2023-02-22 Meeting notes

Owned by Heather Flanagan (Unlicensed)
Last updated: Mar 20, 2023
2 min read

approved

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/166002689

Date

Feb 22, 2023

Attendees

See the Participant roster

Voting (5 of 9 required for quorum)

Participant

Attending

Participant

Attending

1

Aronson, Marc

Regrets

2

Chaudhury, Atef / Krishnaraj, Venkat

Yes

3

Davis, Peter

 

4

D'Agostino, Salvatore

Yes

5

Hodges, Gail

 

6

Jones, Thomas

Yes

7

Thoma, Andreas

Yes

8

Wunderlich, John

Yes

9

Williams, Christopher

Yes

Non-Voting

Participant

Attending

Participant

Attending

1

Auld, Lorrayne

 

2

Balfanz, Dirk

 

3

Brudnicki, David

 

4

Dutta, Tim

 

5

Flanagan, Heather

Yes

6

Fleenor, Judith

 

7

Glasscock, Amy

 

8

Gropper, Adrian

 

9

Hughes, Andrew

 

10

Jordaan, Loffie

Yes

11

LeVasseur, Lisa

 

12

Lopez, Cristina Timon

 

13

Snell, Oliver

 

14

Stowell, Therese

 

15

Tamanini, Greg

 

16

Vachino, Maria

 

17

Whysel, Noreen

 

Other attendees

  •  

Goals

  • Check-in on work progress

  • Review draft outline and status of writing tasks

Discussion items (AKA Agenda)

Time

Item

Who

Notes

Time

Item

Who

Notes

5 min.

  • Start the meeting.

  • Call to order.

  • Approve minute

  • Approve agenda

@John Wunderlich 

Called to order: 10:03

Quorum reached: Yes

Minutes approved: Yes

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/148733953

@John Wunderlich to replace the opening graphic with the triangle diagram

0 min.

Open Tasks Review

All

 

15 min.

Workgroup Charter Update

@Christopher Williams

Present, review, and (hopefully) vote on the updated Work Group Charter

  • First paragraph of Background, shows examples of federated models. SSI has very different meanings to different people, and some people do not consider mDL as SSI. A better example would be VCs. The point is that the issuer and the verifier are not the same; that’s covered by “federated”. Remove the parenthetical. Also, “These actions” is not clear as to what actions it refers to; replace with “IAM Activities”

  • Audience section: “Holders that should produce” should be “Providers that produce”

  • Out of scope: where does the “limiting the content” come from? It was a concern that the scope was creeping into the Issuer’s business. We do have something to say about what goes into the mobile credential, so the first sentence is not exactly correct. Suggest “for the purposes of a credential database when generated”? Perhaps “requirements on data collection and use for a mobile credential when issued”? We’re trying to get to the issuance access. Alternatively: “Anything not directly implicated in the provisioning or issuance of the credential is out of scope.”

    • there seems to be some concern about what is a credential at all and what it contains; is what the holder chooses to present its own credential, or is the credential the complete set of issued data, which the holder then chooses what to share out of that credential

  • Heather will make last little cleanups and send to the list with a comment with the fact that attendees of today’s call recommend this for adoption. We will vote on this next week.

30 min.

Draft Report

@John Wunderlich

Review of proposed changes to PEMC Early Implementor's Guidance Report Editors Draft 2

5 min.

Other Business



Note that Tom Jones will be presenting this to NIST prior to 3/3 and would like to get any input possible before that meeting.

https://tcwiki.azurewebsites.net/index.php?title=Cybersecurity_Framework_for_Mobile_Credentials

 

Adjourn



10:48 am PT

Next meeting

Mar 1, 2023

Action items