Markdown Version | Session Recording | Session Materials

Session Date/Time: 18 Mar 2026 03:30

SPICE

Summary

The SPICE working group met at IETF 125 to discuss the progress of core documents, potential rechartering, and new work items. Significant progress was reported on draft-ietf-spice-sd-cwt. The chairs initiated a discussion on a charter update to better reflect the scope of the group's activities. A call for adoption was announced for the architecture document, and several new proposals regarding traceability, public key service providers, and actor chains were presented.

Key Discussion Points

Charter Review

• Heather Flanagan and Martin Reed presented a proposed addition to the SPICE charter to address gaps identified during document development.
• A poll was taken regarding the proposed direction:
  • Yes: 20
  • No: 3
  • Don't Care: 7
• Participants who indicated "No" were encouraged by the chairs to share their specific concerns on the mailing list. Consensus will be established on the list in coordination with the ADs.

Update on SD-CWT

Rohan Mahy presented updates on draft-ietf-spice-sd-cwt.

• Changes: 45 issues closed and 30 PRs merged. Key changes include the addition of decoy digests, use of IANA registered values, more precise CDDL, and the use of CTI (CWT ID) as an alternative to IAT (Issued At) for holders without clocks.
• Terminology: Discussion occurred regarding the terms "redacted" vs. "blinded." Brian Campbell and Justin Richer suggested aligning with the terminology used in SD-JWT. The sense of the room leaned toward "redacted" and "disclosed/revealed."
• Encryption: A discussion took place regarding the use of AEAD (Authenticated Encryption with Associated Data). Martin Reed suggested that since the plaintext must match a hash in the CWT anyway, the authentication tag might be redundant or misleading. Rohan Mahy noted that AEAD provides quick feedback during decryption of multiple or nested claims.

Credential Presentation Architecture

Brent Zundel presented draft-ietf-spice-vdcarch.

• The document aims to provide a unifying framework for the "three-party model" and define consistent terminology (Issuer, Holder, Verifier, etc.).
• Grace (DIF) noted that definitions for "registries" (for formats vs. for issuers) are currently confusing in the industry and should be clarified.
• Rohan Mahy suggested that terminology currently in the draft-ietf-spice-sd-cwt appendix (derived from RATS) might be better suited for this architecture document.
• Orie Steele and Brian Campbell discussed the need to align with RATS terminology, specifically regarding "inner verifiers."

Traceability Claims

Michael Prorock discussed the status of the traceability claims draft.

• The draft focuses on physical goods in supply chains.
• Wes Hardaker (SATP Chair) noted significant overlap with the Secure Asset Transfer Protocol (SATP) group's work on bills of lading.
• Karsten and Hank Birkholz suggested checking for overlap with the SCITT working group and ensuring the work falls within the SPICE charter scope.
• The chairs recommended seeking more participation and cross-group review before proceeding with adoption.

A Public Key Service Provider for Verification in Multiple Issuers and Verifiers

Yuning Jiang presented a proposal for a Public Key Service Provider (PKSP).

• The goal is to solve the public key distribution problem in large-scale, multi-domain environments by converting it into an on-demand query problem.
• Michael Prorock commented that the PKSP currently appears as a "monolithic black box" and requires more detail on its internal architecture and failure modes.
• The chairs invited the authors to solicit feedback on the mailing list.

Cryptographically Verifiable Actor Chains

Prasad presented a proposal for proving the provenance of delegation chains across multiple actors (e.g., AI agents) using cryptographic evidence.

• The proposal builds on RFC 8693 (OAuth Token Exchange).
• Heather Flanagan suggested that the work might be more appropriate for the OAuth or WIMSE (Whimsy) working groups. The author will follow up on the list to discuss the appropriate venue.

Decisions and Action Items

• Decision: The chairs will initiate a formal working group adoption call for draft-ietf-spice-vdcarch on the mailing list.
• Action Item: Rohan Mahy to check SD-JWT terminology to ensure consistency for draft-ietf-spice-sd-cwt.
• Action Item: Michael Prorock to socialize the traceability claims work with the SATP and SCITT working groups.

Next Steps

• Discussion on the proposed charter update will continue on the mailing list.
• Authors of draft-ietf-spice-sd-cwt will work toward a Working Group Last Call (WGLC) after resolving the encryption and terminology issues.
• The chairs will coordinate with other WGs (OAuth, SATP, SCITT, RATS) regarding the scope of the new work items presented.

Related Documents

draft-ietf-spice-sd-cwt, draft-ietf-spice-vdcarch