Minutes interim-2023-scitt-12: Mon 15:00
minutes-interim-2023-scitt-12-202305081500-00

Meeting notes

Today's aims:

• Get restarted after a short break. Agreed new meeting time should be
  the old meeting time
• Talk about topics per agenda email ent last week:
  • DiD topic (didn't conclude on the mailing list. Can we pick this
    up?)
  • Hackathon 117 target (what do we want to achieve, how does it
    guide the next few weeks of work?)
  • Agree most important topic for next run of work starting next
    week (current leading candidate is registration policies)

Agenda hacking:

• Ray Lutz: It would be good to go over recent progress from hackathon
  onwards.

• How do relying parties verify the integrity of the ledger behind the
  SCITT service?

• Jon summarized the hackathon work from the last IETF meeting
  (Read-out here: https://youtu.be/nxL_YTmPvLU?t=1898s)

• Roy added a few extra points about the work he has been doing at the
  hackathon.

• Hannes asked whether the code Roy was working on is public.

  • https://github.com/scitt-community/scitt-api-emulator

• Roy mentioned that he is looking into this topic.

Ledger audit:

• Ray had a question about the level of audit of the ledger. Jon
  believes that the more we specify the details, the less room for
  innovation there is.
• Discussion between Ray, Roy and Jon about the level of audit.
• "What do we need to do"
• Hannes asks Roy about what he means by "audit".
  *
• Jon suggests to put audit on the agenda of a future meeting since it
  relates to security.

Hackathon:

• Hannes wanted to know who is interested in the hackathon. Several
  people raised their hand, including

  • Dick (interested in querying the ledger)
  • Ray
  • Jon (will show up with his team)
  • Roy (needs to think about the topic)
  • Henk (interested in registration policies)

• Jon noted: "Hacking" the spec is also important task at the
  hackathon.

DID:

• Hannes gave an introduction to the DID discussion
• Possibly a hackaton target

Testbed documentation:

• Dick Brooks suggested creating a central repository of links to
  implemenetations for testing

• Hannes suggested to put links to the datatracker page.

DID resolution:

Orie explained https://w3c-ccg.github.io/did-resolution/

DID methods work is currently stalled due to re-chartering. Most of the
member's time is currently spent on VCs.

Ray: How does this relate to the work presented during the KEYTRANS BOF
(see
https://datatracker.ietf.org/meeting/116/materials/agenda-116-keytrans-02)?

Henk suggests to use the existing DID method and then to feed our
experience back to the W3C. He believes that using DIDs gives us
flexibility for identity systems. We should not be discouraged

Dick: We use standard PKI libraries. Can we use the existing PKI / X.509
certificates?

Orie: If you have a key that is a certificate then you can think of
certs fitting inside of DIDs. In some sense they are solving the same
problem.
You can use both together.

Henk: This would be a fall-back use case.

Hannes: Can X.509 certificates be encoded in the key structures of the
DID?

Orie: Yes, there is an JWK structure that can contain a X.509
certificate.

Hannes suggests to form a "design team" to write about how to use DIDs
for SCITT as input to the architecture draft.

Joey Salazar will think about helping with the write-up. Hannes
encourages others in the group to also step forward.

Hannes will post a mail to the list asking for interest to participate
at the next IETF hackathon.

Agenda topics for the next meeting:

• Registration policies
• Hackathon (status update)
• DID design team update