darrellodonnell
commented
3 months ago Does the governance of C2PA, DIACC, or others (e.g. Professional Engineers Ontario) cover "what does membership mean"?
I ask as you need to know the context that you're asking the (XYZ) question in. If you're looking for "can Darrell sign this engineering drawing in Ontario?" the answer fits the XYZ question format.
If the question is, "Is Darrell a P.Eng. in Ontario, and what does that mean?", you may be asking the wrong question OR you need additional capabilities beyond a very basic trust registry query.
FYI- I retired my P.Eng. license last year so the answer is "no" to both!
mathieuglaude
At the heart of it, trust registries serve a broader purpose than merely delineating authority; they act as a foundational source of truth, albeit sometimes reflecting authority. This distinction becomes crucial when we dive into the practical applications of trust registries across various scenarios.
Consider the case where we're trying to verify if a particular entity, let's call it Entity X, is authorized to perform a specific action (Y) under a defined governance model (Z). This framework is straightforward when we're discussing credential issuance. However, it becomes less clear when we extend the use case to, for example, verifying membership in a coalition or an association. The current language and structure of trust registries, while effective for credential issuance, fall short in addressing membership validations or affiliations with entities like the C2PA or the DIACC.
This limitation has led me to view trust registries not just as arbiters of authority but as comprehensive sources of truth, underpinned by a governance model. Such a perspective allows for a more versatile application of trust registries, accommodating a wider array of use cases beyond credential issuance. For instance, a trust registry could confirm membership, verify credential issuance capabilities, or even validate credential verification rights. This broader utility underscores the need for trust registries to be adaptable and inclusive of various governance models.
However, the concept of assurance levels within trust registries introduces a layer of complexity. The assurance or trustworthiness of information in a trust registry is inherently tied to its governance model. Yet, this doesn't imply a one-size-fits-all approach to integrity or trust. Different scenarios may necessitate different models of governance, thereby influencing the perceived level of assurance.
For example, a mining operation might be deemed trustworthy based on a set of criteria that includes permit status, adherence to regulatory standards, or even credentials issued by provincial authorities. This approach to defining trustworthiness highlights the need for flexibility in how trust registries are structured and utilized.
We've explored the idea that trust registries should not be confined to a rigid model. Just as lists of certified public accountants (CPAs), lawyers, or even doctor rating systems serve as sources of truth within their respective domains, trust registries should be capable of accommodating a diverse range of governance models. Each list, each registry, provides a source of truth based on its unique governance, whether it's a professional certification or a consumer rating.
The overarching theme of our exploration is the need for trust registries to evolve beyond their current scope. The language and structure used today are heavily geared towards credential issuance, yet the potential applications of trust registries are far more expansive. Whether or not to incorporate levels of assurance into this framework remains a topic for further discussion. Nonetheless, the imperative is clear: trust registries must be designed to support a multitude of use cases, each with its own set of requirements and governance models.
Note: just like Issue #21, I can move this to 'Discussions' if its better suited for over there @darrellodonnell.