...
Examples of types of actions that are prohibited at Linux Foundation meetings and in connection with Linux Foundation activities are described in the Linux Foundation Antitrust Policy available at http://www.linuxfoundation.org/antitrust-policy. If you have questions about these matters, please contact your company counsel, or if you are a member of the Linux Foundation, feel free to contact Andrew Updegrove of the firm of Gesmer Updegrove LLP, which provides legal counsel to the Linux Foundation.
Dial-in link
TBDhttps://zoom.us/j/93810537086
Attendees
- Sam Curren <sam@indicio.tech>
- James Ebert <james.ebert@indicio.tech>
- Akiff Manji <amanji@petridish.dev>
- Clecio Varjao <clecio.varjao@gov.bc.ca>
- Darrell O'Donnell <darrell.odonnell@continuumloop.com>
- Stephen Curran (Cloud Compass Computing Inc.) <swcurran@cloudcompass.ca>
- Sai Ranjit Tummalapalli <sairanjit.tummalapalli@ayanworks.com>
- Jakub Koci <jakub.koci@gmail.com>
- Jason Leach (BC Gov) <jason.leach@fullboar.ca>
Welcome / Introductions
Focus
Mobile Infrastructure
Discussion Topics
- Mobile Verifiers
- We need them.
- Flow
- Holder displays QR, Verifier scans with mobile app and sees the result. - Common Model, assumed by those new to industry.
- 'presenting' the QR code feels natural when 'presenting' a credential.
- QR is best as invitation, not requiring user to know in advance what to present.
- Verifier can also display QR.
- Speed of transaction
- User prepares to have transaction happen fast
- Preselect or preauthorize set of actions
- Can be assisted by governance / trust registry to find common targets
- build set of 'reapprovals' after done initially.
- save my authorization
- User prepares to have transaction happen fast
- Unique Features
- Offline Verifications
- Can't use shortened QR codes
- BLE Verification useful offline
- Needs framework support
- Machine Readable Governance - cached
- Cache schemas
- Cache public keys for verifiers?
- Pass file? (Interaction)
- NFC - Needs investigation
- Common Hardware
- Framework support required
- Offline aware
- UI Supports required
- Cache Needed
- Speed of local assets
- Mechanisms
- Trust Registry Protocols - https://wiki.trustoverip.org/display/HOME/ToIP+Trust+Registry+Protocol+Specification
- Machine Readable Governance
- Hard Coded
- TTL
- User Experience
- Clear for Holder
- Clear for Verifier
- Clear indication of where in the flow they are. Universal progress bar?
- Particularly for non-happy paths
- Internationalization / Localization
- Performance
- Auditing verifications
- reporting verifications back to main org
- minimal disclosure auditing
- knowing what is stored/passed
- Offline Verifications
- Actions Items
- Framework Support
- Caching
- Transport (BLE, NFC)
- Summary of existing state - Where are we?
- BLE
- NFC - how would it work? - Sebastian (Lissi)
- Docs about Machine Readable Governance is currently being used.
- Mike to provide overview in a few weeks, for now a presentation
- Trust Registries from ToIP - Darrell provided, to link
- How do verifiers get templates of presentation requests so they know what to ask.
- UX of selecting which you want to verify and doing verifications
- Use cases – e.g. Verifier is processing a line up going into an Event collecting Ticket+PoVaccination
- UX for some use cases
- Framework Support
- Device Recovery (Backup/Restore/SyncRecovery/Rotation to new keys)
- Backup / Restore Formats?
- https://w3c-ccg.github.io/universal-wallet-interop-spec/
- Data Model + app specific in the same format?
- Keep them separate?
- Security of backups?
- huge attack vector – e.g. family member restores backup to new device and uses data
- Is it possible to disable an old phone when a restoration is done to a new phone?
- Assumption is that encrypted backup goes one place, the recovery key goes elsewhere and the only come together for restore
- Is there more that can be done? Other protections?
- N of M recovery mechanism – e.g. Shamir's Secret Sharing (coolest algorithm ever!)
- Can this be done with self-service? Is that safe enough?
- Selective recovery – is that possible?
- Is there more that can be done? Other protections?
- Some things that can't be backed up or restored
- Example is a device-based keys – you can't back these up
- If there is a credential somehow tied to a device key, that credential must be reissued (and that's OK)
- Example is a device-based keys – you can't back these up
- How to do continuous backups (don't lose data)?
- File format
- File format for a full backup
- Contents – connections, credentials, history
- Will we have to do (more or less) continuous backup - full backup every time efficient enough vs. incremental? Classic backup issues.
- Treat this as an optimization for now
- File format for a full backup
- An RFC to define such a protocol to be used with a backup service – perhaps supplied by a mediator (but could be any connection).
- Setup backup – location, recovery key(s) (format – e.g. passphrase? biometrics?), restoration process
- Make backup – ongoing – data format
- Retrieve backup for restoration
- Restore backup using recovery key(s)
- How can Mobile OS features help with this?
- E.g. Backup/Restore of app data
- File format
- Secure Element usage
- Provinces Project - diagram, markdown - decisions when making a wallet.
- starting point for security framework oriented folks.
- Provinces Project - diagram, markdown - decisions when making a wallet.
- SDK / Embedding Agents into existing Mobile Apps
...
Call Recording
| Attachments | ||||||
|---|---|---|---|---|---|---|
|