Skip to main content

Minutes interim-2023-scitt-25: Mon 15:00
minutes-interim-2023-scitt-25-202307171500-00

Meeting Minutes Supply Chain Integrity, Transparency, and Trust (scitt) WG
Date and time 2023-07-17 15:00
Title Minutes interim-2023-scitt-25: Mon 15:00
State Active
Other versions markdown
Last updated 2023-07-17

minutes-interim-2023-scitt-25-202307171500-00

SCITT Virtual Interim Meeting - 17. July 2023

Scribe: Hannes Tschofenig

Hackathon @ IETF#117

Hannes asked participants to register to the hackathon and checked who
will be remote and on site. Jon and Hannes will work out time slots for
the remote participants.

John explained the hackathon goal again:

  • Get the use case proposed by Dick (FDA use case) working
  • Describe the API/protocol interactions at detail
  • Explain what is in- and out-side the scope of SCITT (layering)

Charlie asked about the available code.

Jon mentioned that code is available for the client side.
Here is the link: https://github.com/scitt-community/scitt-api-emulator

Orie WIP:
https://github.com/transmute-industries/transmute/tree/main/examples/scitt

Dick provided the Vendor-Response-File (VRF). Open Source VRF XML Schema
that is being gifted to IETF:
https://raw.githubusercontent.com/rjb4standards/REA-Products/master/SAGVendorSchema.xsd

Example VRF based on the open-source info:
https://raw.githubusercontent.com/rjb4standards/REA-Products/master/SAGVendorResponseSAMPLE.xml

Jon explains the plan for the hackathon demo:

Client in Python can send requests (via the REST API) to the HTTP server
(using flask). There are two backend options: CCF emulation (provided by
Microsoft) or Jon's backend

Any client implementation does not encode any details on the backend.
The receipts can be verified offline.

Jon wants to answer questions like query transparency srvice latest
entry for a given feed.

Henk suggested to work on "a resolver response in CBOR format".

Orie has an implementation of the COSE proofs draft.

Orie: We spent a lot of time discussing identifiers for artifacts.

Steve raised the issue of the slide preparation.

Roy asked where the company identifier topic will go.

Dick asked for remote access opportunities to the hackathon network.
Jon responded that he will provide a description on how to connect to
his transparency service.

Henk raises the issue about the KEYTRANS BOF again. If there are
KEYTRANS participants at the hackathon, we could reach out to them.

Jon and Hannes to organize a meeting with the KEYTRANS group.

Hannes asked about the speaker for the SCITT presentation. Henk
volunteered to be the backup.

Jon could give a presentation about the hackathon illustrating an e2e
scenario with SCITT.

Dick: I wrote an article showing how a SCITT Trust Registry could be
used for IoT Cybersecurity Labeling, consumer lookups:
https://energycentral.com/c/um/does-finland-have-answer-iot-labeling-us-federal-acquisition-rule-updates

Charlie suggested to look at operational aspects in the near future.