**Session Date/Time:** 20 Mar 2025 02:30 # scitt ## Summary The SCITT working group met to discuss the architecture draft, Cozy receipt profiles, Scrappy API, and hackathon results. The group agreed to move the architecture draft to last call and discussed milestone updates. Key discussion points included the handling of unprotected headers, the relationship between SCITT and Sigstore, and the future of use case documentation. ## Key Discussion Points * **Architecture Draft Status:** The group is working towards last call for the architecture draft. Several updates have been made based on previous feedback. * **Append-only Log Content:** A detailed discussion was held regarding the content of the append-only log, specifically whether it should include the entire signed statement (including payload) or just a hash. It was clarified that implementations can vary but that the architecture does not require the inclusion of the payload. * **Unprotected Headers:** A significant portion of the meeting was dedicated to discussing the handling of unprotected headers in Cozy Sign 1 envelopes. The current decision is that the unprotected header *must* be nil when writing to the append-only log to maintain consistency and integrity. * **Use Cases:** There was discussion around including and managing use cases. The working group decided to merge some representative use cases into the architecture document for grounding context but not to publish them as an individual document. The question of a living use case document was discussed with multiple options considered, including maintaining the existing expired document. * **Scrappy API:** The group discussed the Scrappy API and its role as a minimal reference API for interacting with transparency services. Implementations and interoperability were discussed. * **Hackathon Results:** The hackathon focused on making SCITT more adoptable. Changes to eliminate JSON and rely on HTTP were discussed. The Hackathon resulted in positive findings on integrating SCITT with RFC 9472, the YANG model for software bill of materials (SBOMs). The result showed statements about statements can model actions. * **Statements about Statements**: There was agreement in the group that the existing architecture supports statements about statements. ## Decisions and Action Items * **Decision:** The architecture draft will be moved to last call. * **Action Item:** Chairs will schedule a virtual interim meeting approximately six weeks from now to address any feedback from the last call. * **Action Item:** Editors to incorporate clarity around the expense report use case and the handling of unprotected headers into the architecture draft. * **Action Item:** Maintainers to add icons used in presentations to the GitHub repository. ## Next Steps * Address any remaining issues in the architecture draft before last call. * Prepare for the virtual interim meeting by reviewing feedback from last call. * Continue development and implementation of Cozy receipt profiles and the Scrappy API. * Investigate potential further work on graph-based statements.