Skip to main content

Minutes interim-2023-scitt-12: Mon 15:00
minutes-interim-2023-scitt-12-202305081500-00

Meeting Minutes Supply Chain Integrity, Transparency, and Trust (scitt) WG
Date and time 2023-05-08 15:00
Title Minutes interim-2023-scitt-12: Mon 15:00
State Active
Other versions markdown
Last updated 2023-05-12

minutes-interim-2023-scitt-12-202305081500-00

Meeting notes

Today's aims:

  • Get restarted after a short break. Agreed new meeting time should be
    the old meeting time
  • Talk about topics per agenda email ent last week:
    • DiD topic (didn't conclude on the mailing list. Can we pick this
      up?)
    • Hackathon 117 target (what do we want to achieve, how does it
      guide the next few weeks of work?)
    • Agree most important topic for next run of work starting next
      week (current leading candidate is registration policies)

Agenda hacking:

  • Ray Lutz: It would be good to go over recent progress from hackathon
    onwards.
  • How do relying parties verify the integrity of the ledger behind the
    SCITT service?

  • Jon summarized the hackathon work from the last IETF meeting
    (Read-out here: https://youtu.be/nxL_YTmPvLU?t=1898s)

  • Roy added a few extra points about the work he has been doing at the
    hackathon.
  • Hannes asked whether the code Roy was working on is public.

  • Roy mentioned that he is looking into this topic.

Ledger audit:

  • Ray had a question about the level of audit of the ledger. Jon
    believes that the more we specify the details, the less room for
    innovation there is.
  • Discussion between Ray, Roy and Jon about the level of audit.
  • "What do we need to do"
  • Hannes asks Roy about what he means by "audit".
    *
  • Jon suggests to put audit on the agenda of a future meeting since it
    relates to security.

Hackathon:

  • Hannes wanted to know who is interested in the hackathon. Several
    people raised their hand, including

    • Dick (interested in querying the ledger)
    • Ray
    • Jon (will show up with his team)
    • Roy (needs to think about the topic)
    • Henk (interested in registration policies)
  • Jon noted: "Hacking" the spec is also important task at the
    hackathon.

DID:

  • Hannes gave an introduction to the DID discussion
  • Possibly a hackaton target

Testbed documentation:

  • Dick Brooks suggested creating a central repository of links to
    implemenetations for testing

  • Hannes suggested to put links to the datatracker page.

DID resolution:

Orie explained https://w3c-ccg.github.io/did-resolution/

DID methods work is currently stalled due to re-chartering. Most of the
member's time is currently spent on VCs.

Ray: How does this relate to the work presented during the KEYTRANS BOF
(see
https://datatracker.ietf.org/meeting/116/materials/agenda-116-keytrans-02)?

Henk suggests to use the existing DID method and then to feed our
experience back to the W3C. He believes that using DIDs gives us
flexibility for identity systems. We should not be discouraged

Dick: We use standard PKI libraries. Can we use the existing PKI / X.509
certificates?

Orie: If you have a key that is a certificate then you can think of
certs fitting inside of DIDs. In some sense they are solving the same
problem.
You can use both together.

Henk: This would be a fall-back use case.

Hannes: Can X.509 certificates be encoded in the key structures of the
DID?

Orie: Yes, there is an JWK structure that can contain a X.509
certificate.

Hannes suggests to form a "design team" to write about how to use DIDs
for SCITT as input to the architecture draft.

Joey Salazar will think about helping with the write-up. Hannes
encourages others in the group to also step forward.

Hannes will post a mail to the list asking for interest to participate
at the next IETF hackathon.

Agenda topics for the next meeting:

  • Registration policies
  • Hackathon (status update)
  • DID design team update