Skip to content

Latest commit

 

History

History
51 lines (44 loc) · 2.46 KB

agenda.md

File metadata and controls

51 lines (44 loc) · 2.46 KB
Raw

Meeting - Thursday 22th July 2021 - (3pm ET)

Chair

Brent

Agenda

  1. Participant IPR status check
  2. Meeting Process
    1. Queuing
    2. Scribing/Note-taking: auto vs manual
    3. Storing notes, transcriptions, and recordings on github
  3. Resource curation - how to get started
  4. Work Items Process
    1. proposal template (decentralized-identity#3)
    2. can establish their own meetings and cadence
  5. Establishing a relationship with IETF, etc.
    1. cryptographic provenance logs, etc.
  6. Outreach to orgs/companies that are trying to do cryptographic software supply chain security.

Attendees

  • Brent Zundel
  • Michael Jones
  • Andreas Freitag
  • Andrew Whitehead
  • David Waite
  • Jeremie Miller
  • Kristina Yasuda
  • Srinath Setty
  • David Huseby
  • Tobias Looker
  • Mike Lodder

Notes

  • Tobias to create an initial resource curation document with some initial encryption schemes
  • Tobais PR: decentralized-identity#3
  • proposal for how the WG adopts new work items, main caveat is that all work items must have at least two co-owners from two different organizations.
  • how does this group best work with the IETF?
  • do we create a liaison relationship? IETF doesn't do that but it isn't necessary (i.e. OpenID Foundation as an example). the suggestion is to have people in both orgs and well thought out starting docs from outside orgs are welcomed.
  • at least three processes: put something in an existing WG, creating a new WG, or area director sponsorship.
  • Mike: when we're about 6 months out of submission we should engage the IETF.
  • Dave: suggestion that the work item proposals identify if the ultimate goal is an IETF/W3C standard and which process for migration is most likely and identify any existing WG's the work item would fit into.
  • Dave volunteers to: add language to work item template related to the standards creation.
  • outreach efforts: software supply chain, provenance of open source software. Who can we reach out to so we can schedule a BoF meeting (here or at IIW?)?
  • Mike: revocation approaches and related business requirements
  • privacy and scalable is obvious but what are the business requirements?
  • Andreas: business requirement of testing the revocation of an identity credential
  • Andreas: businesses don't care about the crypto details, just need revocation
  • Tobias: doing deeper threat analysis could help inform judging different approaches. there has been strong appetite for NIST