SCITT Interim Meeting (22.05.2023)

Agenda Bashing

KEYTRANS group chartering

Jon Geater believes there's a risk of significant overlap between SCITT
and the newly proposed KEYTRANS group. Can KEYTRANS just be a use case
on top of SCITT? If not, why not? Should SCITT be better?

Please review and form opinions on the proposed charter at:
https://docs.google.com/document/d/12NMFA0P1OYtE6_QoqP3J80tDr0z2-FEm2ZdiWeauAHE/edit

URLs for Transparent Statements #69

https://github.com/ietf-wg-scitt/draft-ietf-scitt-architecture/issues/69

Cedric goes through the issue.

Dick: We ran into similar issue and we called the solution "declaration
type".

Cedric: For querying the TS you may have a complex query language. Here
the goal is not to query but instead to identify one specific statement.

Hannes asking for use case in federation.

Cedric: Even if you forget compactness, if you are able to refer to a
statement it is more secure. In many cases you can put the full
statement there.
You can say that a new statement updates an old statement.

Henk: I thought we have normative text in the architecture about this
issue already. Henk submitted a comment on the issue.

Cedric: Your comment seems to assume that we are talking about the
payload. Here we are talking about a full-fletched statement - the full,
signed and registered statement.

Henk: I like the did web usage.

Longer discussion between Henk & Cedric.

Charlie: Is this a proposal for an option or is this the default?

Cedric: It is recommended for referring to a statement.

Charlie: I disagree with this. There has to be an option to maintain
everything. There is also an issue with air-gapped system. This is a
fundamental problem. I don't see the compactness as a good argument.

Cedric: You would distribute the statement together with the URL and
then you can compare the hash of the statement, as referenced in the
URL, with the statement.

Charlie: Compact is not necessarily always great. These are not gigantic
amounts of data.

Cedric: The option is there to distribute the transparent statement in
full.

Ray: The reference will be pretty important. The data will develop
incrementally. Initially, the public keys have to be put into the TS.
Then, we get data from some data and not from others. In the end, we
need to have a way to allow us to get to all of the data. (Give me all
the data for the election.) There needs to be a way to group everything
together - as a kind of "final" submission. Requirements: (a)
Incremental submissions, and (b) a final submission that references the
previous submissions.

Cedric: Every time you submit something, it is a separate statement.

Ray: You cannot allow corrections.

Ray asks a question about how to query for statements of a specific type
through the APIs. He sees this as a problem when the statements are
treated as "opaque".

Cedric: Updating a previous statement is a good use case.

Ray: Let's say we have a software (e.g. for a vehicle). After an
accident, we want to find out what software was used and what tests were
made. We have to be able to say that this software in this version with
those test results. There are a number of statements of the software
referring to the different stages. The correct version of the software
statement has to be found.

Hannes raised two issues: Cedric needs to find and document a good use
case for the reference. Second, Hannes does not like the did:web usage
for the reference because it is used to reference DIDs rather than
transparency statements. Hannes promises to post a comment to the issue.

Dick: Illustrates an example of query (TS and the subject) and relates
it to freshness of the data. Dick suggests to pick a simple use case to
see how the basic concepts work.

Cedric: This is something we need to do but it is outside the scope of
this specific issue. This is just a way to refer to a specific
transparent statement.

Henk: It is the responsibility of the issuer to provide information in
the statements to find the suitable statements.

Charlie: I don't have an issue with the "issuer" but rather with the
availability on the Internet.

Henk: You have to trust the issuer to put the appropriate information
into the claims.

Charlie: We have to work this through.

Cedric: This proposal is not to replace everything with references. If
you put a reference into a claim then you do not have to go over the
Internet to fetch the transparent statement.

Ray will post something to the mailing list.