Deferred
Alex Weinert at Microsoft enumerated attributes of a secure authentication credential:
Unguessable
Undisclosable
Multi-factor
Single--user
Local
Uninterceptable
Unphishable
Interesting that "strength" isn't in the list of attributes. ie is being discussed vs what is being taken for granted/table-stakes
UP: user prescense (tap the device)
UV: user verification (pin/face rec) → unlock entire store of keys
RP decides what is required of the authenticator (UP or UV)
New FIDO Spec, Device On-board, secure provisioning of IOT devices.
Any FIDO device users?
Will Apple/Google be the mDL device providers of the future? Wil there be other competitors?
On going work to be done about the convenince vs security of solutions, eg with private keys that can follow between devices like how pw managers work
Other ongoing/upcoming confernces?
A lot of (US) conferences are requiring people to setup the clear pass, and provide recent/on-site tests
Defer
Reviewed more pp2pi use-cases, broken down by objective and mapped to whther uma or uma delegation can meet the goal
Will continue this discussion next week
Report on FHIR API Vulnerabilities
Outcome of user stories discussion
PDP architecture includes the concept of governance registry/discovery
TOIP/SSI are starting to define this ecosystem function
ANCR records update
Privacy as Expected/ANCR update : 2/3 weeks out (Sal?)
As of October 26, 2020, quorum is 5 of 9. (Michael, Domenico, Peter, Sal, Thomas, Andi, Alec, Eve, Steve)
Voting:
Non-voting participants:
Regrets: