in the APAC meeting, we did a round of re-introductions

🎥 12'29": Eric proposed switching to an every-other-week meeting cadence with both time zones on the same week, starting from 10 March. The group agreed to this proposal.

Meeting times will be based on US Pacific time as they are now:

🎥 13'36": Action items from 10 February NA/EU:

Action items from 10 February APAC:

🎥 14'11": Reviewed PR #211: ICA validation section.

Eric reviewed changes made to the validation section, including allowing validators to continue validation at their option and flagging errors. The only must-stop conditions are parsing errors. The section on reasons for rejecting a verified identity was simplified to reference earlier rules.

Andrew raised a question about raising multiple status codes.

ACTION: Eric agreed to add a note clarifying that if a validator stops processing at the first failure, there may be other undetected failures.

🎥 19'58": Discuss proposed withdrawal of PR #210: Introduce new section, “C2PA Manifest validation prerequisites”. After discussion in last meeting, I believe this PR is no longer necessary.

ACTION (✅): Eric to close this PR without merging.

🎥 21'31": Eric and Scott recapped a recent conversation with Richard Kroon (EIDR), Will Kreth (HAND Identity), and Scott Perry (Digital Governance Institute) on how to incorporate media industry identifiers into C2PA ecosystem via CAWG.

The breakthrough in that meeting was understanding that trusted third parties attest to media participants' identities rather than using direct signing from the named actors themselves. This led to a new working theory that the existing X.509 flavor of the CAWG identity assertion can be used by industry associations to represent their attestations of media identifiers in combination with the CAWG metadata assertion to store those identifiers.

We agreed to form a subgroup to determine the correct placement of these identifiers within the CAWG metadata assertion, ensuring proper representation and standardization.

🎥 25'54": Scott Perry recapped a discussion held recently on stating levels of assurance in identity claims aggregation’s verifiedIdentities list and discuss potential next steps.

Scott and Drummond proposed adding levels of assurance to the identity claims aggregation’s verified identity list. They suggested passing through levels of assurance from recognized governance frameworks such as ISO, NIST, and eIDAS.

They proposed adding fields for level of assurance, source, and governance framework to provide more detailed information about the assurance level of each verified identity.

Drummond emphasized that the level of assurance should be contextual for each credential, and the identity claims aggregator should pass through the assurance level as asserted by the recognized governance framework. Scott highlighted the importance of including the governance framework to provide more information about the policies and ecosystem that issued the credential, ensuring transparency and reliability.

Andrew pointed out that different documents, such as passports and driver’s licenses, have varying levels of assurance. The group discussed the need to express these differences clearly.

Eric suggested that optional fields could be added to the `verifiedIdentities list to indicate the type of document verified and its level of assurance, providing more detailed information.

🎥 1h20'06": Andrew introduced the concept of identity hooks (see issue #216), which would allow privacy-preserving identifiers to be bound to future manifests. This would enable the evolution of identity signals over time.

Eric and Drummond expressed interest in exploring the concept further. They discussed the potential benefits and agreed to have a preliminary one-on-one conversation to delve deeper into the idea.