Skip to content
This repository has been archived by the owner on Nov 14, 2023. It is now read-only.

SCITT Components #21

Merged
merged 11 commits into from
Oct 24, 2022
Merged

SCITT Components #21

merged 11 commits into from
Oct 24, 2022

Conversation

SteveLasker
Copy link
Contributor

@SteveLasker SteveLasker commented Oct 20, 2022

As SCITT is in active design through the IETF SCITT working group, these documents aim to facilitate various design discussions, based on a set of SCITT primitives and scenarios that benefit from the SCITT primitives.

Previewing the changes: Start here

Signed-off-by: Steve Lasker [email protected]

Signed-off-by: Steve Lasker <[email protected]>
@SteveLasker
Copy link
Contributor Author

Note: the initial DRAFT PR was provided for PR comments. As this gets filled out, we'll move from Draft to PR and continue to iterate.

SCITT provides a set of components enabling Supply Chain, Integrity, Transparency and Trust.
(See [What Is SCITT][WHAT_IS_SCITT])
But what are the scenarios that SCITT enables?
This collection of docs will describe the core components of SCITT, and how it can be enabled and extended to support a breadth of use cases.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we address registration policy as well since it's a core component of SCITT?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure what you mean.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kkarunakaran89, are you referring to the ingress policy: https://github.com/ietf-scitt/scitt-web/, where a SCITT admin can limit the identity providers?

Copy link
Collaborator

@kkarunakaran89 kkarunakaran89 Oct 24, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @SteveLasker , yup that's one component of it. The reason why I made the comment was due to a lack of reference to registration polices when it comes to SCITT interaction (see interacting with SCITT - https://ietf-scitt.github.io/scitt-web/ ). Wondering if we should capture intent around policies; not just the ingress portion of it but also, for example if an auditor during an audit finds out that the claim was not compliant to the registration polices of the transparency service, then the TS itself can be held liable.

@SteveLasker SteveLasker marked this pull request as ready for review October 20, 2022 23:12
@SteveLasker
Copy link
Contributor Author

I'm switching this to ready to review/merge.
The experiment is to keep pr #22 open, in draft form to enable continual feedback, while we still have readable content in main.

Copy link

@OR13 OR13 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR is very large.... you might not get great reviews on it.

I think we should accept, since it drastically improved the baseline.

@SteveLasker
Copy link
Contributor Author

Thanks, @OR13, i’ll incorporate the changes.

@SteveLasker
Copy link
Contributor Author

Thanks for the initial feedback. I'm out today but will incorporate the feedback, and tee up pages/issues for design discussions.

@yogeshbdeshpande
Copy link
Collaborator

@SteveLasker Great Initiative! Thanks for the nice pictures. We will aim to build on top of these!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants