Minutes interim-2023-scitt-38: Mon 15:00
minutes-interim-2023-scitt-38-202310231500-00
| Meeting Minutes | Supply Chain Integrity, Transparency, and Trust (scitt) WG | |
|---|---|---|
| Date and time | 2023-10-23 15:00 | |
| Title | Minutes interim-2023-scitt-38: Mon 15:00 | |
| State | Active | |
| Other versions | markdown | |
| Last updated | 2023-11-20 |
Agenda
Posted Agenda
On 23rd October we'll continue our regular agenda of marching towards a
good state for -118.
With only a week to go we'll also need to nail down hackathon targets
and participants.
Revised agenda:
• Discussion on hackathon targets, participants and readiness (30
minutes)
• General readiness for -118
• Review open PRs
Note that the deadline for submission of drafts for -118 is 23:59 UTC
today, just hours away....
Here is a website with pointers to the drafts:
https://scitt.io/scitt-specs.html
Agenda hacking
Already implicitly included, but to be clear we'll need to cover off
readiness for draft submissions TODAY. The editors have been busy tying
up the PRs and Issues we discussed last night.
Minutes
Readiness for submission
Architecture
Lots of scrubbing and editorial, editors believe consensus was reached
on the Feed vs Sub debate. Some old merge conflicts led to a fork in
editing the same info in 2 different places...now fixed.
IETF tools enable a clear view of what's changed since -117:
https://author-tools.ietf.org/api/iddiff?url_1=https://www.ietf.org/archive/id/draft-ietf-scitt-architecture-02.txt&url_2=https://ietf-wg-scitt.github.io/draft-ietf-scitt-architecture/cleanup-for-118/draft-ietf-scitt-architecture.txt
Steve walks us through the PR#118.
Hannes thanks Steve for the work.
Dick: Thanks Steve as well. Do you still have a concept of a consumer
role/identity?
Steve: We changed the term from Consumer to Verifiers to make it more
generic.
Ray likes the change to Verifiers (instead of Consumers) although it is
used different than the term Verifier in the RATS context.
Charlie suggests to use the term Relying Party instead.
Charlie suggests that we come up with something that describes the actor
that looks at the data and makes a decision about it.
That actor is not verifying it.
Neal: Verifier is loaded - let us use "Relying Party". This role takes
all the data it gets and makes a decision.
Henk says that the architecture is about the authenticity level.
Yogesh asked for clarifications about why the Verifier - terminology is
not appropriate. (He joined late.)
Discussion about the term continues and then branches into the topic of
what functionality is included in the overall "product/solution"
Use cases
Steve submitted a version of the use case draft last week. Here is the
submitted version:
https://www.ietf.org/archive/id/draft-ietf-scitt-software-use-cases-02.html
Here is the Github repo:
https://github.com/ietf-wg-scitt/draft-ietf-scitt-software-use-cases
SCRAPI
Not yet ready for WG adoption nor for submission. Orie suggests to work
on it during the hackathon. Here is the snapshot of the draft:
https://github.com/ietf-scitt/draft-birkholz-scitt-scrapi
Hannes suggests to start the WGLC on the Use Case draft. Henk agrees.
IETF Presentations
-
Use Cases (if needed -- feedback from the WGLC)
-
Hackathon: usual 30 minutes, Jon happy to do this again or defer to
other WG members who are there. -
Architecture
- Summary since last
- Terminology updates
- Feed - Subject convergence for a series of statements about a
thing (Artifact) - Now focusing on the verification sceanrios, issuing receipts,
finding the series of statements about an Artifact - Receipts: consistency proofs vs inclusion proofs.
- Who audits? What can they reasonalby prove?
Use Case Updates since 117Last Call?
-
API Design Considerations
Hackathon targets and participants
Will be discussed on the mailing list.