Minutes 2023-10-09
Agenda:
Picking up from last week's items:
New PRs discussed duign the week:
Feeds:
| Steve - Today we already have the concept of multiple parties making "statements of quality" about products from other entites. NIST makes "statements of quality" on products | projects from multiple entities. Security companies make "statements of quality" on products | projects. It's up to the consumer to choose who to trust. |
Yogesh - how to coorelate across different SCITT instances? These
are separate problems. Is the bare information for the end users to
construct the feed to get associated statements from the registry
(TS) to get the data. Can provide an example in the SCITT guidance
documents.
reg_info
was not well documented. Highlightsreg_info
. Prompted for clarity forreg_info
. Based on 117, we don't beleive we need to have areg_info
and registration policy.reg_info
into two parts. Split outreg_info
,