►
From YouTube: IETF-SCITT-20230213-1600
Description
SCITT meeting session at IETF
2023/02/13 1600
https://datatracker.ietf.org/meeting//proceedings/
B
E
D
I
have
to
say
the
scary
moment
there
when
Mahone's
ankle
kicked
out
on
him,
that
that
could
have
changed
the
whole
game.
C
So
I
guess
you
all
watched
it
and
it
was
super
exciting.
E
F
B
E
C
Okay,
perfect:
who
is
going
to
take
the
meeting
minutes
today?
Is
it
a
sort
of
combo
K
in
Kiran
or.
C
Thank
you
thanks
a
lot
I
see
Monty
as
well
and
cliffat,
so
we
have
two
topics
on
on
today's
agenda.
C
As
we
discussed
last
week,
we
want
to
wrap
up
or
get
it
out
and
get
a
first
version
of
the
use
case
document
out
and
then
the
second
item
is
we
wanted
to
talk
about
that
entity
management
since
it
was
brought
up
or
requested
by
Ray
last
week
and
then
two
weeks
ago,
or
so
when
we
talked
about
six
store,
salary
and
Factory
gave
a
presentation
or
talked
about
it.
We
also
spoke
about
augmented,
connect
and
and
the
role
of
it
for
user
and
sort
of
workload.
C
Slash
process,
Authentication,
okay,
let's
start
quickly
with
the
use
cases
Hank
or
anyone
who
who's
going
to
give
a
quick
update
and
and
an
introduction,
also
or
a
segue,
into
the
discussion
about
the
open,
PR.
H
Yeah
I
can
give,
of
course
yeah.
So
basically,
there
were
few
open
issues.
As
we
discussed
on
last
Monday.
There
were
multiple
issues
open,
so
we
tidied
up
all
the
issues.
There
were
two
minor
solutions
from
degree,
Incorporated
that
and
thanks
to
Kiran
and
Cake,
to
kind
of
stepping
in
and
helping
us
out
me
and
Hank,
so
Kiran
produced
a
PR
to
PRC.
H
One
was
improvements
on
the
Dick's
suggestions
and
then
second
tidying
up
bit
of
harmonization
efforts
to
look
the
language
consistent
across
all
sections
of
the
document,
and
we
had
a
couple
of
brainstorming
meeting
between
me,
Hank,
Kieran
and
Kiran,
and
then
we
we
ironed
it
out
and
pipe
cleaned
all
the
pending
items
and
thanks
to
I
think
just
there
was
one
one
contributor
who
contributed
to
some
of
the
spelling
Corrections.
Also
so
I
wanted
to
say
thanks
to
that.
Also
by
and
large,
most
of
the
95
of
these
things
are
done
now.
H
The
document
is
in
a
good
state.
Only
pending
is
Monty's
use
case,
which
we
had
a
meeting
on
Friday
as
well.
For
that,
and
we
have
some
open
Action
items
or
open
questions
for
Monty,
and
once
we
address
that
we
can
merge
Monty's
PR
as
well
into
that
to
complete
the
document.
H
Only
another
thing
is
the
to
do
items
which
I
think
might
have
slipped
in
there.
We
need
to
discuss
that
as
well.
Is
there
there
are
few,
whichever
we
have
already
closed
and
few
I,
don't
think
we
should
wait
till
and
we
can
freeze
the
document
this
week.
We
can
move
those
to
do
items
for
future
actions
or
future
work
items
post,
the
ITF,
but
I
think
the
document
is
in
a
good
shape.
Post
Monty's
PR
merge
to
have
it
asking
for
a
call
for
adoption,
foreign.
C
Like
first,
we
need
to
have
a
the
submission
of
the
document.
So
do
you
want
to
share
the
screen
to
or
otherwise
talk
about,
the
open
issues
regarding
the
VR,
because
it
would
be?
It
would
be
great
if
we
could
merge
that
VR
and
then
ship.
The
document
right,
because.
C
H
H
J
Yeah
so
ideally,
we
would
have
hi
everybody
this
thing.
Ideally,
we
would
have
already
merged
this.
There
are
two
things
here:
stopping
us
from
that
that
one
of
the
thing
is
that
Monty
is
a
global,
Citizen
and
traveling.
The
world
was
not
available.
J
J
So
so
this
I
think
the
the
harder
part
is,
or
maybe
the
more
complex
part
is
to
to
go
through
all
the
items
of
monthly
today
and
and
look
where
we're
at
and
then
the
resolve
the
two
items
from
Ori
after
this
meeting
and
then
I
think
we
are
basically
there
highlighted.
H
H
H
So
initially.
H
I
kind
of
reworded,
Hank's
proposal
to
for
having
a
title
as
verifying
firmware
problems
for
large
and
complex
systems,
but
Hank
has
a
point
that
we
should
make
it
more
clear
as
to
what
exactly
is
this
different
from
other
use
cases?
So
I
think?
Maybe
we
wanted
to
add
the
point
about
after
the
fact,
something
so
I
wanted
to
make
sure
I
capturing
I
am
capturing
the
right
title
of
your
PR.
C
C
Like
it
better
has
some
something
in
there
with
firmware,
because
but
of
course
that.
F
Is
the
difference
I'm
trying
to
where
the
difference
this
use
case,
in
particular,
as
opposed
to
the
other
side
of
use
cases?
Is
you
typically
check
the
the
Providence,
the
Integrity,
the
ownership,
whatever
you
want
to
call
it
of
the
component?
Typically,
you
would
do
that
prior
to
launching
it.
So
is
this
okay,
for
example,
check
the
signature,
checking
it
against
the
Manifest
whatever,
but
that's
typically
done
before
you
launch
something
firmware
is
different.
H
Yeah
one
question
here:
Monty,
which
I
was
having
discussing
with
Hank
last
week
as
well.
So
isn't
the
case
that
you're
trying
to
highlight
a
case
of
specific
firmware,
which
you
cannot
before
it
runs
in
the
memory.
You
cannot
check
during
the
before
the
execution
that
it
is
present
in
a
transparency
service,
the
Manifest
or
any
metadata
about
that.
Is
that
what.
F
You're
thinking
well
typically
not
I
mean
unless
the
firmware's
fully
complex,
it
doesn't
have
an
internet
connection.
The
best
it
would
have
is
a
signature,
that's
the
best
it
would
have.
But,
for
example,
if
you
wanted,
if
you
know
classic
example,
I
give
is
if
a
bios
fund
is
just
the
example
is
ufi
their
version
1.03
just
making
of
versions
1.03,
which
was
signed
by
a
particular
key
head
of
vulnerability
in
it,
and
then
they
released
1.04.
F
Normally
under
this
sort
of
scenario
you
you
could
look
at
a
manifest
if
it
was
a
runtime,
OS,
present
environment,
you
might
be
able
to
look
at
a
manifest
and
say:
oh
yeah
one,
even
though
it's
signed
by
the
same
thing,
exchanging
signature
Keys,
especially
in
firmware,
is
extremely
expensive
and
you
typically
don't
do
it
even
at
OS
present,
it's
swapping
down
signatures
and
updating
signatures
is
extremely
expensive.
So
what
you
might
do,
though,
is
look
at
a
manifest
and
say:
oh
1.03
has
got
a
vulnerability.
I
don't
want
to
do
that.
F
1.04
is
okay
right.
Well,
you
can't
do
that
sort
of
analysis
in
the
firmware
right.
So
you
don't
the
best.
You
have
is
some
Providence
of
the
module,
but
that
Providence
is
very
coarse
grained,
where,
like
I
said,
you're
not
going
to
swap
out
the
signatures,
so
you
might
know
where
it
came
from.
But
you
don't
necessarily
know
if
it's
got
a
vulnerability
or
not
in
this
particular
case,
but.
C
D
Thank
you
harness
so
I'd
just
like
to
say
that
I
concur
with
Hank
and
yogesh
with
regard
to
the
the
two
use
cases
that
that
I
contributed
to
I,
think
those
are
accurately
depicted
in
in
in
scope
or
what
we
hope
to
achieve
with
skip.
With
regard
to
the
firmware
question,
I
guess,
I,
wonder
how
that
would
actually,
you
know
be
manifest.
I
would
would,
for
example,
a
mud
object,
be
registered
in
a
skip
registry
or
would
a
suit
artifactory
registry?
Would
that
achieve
what
what
you're
going
after
here
Monty.
F
J
I
might
help
you
hit
Monty.
So
yes,
this
suit
stuff
is
basically
your
film
there
with
instructional
to
install
it.
So
it's
a
guidance
including
the
firmware.
It's
safe
like
like
a
super
endorsement.
J
That's
packaging
it
all
and
and
the
mud
is
basically
a
URL
that
you
points
of
file
that
you
control
and
helps
you
to
discover,
for
example,
that
endorsement
that
rim
or
that
that
suits
package
that
just
mentioned
so
so
in
general,
dig
I
would
say
the
answer
is
yes,
that's
that's
not
how
it's
typical
done
in
in
that
realm
today.
But
yes,
definitely
that
is
the
Improvement
we're
targeting
and
and
all
other
options,
of
course,
because
we
won't
want
to
be
excluding
anything
that
is
used
today.
D
Yeah,
so
in
that
case
it
seems
like
we
may
already
have
these
covered
if,
if
indeed
we're
going
to
support
the
existing
ietf
standards
as
part
of
these
attestations,
which
I
think
modern
suit
would
qualify
us,
then
would
you
say
that
we
we
are
covering
this
already.
J
So
that
is
not
only
about
a
suit,
it's
also
the
the
co-rim
work
in
rats,
for
example,
that
is
the
the
equivalent
endorsement
for
TCG
technology.
So
that's
dice
and
another
remote
Association
formats
like
the
platform
security
architecture
from
arm
and
and
so
so
that
that's
things
that
that
will
also
go
on
to
the
transparency
service
and
be
discoverable
via
that.
So
so,
again,
multiple
ways
and
and
I
think
the
really
important
part
here
that
Monty
is
trying
to
phrase
with
this
use
case
is
the
typically
you
have
all
that
beforehand.
J
It's
really
really
important
that
systems
get
this
also
after
the
facts
and
also
really
long
after
the
fact
and
I
think
that's
that's
sometimes
I
I
I
think
that
you
oversee
because
measure
and
execute
is
the
standard
way
to
do
this
remote
station
stuff.
But
in
this
case
you
you
do
things
first
and
then
in
hindsight
you
need
these
records
and
from
a
trust,
birthday
and
transparent
source,
and
that
would
be
it's
good,
fueled,
so
I
I
think.
F
Yeah,
my
my
objective
of
the
use
case
is
to
make
sure
this
is
not
the
this.
The
sort
the
sort
of
model
is
not
excluded
right
that
and
that
that
we
can
continue
to
that.
The
skit
would
in
fact
support
this.
Not
that
I
think
it's
a
radical
departure,
except
for
the
timing
of
how
the
manifests
are,
are
represented
and
signed.
I,
don't
think,
there's
any
architectural
difference,
but
I
just
wanted
to
make
sure
that
the
after
the
fact
verification
was
at
least
permitted,
if
not
accommodated
in
in
skit.
C
Thanks
thanks,
buddy
Steve
is
next
in
the
cube.
B
I
was
thinking
this
through
and
I
just
I.
Think
about
this
as
what
are
the
problems
we
have
today
in
the
use
cases
and
what
are
the
opportunities
that
skip
supports
because
you
obviously
want
to
do
things
after
the
fact
on
any
one
of
the
circumstances,
whether
it
be
containers,
you
know
bootable
devices
or
you
know
any
piece
of
software
on
a
computer
or
a
phone
or
others
iot
device.
I.
Think
the
question
of
being
able
to
do
things
beforehand
is
also
kind
of
relevant.
So
is
this?
B
Are
we
looking
at
this
firmware
use
case
to
also
highlight
another
example
of
a
an
environment
that
is
not
connected
to
the
internet
when
the
update
is
being
applied
because
it's
somewhat
side
staged,
but
there's
a
process
that
goes
in
before
that
would
be
done
in
the
first
place,
because
a
firmware
update
is
initiated
outside
of
the
firmware
update
process
and
that's
where
you
would
go
and
verify
is
this?
The
latest
is
this
or
is
it?
Is
it
the
latest,
but
it
does
it
have
a
vulnerability,
so
I
should
skip
it.
B
G
Yes,
thanks
Thomas
I'm,
just
scratching
my
head
a
little
here
about
how
this
differs
from
the
other
use
cases.
Yeah
I
I
have
no
objection
to
it,
certainly,
but
I
guess
I'm
trying
to
understand
what
we're
getting
at
here
is.
This,
in
the
context
of
I,
mean
who's
who's
who's,
maintaining
skit
in
this
case,
who
is
the
kind
of
the
neutral
third
party,
or
how
does
that.
B
B
G
F
Me
too,
so
it
could
even
start
with
the
manufacturer,
but
it
could
also
start
with
I
know:
there's
a
number
of
companies
owned
in,
but
at
least
one
or
two
out
there
that
actually
do
analysis
of
firmware
and
specific
firmware
updates,
and
they
will
do
analysis
for
companies
for
hire
and
they
will
look
at
a
particular
firmware
and
even
a
particular
firmware
version,
and
they
might,
as
a
third
party,
say.
Okay
here
this
one
company,
even
within
this
one
model,
has
released
five
updates
to
their
firmware.
This
is
the
one
I've
looked
at.
F
Maybe
it's
the
middle
one
right.
This
is
the
one
I've
looked
at,
I
haven't
looked
at
the
other
ones,
but
somebody
paid
me,
for
example,
look
at
the
third
one,
so
I
will
stick
this
on
this
chain.
That
would
be
an
example
of
a
third
party
coming
along.
Maybe
they
don't
have
the
source
code,
maybe
they've.
I
F
G
Okay,
and,
and
so
with
that
said,
they
provide
what
data
structures
get
the
endorsement.
G
G
Sure
think
about
it,
yeah,
just
just
to
kind
of
think
it
through.
That's
all
yeah
yeah
I
mean
I.
Think
I
feel
like
that
use
case
is
definitely
covered.
H
Yeah
I
felt
that
as
well,
because
unless
we
say
that
we
are
targeting
a
specific
section
of
firmware's,
which
we
cannot
do
any
kind
of
querying
to
this
kit
or
some
kind
of
a
transparency
service
before
it
runs.
If
there
are
use
cases
where
we
cannot
do
that,
then
we
can
add
this
as
a
has
to
do
and
after
the
loading
and
running
analysis.
H
B
So
that's
actually
what
I
was
going
to
suggest
I
think
is
unique
about
this.
One
is
it's
it's
a
sort
of
hybrid
air
gap,
environment
right
because
we've
we've
got
the
ones
where
they're
operating
completely
in
air
gap
data
diodes
to
get
information,
but
this
one
is
in
a
situation
where
you
are
connected
to
some
Network
among
way
into
which
network
and
you
should
be
analyzing
whether
you
should
proceed
with
the
update.
But
then
the
update
itself
continues.
B
B
Is
there
some
Assumption
of
a
verification?
That's
done!
That's
good
can
provide
or
the
content
that's
in
skit
or
is
it
a
post
step
when
the
thing
comes
out
of
this
you
know
secluded,
isolated
environment
and
comes
back
and
says:
yep
I've
now
been
updated
and
my
update
is
what
it
was
supposed
to
be,
whether
it's
vulnerable
or
not,
is
a
different
question,
but
at
least
there's
a
check.
So
it's
connected
not
connected
reconnected.
F
I
think
it
is,
and
again
I
guess
kind
of
my
justification
for
including
this,
even
though
it
we
might
end
up
agreeing
that
this
is
already
covered.
You
know,
we've
we've
been
talking
for
20
minutes
and
the
experts
in
the
room,
literally
the
experts
in
the
room
are,
are
discussing
this
and
to
me
having
a
use
case
like
this
in
there
makes
it
obvious
that
the
experts
in
the
room
think
that
this
is
covered
as
opposed
to
a
year
down
the
road
18
months
down
the
road.
F
Someone
says
a
whole
new
group
of
people
join
up,
I
tested
my
litmus
test.
We
all
win,
we
you
know
get
hit
by
the
lottery
because
we
all
bought
a
lottery
ticket.
We're
all
gone
the
next
group
of
people
coming
along
and
have
the
same
debate
I'm
trying
to
avoid
that
yeah.
C
D
Honest
I,
just
I'm,
just
gonna,
say
I
I
I.
Think
these
multi-stakeholder
use
case
sounds
like
we
may
be
covering
most
of
what
Monty's
looking
for.
So
my
question
really
is:
is
you
know,
is
there
something
we
could
do
to
3.2?
That
would
ensure
that
Monty's
concerns
are
are
addressed.
D
F
F
F
There
yeah
I,
don't
recall,
writing
it.
You
know
my
use
case
in
particular,
but
if
it's
already
there
in
the
in
the
primary
you
know
we
I
guess
my
use
case
kind
of
inherits
that
capability
but
you're
right.
Maybe
we
should
include
that
as
a
as
a
reference.
D
F
It
would
or
yeah
yeah
right
or
I
could
specifically
call
it
out
in
the
use
case.
A
point
to
section
3.3
right
is
that
that's
intended
to
be
included.
I
I,
don't
just
as
we're
scrolling
through
here
I,
don't
see
anything
that
would
exclude
that,
but
we
should
specifically
mention
that.
That's
a
good
point,
yeah.
H
K
Okay,
thanks
yeah
I,
just
I,
want
to
say
that
I'm
happy
to
see
that
this,
this
air
gapped
mode
of
you
know,
but
after
the
fat
confirmation
that
the
firmware
is
correct
and
really
any
data
is
correct,
will
really
fulfill
the
issues
that
I
had
with
it's
it's
the
same
use
case
as
sexually
as
this.
You
know
voting
machine
data,
election
data
use
case
so
happy
to
see
that
that's
in
there
and
I
don't
see
any
reason.
You
know
you
can't
be.
You
know
supported
by
the
architecture.
K
We
have
in
mind
at
least
what
I
think
we
have
in
mind,
and
so
so
yeah
I'm
happy
that
that
that's
that's
in
there
and
it's
covering
what
I
had
I
was
thinking.
I
need
it
thanks.
C
Okay,
thanks
Ray,
so
from
what
I
hear
here's,
what
I
would
propose
and
John,
please
pile
on
to
it.
I
would
say:
Monty's
going
to
look
at
that
BR
a
little
bit
more.
We
let
kind
of
like
cook
it
a
little
bit
more
but
take
the
current
document
if
you
sort
of
move
as
yogish.
As
you
said
initially
at
the
beginning
of
the
meeting,
take
the
to-do
list
and
move
that
into
the
issue.
Github
issue
tracker
and
then
also
add
the
missing
figure.
I
I.
C
Don't
think
it
should
take
too
long
to
do
that
and
then
go
ahead
and
submit
the
document
as
is,
and
then
we
have
a
Stave
sort
of
a
snapshot
which
I
think
is
nicely
readable
and
then
we
we
obviously
go
from
there
like.
If
this
is
not
the
the
final
version,
but
we
have
something
out
there
that
we
can
sort
of
go
through
and
and
add
something
and
tweak
and
so
on,
but
I
think
it's
a
it's
a
it's
a
good
good
initial
version.
I
I
A
Absolutely
I
think
this
is
what
we
what
we
asked
for
last
week:
I
think
we've
had
the
requisition.
So,
let's,
let's
get
this,
get
this
merged
and
ready.
C
Yeah
yeah,
please
or.
I
C
Is
adding
the
figure
should
be
too
complicated?
I
know
you
have
the
Fig
already
in
like
vector
graphic,
also
but
create
an
ASCII
art
and
and
be
done
with
it
and
yeah,
and
then
we
can
go
from
there.
So.
H
G
H
If
you
could,
please
add
the
pictures
and
I
will
do
the
to-do
list,
items
and
review
them
and
whatever
are
still
relevant
movie
to
issues
and
delete
the
to-do
section.
I
will
do
that
bit.
If
you
already
have
the
picture
ready
by
by
all
means,
please
create
a
PR
with
the
addition
of
picture
and
I
will
be
happy
to
look
at
it
and
review
it.
I
will
I
will
do
that.
Thank
you.
C
Dick,
if
it's
still
on
this
topic,
I
would
like
to
move
over
to
the
identity
management,
because
we
invited
to
join
us
today
to
talk
about
this
identity
management.
Topic.
I.
Think,
is
that
already
to
the
next
topic,
or
do
you
want
to
say
something
to
the
use
case
document.
D
C
D
C
Okay,
yeah
thanks
thanks
for
the
quick
reaction
time
on
that
document.
So
next
topic
thanks
thanks
for
joining
and
sorry
to
let
you
wait
like
30
minutes
or
so.
C
D
E
C
I
coach,
you
have
the
OS
working
group,
and
so
he
also
works
for
a
company
selling
identity,
Management
Solutions,
so
he's
obviously
familiar
with
this
topic
and
I
would
try
to
provide
a
short
introduction
for
him
on
what
we
have
been
talking
about
and
why
we
want
to
talk
about
this
topic
in
the
first
place.
Is
we
have
this
lecture
this
call
it
the
distributed
database
append
Only
log?
Where
are
the
so-called
artifacts
that
maybe
anything
from
a
software
bill
of
material?
C
It
may
be
a
report
of
a
of
a
static
analysis
code,
analysis
tool
or
what
whatever
is
put
into
that
into
that
lecture
and,
of
course,
the
person
signing
that
information
also
needs
to
is
it's
obviously
his
or
her
Identity
or
in
case
of
a
process.
Its
identity
is
obviously
quite
important
for
the
overall
process
to
know
what
is
actually
or
whether
that
content
that
is
in
that
lecture
can
be
sort
of
in
quotes
trusted.
C
Well,
while
it
has
a
certain
meaning,
if,
let's
say
a
big,
well-known
Corporation
with
a
long
track
record
of
providing
high
quality,
software
has
put
something
into
that
lecture
and
confirms
I
created
this
bootloader
operating
system
or
whatever
it's
actually
coming
from
a
from
a
specific
source,
and
that
requires
some
form
of
identity
management
solution.
Ideally
that
is
Global,
scalable
and
sort
of
does
the
usual
things
that
one
would
expect
and
we
had
in
context
of
six
store.
C
We
had
a
discussion
about
what
six
store
uses
currently,
which
is
OPM
ID
connect,
and
but
there
were
also
questions
raised
about
the
the
quality
of
the
authentication,
whether
information
about
what
level
of
authentication
was
provided,
can
actually
be
conveyed,
and
so
on
and
so
I
see.
The
queue
is
already
building
up,
probably
adding
questions
to
that.
C
D
C
What
identifiers
it
uses
and
how
some
of
that
information
about
what
the
quality
of
the
authentication
was.
L
C
H
C
L
Yeah,
like
open
ID,
defines
the
specific
parameters
to
allow
you
to
provide
information
about
the
authentication
class
reference
and
another
parameter
around
AMR
or
authentication
methods
references.
So
these
are
methods
already
in
kind
of
baked
into
open,
ID
connect.
So
when
you
authenticate
the
user
with
AMR
you'll
be
able
to
obtain
a
specific
value
that
will
indicate
the
level
of
authentication
that
was
done
in
the
ID
token
right.
So
so
that's
one
option.
L
L
There's
also
another
document
being
discussed
right
now
with
the
oauth
work
group,
but
around
Step
Up
authentication.
So
if
that
that
is
needed
there,
that
would
probably
be
helpful
there.
So
if
you
access
a
resource
and
that
resources,
for
example,
wants
to
indicate
that
it
wants
a
higher
level
of
assurance,
you'll
be
able
to
kind
of
reply
again
and
indicate
that
level
of
assurance
that
it
needs
and
and
then
the
user
will
go
back
and
authenticate,
get
a
new
token
and
then
come
back
with
those
details.
L
L
C
That
definitely
it's
a
good
good
start
in
having
two
people
in
the
queue
already
that
helps
Steve.
B
B
C
Okay,
I
definitely
pick
up
on
that,
but
let's
certainly
go
first.
I
I
think
one
of
the
concerns
we
had
is
we
want
to
capture
her
wide
hands
of
entities,
issuing
sign
claims
or
science
statements
and
in
many
cases
in
particular,
if
it's
from
an
organization
or
an
authority
of
a
organ
operation,
I
think
we
want
various
quality
of
evidence,
which
means
something
that
is
signed
and
that
is
still
going
to
make
sense.
10
years,
10
years
from
now
and
so
I
think
for
that's
one
of
the
cookies
and
wait
for
her
climb
insurance
or
statement
insurance.
I
We
decided
we
really
needed
a
signature.
At
the
same
time,
we
did
not
want
to
commit
to
one
particular
application
system,
and
so
that's
why
we
made
the
decision
to
use
gig
and
we
can
revisit
that
choice,
of
course,
but
the
motivation
for
using
the
idea
was
to
provide
this
flexibility
of
accommodating
many
kinds
of
ways
of
identifying
and
a
different
level
of
assurance
for
that.
I
So
so
now,
I
think
open
energy
or
open
connect
as
some
particular
mechanisms
that
are
allowed.
As
for
clean
issuance
in
some
cases
that
makes
a
lot
of
sense
but
I
believe
moving
to
those
systems
for
every
identity.
Using
your
system,
maybe
to
restrict
the
the
other
point
I
want
to
make
is
we.
I
We
made
the
deliberate
decision
to
adopt
a
framework
like
a
gig
so
that
we
could
separate
the
identity
issues
which
are
complicated
and
could
absorb
a
full
working
group,
a
form
of
the
supply
chain,
integrity
and
trust
issues,
and
so
in
sort
of
a
modular
design
principle.
If
we
can
take
anything
that
exists
for
identity
relation
issues,
not
the
identity,
issues
and
services.
I
So
that's
that
was
the
initial
thinking
for
picking
gig
I
believe
we
really
want
at
least
to
keep
enabling
long-lived
signatures,
at
least
for
some
of
the
clients
in
the
system
in
public
Cloud,
those
fun
social
providers,
Horizon
parallel
regulators.
C
Thanks
everyone
Ray.
K
Yeah
hi,
okay,
so
I'm
thinking,
a
simple
model
in
my
mind,
is
with
skit.
Is
we
have
a
hash
value
of
an
artifact
and
we
get
the
function
of
skit
is
to
is
to
connect
a
semantic
meaning
of
what
what
that
is-
and
somebody
says
the
semantic
meaning
is
this:
it
is
a
software
product
that
I
am
releasing
well,
who
is
I,
releasing
that,
and
why
do
they
have
the
authority
to
to
release
that
semantic
concept
linking
it
to
that
hash
value?
K
Maybe
that's
a
simple
thing
to
to
understand,
as
sometimes
maybe,
as
everyone
was
saying,
a
weak
identity
such
as
Sig
store,
maintains
and
that
there's
a
bunch
of
people
working
on
a
open
source
software
product
or
our
library
of
some
kind,
and
there
is
no
per
se,
perhaps
entity
doing
it.
It's
just
a
whole
bunch
of
people,
but
there
tends
to
be
somebody
who's,
who's
or
some
group
that
that
is
saying.
Okay.
K
This
is
this
is
the
thing
that
we're
producing
here
and
the
problem
there
is
is
like
in
other
cases,
it
might
be
like
what
we're
working
on
here,
which
is
election
data,
where
that
that
government
and
entity
is
going
to
be
around
forever,
but
those
people
or
virtually
forever
those
people
who
are
releasing
the
software.
You
know
open
source
software
thing
may
not
be
around,
may
not
want
to
be
identified
in
any
way
that
they
could
be
maybe
subject
to
any
kind
of
persecution
or
prosecution.
K
If
something
should
happen
to
their
to
their,
you
know:
module
used
in
a
in
a
car
being
driven
by
you,
know
software
or
something
and
someone
dies.
So
there's
there's
a
couple
of
issues
that
I
see
that
are
different
from
the
normal
use
cases
of
open,
ID
connect,
which
is
just
to
identify
someone,
so
they
can
log
into
my
system
here.
We
want
to
both
allow
for
some
Persistence
of
identities
and
also
to
disconnect
potentially
people
from
from
individuals.
K
Okay
from
from
from
it
and
yet
have
have
the
have
the
software
product
you
know
linked
to
like
if
it
is
a
formal
software
product
from
something
like
Microsoft,
then
you
you
see
Microsoft,
you
see
software
product,
Windows,
okay,
I
recognize
that
and
it's
owned
by
Microsoft,
and
so
then,
in
your
mind
you
say:
well
they
have
the
authority
to
do
that.
So
I,
don't
know
how
we
connect
yeah.
K
D
Thank
you
Johannes,
so
I
agree
with
Ray
that
we
do
need
to
recognize.
There
are
different
types
of
trust
in
I
know,
at
least
in
our
own
product.
In
Sag
Center.
We
had
to
identify
what
we
call
Trust
declaration
types
and
each
one
has
varying
degrees
of,
or
factors
and
criteria
that
go
into.
You
know
what
what
needs
to
be
verified
before
an
entry
can
be
placed
into
a
registry
for
a
particular
type
of
Declaration.
D
So
I
agree
with
what
Ray
is
saying
that
at
some
point
within
this
process,
I
presumed
the
skit
is
going
to
say.
We
have
we've
recognized
each
these
types
of
statements
and
each
statement
will
have
a
set
of
criteria
that
will
need
to
be
validated
by
a
authorized
party
before
it's
allowed
to
be
added
to
the
registry.
Thanks.
G
Sorry
yeah:
this
is
the
problem
that
we
always
have
when
we
go
between
sort
of
the
ideal
world
of
you
know,
everybody
can
self-attest
and
make
their
you
know,
make
their
assertions
and
and
so
forth,
and
then
the
ability
to
trust
them
in
an
otherwise.
You
know
a
world
of
unknowns
right.
So
it's.
I
G
Know
probably
might
call
a
source
of
authority
and
I
think
that
we
it's
going
to
present
a
problem
for
us
in
terms
of
who
runs.
Skit
I've
been
thinking
about
this
actually
over
the
course
of
the
last
couple
of
weeks.
G
But
you
know
the
owner
of
skit
is
going
to
be
critical
to
establishing
trust
and
there's
going
to
be,
hopefully
some
kind
of
GateKeeper
that
will
ensure
that
the
notaries
are,
you
know,
actual
notaries
and
the
you
know,
endorsers
have
some
credibility
and
then
the
identity
of
the
individual
or
the
firms
that
are
creating
skit
entries
is
in
fact
you
know
traceable
back
to
something
that's
trustable,
and
if
we
do
not
solve
that
problem,
I
think
we're
going
to
have
you
know
we
it's
really
it's
not
going
to
be
able
to
take
off,
because
it's
just
not
going
to
be
practical
in
that
sense.
G
So
what
I
would
propose
is
that
we
think
a
little
bit
about
how
skit
is
operated
as
part
of
these
use
cases
and
as
part
of
our
our
process
going
through
here,
and
maybe
those
are
use
cases
also,
because
otherwise,
again
we're
not
going
to
be
able
to
establish
the
identity
of
an
individual
user.
We're
not
going
to
be
able
to
establish
the
the
bonifides
of
a
firm
or
an
organization
and
that's
going
to
leave
all
the
data.
Basically
garbage
in
garbage
out.
C
Hey
any.
G
Thoughts
on
that
I
guess,
I'm
kind
of
throwing
that
out
for
discussion.
G
C
You
have
any
comments
on
what
has
been
mentioned
so
far.
K
Foreign
yeah,
that's
what
I
was
trying
to
say
is
that
that
at
least
this
is
the
way
I
understand
open,
ID
connect.
This
is
used
by
people
like
platforms
on
the
internet,
to
allow
people
to
log
in
and
say,
for
example,
you.
H
K
Use
my
identity
from
from
Gmail
something
like
that
or
from
Facebook
and
make
it
really
easy
for
users
to
come
on
board.
These
people
have
been
somewhat
identified,
but
let's
face
it,
there
is
very
it's
a
very
light.
Type
of
you
know:
verification
of
the
user,
but
so.
L
K
Not
sure
yeah
I
agree
that
you
can
identify
a
user
and
and
I'm
not
an
expert
on
open
ID,
but
I'm
really
interested
in
it.
So
I'm
going
to
be
learning
a
lot
more
about
it,
but
so
you
can
get
probably
other
identification
of
that
user
and
so
forth.
K
But
if
you're,
if
let's
take
the
use
case
of
open
source
software,
where
maybe
there
are
many
hundreds
of
contributors
to
this
thing
and
it
gets
right
now,
the
Sig
store
uses
somebody's
Gmail
address
that
they
happen
to
be
logged
into
GitHub
with
now,
GitHub
does
not
require,
maybe
maybe
at
some
levels
some
people
might
require
it
in
order
for
them
to
use
these
things.
K
But
from
what
I've
seen
I
mean
I
haven't
had
to
submit
my
driver's
license
to
use
GitHub
and
many
times,
I
have
to
trust
developers
and
so
forth
that
come
to
me
and
say
you
know,
I
want
to
help
you
with
this
and
I
go
okay.
Well,
I
could
go
through
another
round,
but
in
the
end
you
release
it,
and
so
you
got
an
artifact,
that's
released.
We
want
to
put
that
in
the
skit
a
ledger.
K
This
is
a
released
library
of
such
and
such
now,
whose
identity
do
we
put
on
that?
It's
it's
a
it's
an
interesting
question,
because
there's
so
many
people
that
have
contributed
it's
not
any
one
person,
that's
going
to
take
liability
for
a
failure,
and
so
it's
a
very
different
sort
of
a
thing,
even
though
you
may
have
all
kinds
of
people
who
you
know
very
well
validated
they're,
not
the
one
they're
not
connected
to
that.
K
So
that's
one
of
the
issues,
the
other
one
is
if
it's
a
company
I,
don't
think
it's
so
much
of
a
problem
saying:
okay,
Microsoft!
We
need
you
to
identify
yourself.
They
have
no
problem
identifying
themselves
and
if
it's
a
governmental
agency,
they
would
have
no
problem
identifying
themselves.
So
that's
kind
of
like
not
as
much
of
a
problem
so.
I
K
Did
so
the
Sig
store
thing
like
trying
to
to
make
that
a
little
bit
stronger
I
in
my
mind,
I
I
start
to
get
into
these
issues
that
I
just
described,
which
which
make
it
very
pretty
complex
and
and
Hammer
actually
resolved
it.
Yet
myself,
but
yes,
let
me
shut
up
thanks.
So.
L
So
I
just
follow
up
on
this
sorry
guys.
So
so
the
six
store,
like
you
mentioned
it
you
go
to
GitHub,
for
example,
and
GitHub
might
not
enforce
as
strong
authentication.
But
but
you
should
be
able
to
say
hey
if,
if
I
don't
get
the
strong
notification
I'm
needing
I'm,
not
gonna,
authorize
that
that
request
or
whatever
right
so
so
maybe
I'm
not
like
a
probably
I
need
to
read
more
about
that.
That
use
cases
specifically
and
and
but.
L
Have
yeah
there
are
again
with
open,
ID
connect.
There
are
parameters
that
will
indicate
that
the
strength
of
that
Authentication,
like
you
get
you
can
use
a
AMR
value
or
which
is
authorization
method,
a
reference
value
or
ACR
values,
or
a
combination
of
those
right.
So
so
there
are
mechanisms
to
do
that
today,
right.
C
Yeah
I
think
I
think.
The
key
point
is
that
there's
a
difference
between
what
the
protocol
can
offer
and
how
the
protocol
is
used
in
specific
contexts
correctly.
C
C
L
Will
send
you
those
no
like
once
the
confusing
document
and
submitted
okay,
I'll
I'll,
take
a
look
at
those
in
details,
but
dig
deeper
into
them.
Okay,
thanks.
I
Yes
thanks,
so
yes,
lots
of
interesting
questions
that
I
want
to
come
back.
First
to
the
comments
and
questions
from
from
regarding
identifying
artifacts
I'm
talking
about
artifacts,
I,
think
I
I'm
a
bit
concerned
because
I
think
it's
it's
super
hard
to
give
a
meaning
to
an
artifact
or
to
to
decide
who
is
transformative
or
an
artifact
at
the
skit
level
and
I
think
we
should
maybe
some
instances
will
be
able
to
do
that,
but
at
a
generic
level
it's
a
problems
that
are
I
would
claim.
I
I
would
have
scored
the
the
in
particular
I
think.
Unless
we
look
at
specific
use
case
where
we
have
much
more
specific
policies,
we
took
a
claim
about.
An
artifact
is
really
relative
to
the
issues
of
the
issue.
The
decides
also
refer
to
an
artifact
decides
what
to
say
about
the
artifact
and
that's
really
capturing
your
statement
about
its
interpretation
of
the
semantics
of
the
identified
from
their
Viewpoint
and
the
bubbles
of
heat
is
just
to
notarize
it
to
keep
track
of
that.
To
make
sure
that
not
too
many
online
players
are
met.
I
But
essentially,
if
your
claim
is
made
by
about
an
artifact
by
somebody,
I
can
just
ignore
it
as
a
user
and,
conversely,
I
would
be
waiting
for
a
claims
that
are
issued
from
people
that
I
trust
or
that
are
authoritative
all
that
they
are
enough
artifacts.
So
it
is
if
it's,
if
it's
a
Microsoft
firmware
for
example,
then
I
would
definitely
expect
to
claim
a
Sign
by
Microsoft
using
the
Microsoft
properties
that
says
Microsoft
claims.
I
This
is
a
beneficial
release
of
that
firmware
and
and
probably
then
there
would
be
other
claim
that
will
refer
to
that
saying.
I'm
talking
about
Microsoft's
firmware
has
identified
my
Microsoft
in
that
claim,
but
but
I
I
think
trying
to
assign
the
meaning
to
that
firmware
without
referring
to
who
is
defying
that
firmware
in
that.
I
In
my
example,
Microsoft
is
is
difficult,
so
so,
of
course,
I
think
we
can
have
access
control
so
that,
for
example,
people
who
need
to
be
authorized
to
issue
a
statements
about
firmware
that
gets
into
a
system.
But
I
see
that
more
like
for
clarity,
and
whoever
knows
that
as
the
basis
for
Authority
The
Authority
comes
from
the
identity
of
the
visual.
L
I
Microsoft
right,
yeah,
I
think
that
that's
the
goal
of
the
issue,
so
some
some
state
maps
really
be
issued
by
users
who
may
be
identified
using
their.
You
know,
IDC
token,
for
example,
but
in
other
cases
like
Microsoft
and
your
life,
we
want
some
other
form,
probably
a
classic
signature
in
that
case,
because
and
because
we
don't
want
someone
deciding
who
is
Microsoft
today,
right.
B
Yeah
I
mean
just
I
think
the
key
piece
here
we
keep
on
coming
back
to
is
there's
an
identity
that
we
look
at
the
skit
ledger
to
verify
that
that
identity
is
valid
and
it
the
validity
of
the
identity
might
be
a
weak
identity
might
be
a
strong
identity,
but
it's
very
hard
to
make
any
determination
on
any
information
artifact
binary.
Otherwise,
if
you
don't
know
who's
producing
it,
because
otherwise
it's
just
some
random
thing.
That's
found
on
the
street
on
the
Internet.
It's.
B
That
gives
you
the
context,
and
there
has
to
be
some
trust
behind
that
identity,
to
decide
how
to
proceed
and
there's
different
identity
types
that
you
use
for
different
document
types
right.
You
don't
buy
a
house
with
a
gym,
ID,
so
I
think
that's.
The
main
purpose
of
skit
is
to
make
sure
that
the
information
that
it's
pointing
to
the
artifacts,
the
evidence,
the
S
forms
and
so
forth,
are
produced
or
attested
to
by
an
identity
that
you
choose
to
trust.
B
C
C
Thanks
Steve
need.
E
Yeah
I,
like
that
I,
you
know,
I
I,
think
Microsoft
absolutely
has
trouble
identifying
themselves
Fishers
tricked
real
people
all
the
time,
because
people
aren't
using
good
methods
and
I
think
the
ones
we're
talking
about
here
are
good
but
need
to
be
I.
There
are
many
entities
within
Microsoft,
some
of
which
are
more
reliable
than
others.
E
You
know
people
get
fired
all
the
time,
so
the
use
case,
the
the
important
thing
is,
you
know,
I
authentication
is
a
way
for
a
relying
party
to
decide
who
to
trust
dynamically,
and
so
a
user-centric
ID
is
is
very
useful.
People
build
up
reputation,
identities,
build
up
reputation,
so
I
I,
don't
think
I
I
have
a
sense
that
skid
is
doing
a
lot
of
expectation
that
there's
gatekeeping
on
the
front
end
and
that
you
know
once
something
is
up
there.
E
G
That's
the
exact
point
I
was
making
before
Neil
I
think
that's
extremely
important
who's
running
skit.
Why
is
it
trustworthy?
How
does
the
identity
get
instantiated
so
exactly.
C
Okay,
thanks
Dave
Hank.
J
Yeah,
so
we
have
a
shopping
skit
with
trustworthinism
might
obviously,
and
we
were
also
trimming
it
down
to
the
things
added
in
this
working
group,
so
things
existing
are
authenticity
proofs
provided
by
the
notes
that
will
run
anything
related
to
skit
and
authenticity
proves
run
by
even
at
some
later
up
stage,
probably
depending
on
distribution
and
adoption.
J
Remote
adaptation
evidence
produced
by
everything,
creating
a
a
claim
sign
statement
statement
to
skit,
so
out
of
this,
of
course,
is
under
the
assumption
that
a
a
skid
running
system,
a
set
of
nodes,
will
have
multiple
ways
to
prove
that
trustworth
is
one
of
them
being
remote
at
a
station
as
fueled
by
iitf
and
TCG,
for
example,
and
and
of
course,
other
mechanisms
like
consensus
protocols
and
such
so
yes
to
address
Charlie's
point.
J
You
have
to
really
be
sure
that
the
system
that
handles
the
notary
aspects
and
the
transparency
services
are
trustworthy
by
themselves
and
then
identity
kicks
and,
of
course,
to
identify
these
notes,
they're
stakeholders
and
also
the
the
identities
responsible
for
the
issuing
statements.
So
again,
all
this
is
supposedly
fueled
by
rats
sooner
or
later,
but
we
were
keeping
that
Aesthetics
and
autoscope
in
the
beginning
to
not
overwhelm
everybody
and
to
focus
on
the
transparency
part
in
the
North
Korea
items.
First,.
C
F
C
Running
a
little
bit
out
of
time,
John
do
you
want
to
say
a
few
last
words
before
we
have
to
sort
of
like
close
the
call.
C
A
I
just
wanted
to
remind
people
given
the
the
great
discussion
we
just
had,
which
I
agree
with
most
of
to
keep
on
track
with
what
skit
is
and
there's
a
reason
why
we
have
notaries
and
attestations
rather
than
rather
than
anything
else.
These
are
witness
statements
and
so
the
strong
identity
just
to
reinforce
what's
been
said
a
couple
of
times
the
strong
identity
is
who
made
that
statement.
A
But
what
they're
making
the
statement
about
has
to
remain
fluid
because
we're
not
going
to
fulfill
our
mission
of
providing
building
blocks
for
building
other
systems
if
we
start
intruding
on
the
semantics
of
what
is
being
said,
our
job
here
is
to
assert
and
verify
and
authenticate
who
said
it.
So
just
be
careful.
We
don't
have
to
go
down
that
really
complicated
identity
route
in
order
to
fulfill
our
mission
here
and
do
something
useful.
A
So
if
I
say
something
about
Microsoft,
my
identity
is
what's
important:
there,
not
Microsoft's
as
a
second
step.
The
other
thing
that
I
just
couldn't
help
mentioning
is
is
Charlie.
You
asked
a
few
times
who
owns
skit
and
I,
know
what
you
mean,
but
I'm
gonna
buy
it
anyway.
This
community
here
owns
skit
and
we
get
to
Define
what
it
is
and
what
it
means
and
how
deep
the
trust
relationships
go
in
the
architecture.
A
So
this
is
a
great
opportunity
to
prod
people
that
we
are
looking
to
seal
a
working
copy
of
the
architecture
this
week,
as
well
as
the
use
cases.
So
please
have
a
look
and
make
sure
it
meets
your
your
satisfaction,
because
we're
going
to
be
discussing
it
a
lot
on
next
steps.
Iotf
116.
C
Guys
yeah,
we
ran
unfortunately,
out
of
time
so
I
I
see
we
got
warmed
up
for
another
interesting
discussion
and
I
will
drag
it
to
the
to
the
mailing
list.
I
I
took
some
notes
on
some
of
the
sort
of
keywords
that
some
of
you
mentioned.
So
obviously,
a
discussion
started
not
the
end
on
this
on
this
identity
management
topic
and
thank
you
rifat
for
joining
us
and
hopefully
actually
you
will
join
again.
So
we
can
continue
that
debate.
Yeah.