Skip to content

2023 07 24 Meeting Minutes

Jump to bottom
Tracy Kuhrt edited this page Jul 25, 2023 · 1 revision

recording

Agenda

Discussion

  • Digital Container Code Base - Need to follow up with Dan and Juliana on this item. People were not sure what was intended with this item.
  • Key Management System - We have spent time on defining this in previous meetings. The result of which can be found at Key Management Services
    • Discussion around additional work that needs to be done here. What is contained in our Key Management Services page is happy path and does not cover what happens if the device does not support the crypto primitives that have been defined
    • We need to account for two different interfaces and we should spend time on defining these in detail:
      1. Integration between the application and the wallet engine
        • Possible things that we might need are to delegate signing to the wallet or to ask for public keys from the wallet
      2. Integration between the wallet engine and the device
    • Some time was spent discussing app-to-app communication on devices. Android supports one-way communication but there is no way for two-way communication. DIDComm was brought up, but it has complexities such as needing a mediator to perform the two-way communication.
  • Credential Signature/Format - the person who added this to the list was not available in this meeting and therefore we skipped for the time being until that person is available.
  • Credential Management (into the wallet) - we spent quite a bit of time discussing the different things that this means to the people on the call. As such, there is a need to expand our components. One suggestion was that we have "into the wallet" and "out of the wallet", but we do not have a category for "in the wallet". Here are some possible interpretations of what this means:
    • Issuance or provisioning of a credential
    • Is this how credentials are held in the wallet?
    • How do I add something to my wallet?
    • How do I remove something from my wallet?
    • How do I locate something in my wallet?
    • How do I define rules on what I want to use for different types of transactions? Setting different parameters for when I use a particular credential
    • Revocation
    • Credential issuance and revocation should probably be represented as into the wallet; whereas, credential management would be about How am I storing that credential? How do I look that credential back up when I need to present it?
    • Separate this point into "credential issuance and revocation protocols", "credential management", and "storage"
    • Presentation/UI based: how does the wallet display terms of service to the user? How is the user able to see and comprehend their credential and see all the details? It's about how the user interacts. Can the user delete the credential? What happens upon deletion? Wallet needs to display explicit acceptance of credential being issued to ensure they do not get unwanted credentials. It's a lot of UI and presentation elements that go into how users interact with credentials in their wallet and manage them as in manage their life cycle.
    • Managing a whitelist of issuers that I accept credentials from or who I allow to receive credentials
    • Missing an interoperable trust format in this list
    • Portability: Import/Export when switching provider with limits on the credentials that can/cannot be transferred
      • policy driven
      • credential driven
    • Guardianship
    • Refresh credential issuance
Clone this wiki locally