Markdown Version | Session Recording

Session Date/Time: 17 Jul 2023 15:00

SCITT

Summary

This meeting primarily focused on the upcoming IETF hackathon and the IETF session. Discussions revolved around hackathon participation, specific technical objectives, available tooling, and strategic alignment with related IETF efforts and real-world use cases. A key aim for the hackathon is to demonstrate an end-to-end SCITT implementation for an FDA-related use case and to clarify the boundaries of the SCITT specification through architectural diagrams.

Key Discussion Points

• IETF Hackathon Participation:
  • Low registration for the hackathon was noted, with a call for interested parties to register, indicating SCITT as their topic.
  • Remote participation was discussed. Hank offered to set up an IETF Slack channel and provide a 360-degree camera for on-site participants to facilitate interaction. Chairs will schedule dedicated status update sessions for remote attendees (e.g., end of Saturday, Sunday).
• Hackathon Objectives (John):
  • The primary goal is a coding exercise to implement an end-to-end use case based on SCITT building blocks.
  • Specifically, demonstrating an FDA-related use case by registering a payload (using Dick's vendor response file schema) through the proposed SCITT REST API into both a commercial SCITT service and the open-source emulator, followed by verifiable receipt.
  • Produce a clear layering diagram to disambiguate what is within SCITT's scope (building blocks) versus what is built using SCITT components (e.g., identifiers, public keys, access controls, searchability).
  • Explore query functionality, such as retrieving the latest artifact by Security Version Number (SVN).
• Available Tools and Code:
  • The SCITT API emulator (Python, Flask) supports different backends (e.g., Microsoft's CCF algorithm emulator, Archivist's Merkel tree transparency log).
  • Client-side code is open-source (MIT licensed) and interoperable with current standards, utilizing libraries like Go-Cozy.
  • Dick's FDA use case materials (open source XML schema for vendor response file) will be made available and potentially donated to the IETF.
  • Ori has an implementation of the current Cozy Proofs draft (supporting consistency and inclusion proofs).
• Proposed Hackathon Topics:
  • Implementing the FDA use case and exploring query functionality (John).
  • Exercising the DID web method flow and documenting it (Ori).
  • Discussing a DID resolver response in CBOR format, considered a potential "low-hanging fruit" for standardization (Hank).
  • Interoperability testing of receipt verification on the client side with different Cozy libraries.
  • A suggestion was made to defer extensive discussion on "identifiers for artifacts, statements, and policies" to future meetings, to allow focus on other topics during the hackathon.
• IETF Session Preparation (Monday):
  • The SCITT WG session is scheduled for Monday. On-site participants (Hank, John, Ori, Mike Brooke) will need to finalize the agenda and speaker slots for status updates on the architecture and use case documents.
  • Steve offered to facilitate slide preparation remotely. Hank can prepare the presentation based on hackathon outcomes. John offered to present on SCITT scenarios and layering. An introductory description of SCITT for new participants would also be valuable.
• Identifier Discussion:
  • Roy raised the ongoing discussion about "company identifiers" and identity registration policy, highlighting its interconnection with the use of PGP keys and the potential for high rates of identity changes, which would make the issue more critical. Roy plans to consult with relevant experts during the IETF meeting.
• Engagement with Key Transparency (KeyTrans) WG:
  • Hank suggested engaging with the KeyTrans WG at the hackathon or IETF meeting due to potential overlap in their charter (defining transparency algorithms). The goal is to establish better dialogue and identify opportunities for reuse, especially regarding privacy requirements in KeyTrans. On-site SCITT participants may need to organize a side meeting.
• IOT Cyber Security Labeling Use Case:
  • Dick highlighted the new U.S. National Cyber Security Strategy's first milestone on IOT cyber security labeling (due September 30th). This presents a significant opportunity for SCITT to provide a trust registry for IOT device "trust readiness."
  • General discussion emphasized the importance of focusing on operational aspects and real-life deployments, not just cryptographic primitives, to demonstrate SCITT's viability for dynamic scenarios like supply chain integrity and labeling.

Decisions and Action Items

• Dick:
  • Register for the hackathon and indicate SCITT as a topic.
  • Provide the FDA use case payload to John for implementation.
  • Share a link to the open-source XML schema (vendor response file).
• Hank:
  • Set up an IETF Slack channel and video capabilities for remote hackathon participants.
  • Bring a 360-degree camera to the hackathon to improve remote visibility.
• Chairs (Hank, Ori):
  • Schedule dedicated status update sessions for remote hackathon participants (e.g., at the end of Saturday and Sunday).
• John:
  • Provide instructions for remote testing/interaction with his backend implementation.
  • Prepare an architectural diagram for the hackathon to clarify SCITT scope.
  • Present on the complete SCITT scenario/layering at the IETF session.
• WG Members (On-site: Hank, John, Ori, Mike Brooke):
  • Populate speaker slots for the IETF SCITT session on Monday.
• Steve:
  • Assist remotely with the preparation of slides for the IETF SCITT session.
• Roy:
  • Engage in discussions during the IETF meeting regarding "company identifiers" and identity registration policies.
• Chairs / On-site participants:
  • Attempt to organize a side meeting with members of the Key Transparency WG to discuss potential overlaps and collaboration.
• Dick:
  • Share the article on IOT cyber security labeling with the WG.

Next Steps

• Hackathon Execution: Focus on demonstrating the FDA use case, exploring query functionality, and developing architectural clarity.
• IETF Session Finalization: Complete the agenda and slide preparations for the Monday SCITT session.
• External Engagement: Pursue dialogue with the Key Transparency WG at the IETF meeting.
• Real-world Application: Continue discussing and demonstrating SCITT's applicability to emerging real-world use cases like IOT cyber security labeling and broader supply chain integrity.