SCITT Components

[SteveLasker]

As SCITT is in active design through the IETF SCITT working group, these documents aim to facilitate various design discussions, based on a set of SCITT primitives and scenarios that benefit from the SCITT primitives.

Previewing the changes: Start here

Signed-off-by: Steve Lasker [email protected]

[SteveLasker]

Note: the initial DRAFT PR was provided for PR comments. As this gets filled out, we'll move from Draft to PR and continue to iterate.

[kkarunakaran89]

should we address registration policy as well since it's a core component of SCITT?

[OR13]

Not sure what you mean.

[SteveLasker]

@kkarunakaran89, are you referring to the ingress policy: https://github.com/ietf-scitt/scitt-web/, where a SCITT admin can limit the identity providers?

[kkarunakaran89]

Hi @SteveLasker , yup that's one component of it. The reason why I made the comment was due to a lack of reference to registration polices when it comes to SCITT interaction (see interacting with SCITT - https://ietf-scitt.github.io/scitt-web/ ). Wondering if we should capture intent around policies; not just the ingress portion of it but also, for example if an auditor during an audit finds out that the claim was not compliant to the registration polices of the transparency service, then the TS itself can be held liable.

[SteveLasker]

I'm switching this to ready to review/merge.
The experiment is to keep pr #22 open, in draft form to enable continual feedback, while we still have readable content in main.

[OR13]

PR is very large.... you might not get great reviews on it.

I think we should accept, since it drastically improved the baseline.

[SteveLasker]

Thanks, @OR13, i’ll incorporate the changes.

[SteveLasker]

Thanks for the initial feedback. I'm out today but will incorporate the feedback, and tee up pages/issues for design discussions.

[yogeshbdeshpande]

@SteveLasker Great Initiative! Thanks for the nice pictures. We will aim to build on top of these!