-
Notifications
You must be signed in to change notification settings - Fork 6
Conversation
Signed-off-by: Steve Lasker <[email protected]>
Note: the initial DRAFT PR was provided for PR comments. As this gets filled out, we'll move from Draft to PR and continue to iterate. |
SCITT provides a set of components enabling Supply Chain, Integrity, Transparency and Trust. | ||
(See [What Is SCITT][WHAT_IS_SCITT]) | ||
But what are the scenarios that SCITT enables? | ||
This collection of docs will describe the core components of SCITT, and how it can be enabled and extended to support a breadth of use cases. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should we address registration policy as well since it's a core component of SCITT?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure what you mean.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@kkarunakaran89, are you referring to the ingress policy: https://github.com/ietf-scitt/scitt-web/, where a SCITT admin can limit the identity providers?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @SteveLasker , yup that's one component of it. The reason why I made the comment was due to a lack of reference to registration polices when it comes to SCITT interaction (see interacting with SCITT - https://ietf-scitt.github.io/scitt-web/ ). Wondering if we should capture intent around policies; not just the ingress portion of it but also, for example if an auditor during an audit finds out that the claim was not compliant to the registration polices of the transparency service, then the TS itself can be held liable.
Signed-off-by: Steve Lasker <[email protected]>
I'm switching this to ready to review/merge. |
Signed-off-by: Steve Lasker <[email protected]>
Signed-off-by: Steve Lasker <[email protected]>
Signed-off-by: Steve Lasker <[email protected]>
Signed-off-by: Steve Lasker <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PR is very large.... you might not get great reviews on it.
I think we should accept, since it drastically improved the baseline.
Thanks, @OR13, i’ll incorporate the changes. |
Thanks for the initial feedback. I'm out today but will incorporate the feedback, and tee up pages/issues for design discussions. |
@SteveLasker Great Initiative! Thanks for the nice pictures. We will aim to build on top of these! |
Signed-off-by: Steve Lasker <[email protected]>
Signed-off-by: Steve Lasker <[email protected]>
Signed-off-by: Steve Lasker <[email protected]>
Signed-off-by: Steve Lasker <[email protected]>
Signed-off-by: Steve Lasker <[email protected]>
Nit feedback, missed in PR #21
As SCITT is in active design through the IETF SCITT working group, these documents aim to facilitate various design discussions, based on a set of SCITT primitives and scenarios that benefit from the SCITT primitives.
Previewing the changes: Start here
Signed-off-by: Steve Lasker [email protected]