►
From YouTube: IETF-SCITT-20230306-1600
Description
SCITT meeting session at IETF
2023/03/06 1600
https://datatracker.ietf.org/meeting//proceedings/
C
D
Yeah,
please
help
me
doing
that
established
what
you
were
saying:
okay,
yep
yeah.
B
D
D
D
Foreign,
it
would
be
nice
if
we
could
get
an
agreement
on
the
architecture,
specifically
the
terminology
aspects
and
so
on.
Thanks
Ray
for
posting,
your
write-up.
That
was
obviously
helpful.
Maybe
we
should
actually
someone
should
share
the
screen,
so
we
can
have
a
look
at
this
and
discuss
it
a
little
bit
and
then
come
up
with
a
with
a
Way
Forward.
E
Yeah,
so
are
you
asking
me
to
take
a
look
at
the
document
that
I
created?
Is
that
what
you're
thinking.
E
No
I
don't
mind
doing
that
anymore,
be
fun.
To
do
that,
let
me
get
it
set
up
here.
D
The
use
case
call
for
adoption
will
come
to
an
end
today.
So
so
far
a
few
of
you
responded.
So
only
I've
only
seen
positive
feedback,
so
I
don't
think
that
that
will
radically
change
till
the
end
of
the
day
and
then
we'll
ask
the
authors
to
submit
a
an
IDF,
a
working
group
version
of
that
document.
G
This
is
saying
as
soon
as
there's
a
act
on
the
on
them
and
then
we
are
glad
to
do
that.
Cool,
excellent.
D
That
is
close
to
the
microphone
panel.
Can
you
see
that
okay,
on
the
left
side,
yeah
I
got
it
I
got
it
okay,
you
know
what.
C
E
D
Yeah
zoom
in
a
little
bit,
so
it's
bigger
but
then
go
ahead.
All.
E
Right,
let's
see
it
makes
this
bar
bigger
too.
Unfortunately,
all
right
so
go
back
one.
E
So
let
me
also
put
in
the
link
okay
in
the
chat
room,
so
that
so
that
anyone
can
why.
H
Don't
you
hide
the
the
menu
bar.
D
H
Yeah,
okay,
A
little
Arrow
up
arrow
on
the
right.
There
we
go.
E
E
Okay,
so
oh
yeah,
here
we
go
okay.
E
E
You
know
in
The,
Ledger
or
not,
but
still
there
were
things
to
think
about
in
terms
of
on
the
left,
what
a
submitter
might
be
needing
to
think
about,
and
what
a
on
the
right,
what
a
registry,
viewer
or
transparency
service
type
of
thing
would
be
showing
from
the
registry,
and
you
know
in
terms
of
the
exact
you
know
apis
and
so
forth.
I
wasn't
trying
to
do
at
that
level.
E
I'm
just
trying
to
to
look
at
what
the
big
picture
might
be,
and
so
and
some
of
these
things
kind
of
go
to
both
sides,
I
think,
but
essentially
on
the
submitter
side.
If
I
can
just
walk
through
some
of
these
blocks,
there
would
be
users.
Okay,
so
we'd
have
to
have
some
sort
of
a
user
idea
and
those
would
be
like.
E
Maybe
the
open
ID
connect
controlled
and
then
there
there
would
be
probably
users
with
some
sort
of
delegated
authority
to
act
for
organizations
an
organization
would
be
either
a
corporation
or
in
an
unincorporated
association
of
people.
Maintaining
open
source
of
you
know,
product
and
an
organization
can
have
a
set
of
product
lines
and
and
I
didn't
break
put
it
in
here.
E
But
there's
probably
logically,
another
block
here
called
models
configurations
of
a
product,
and
this
is
sort
of
mushy
depending
upon
depending
upon
the
application
area
about
what
a
product
line
is
or
what
a
product
is
and
what
a
release
is.
E
But
in
software
you
might
have
something
up
here,
like
you
know,
Microsoft,
Windows
or
access
or
something
like
this,
and
then
there
might
be
a
configuration
of
that
for
a
given
type
of
you
know,
platform,
Linux
or
Windows
type
of
thing
and
then
type
of
CPU,
Etc
and
then
a
product
release
is
also
a
concept
in
terms
of
having
a
semantic
version
and
so
forth.
So
the
reason
these
are
necessary
is
because
a
user
on
the
other
side
here
is
going
to
need
to
refer
to
to
the
product.
E
E
To
make
this
admission,
unless
it
was
someone
else,
maybe
adding
something
to
it,
but
certainly
that's
going
to
be
the
main,
the
main
type
of
operation
there
may
be
post
submission,
validation,
services
that
add
records
to
The
Ledger
and
in
in
my
mind,
I'm
thinking
that
that,
even
though
this
Ledger
is
an
append
only
maybe
just
a
gigantic
table
with
entries
at
the
bottom,
you
would
still,
as
you
look
into
it,
would
logically
see
product
line
aggregations
and
this
part
of
it
could
be
thought
of
as
part
of
the
registry.
E
The
product
line,
aggregations
or
product
release
aggregation,
because
when
you
look
into
The
Ledger,
you
don't
want
to
see
you
know
all
the
entries
distributed
across
one
big
table.
You
you
want
to
see
an
API
here.
Probably
that
says
like
give
me
the
information
about,
maybe
all
the
products
by
the
product
Lines
by
this
organization,
maybe
for
this
product
line
of
that
organization,
tell
me
which
releases
there
are.
Maybe
what
of
this
release?
Tell
me
what
you
know
the
bill
of
materials
is
and
any
information,
so
you
could.
E
You
could
put
all
this
together
and
you'd
say
well
for
Relief
that
release
it's
this
product
line.
It's
this
organization,
here's
their
private
public,
key,
here's,
the
product
line.
You
know
linked
to
that
and
then
that's,
maybe
all
you
would
get
the
whole
shebang
right.
You
bit
big
giant,
you
know
block
back
and
but
in
The
Ledger
it
might
be
implemented
some
other
way.
E
So
so
the
the
reason
this
aggregation
here
and
the
product
lines
and
stuff
is
more
about
how
we
would
need
to
think
about
the
structure
of
what
what's
in
a
ledger,
so
that
it
can
be
both
will
mainly
access
later.
So
somebody
needs
to
be
able
to
to
stay
in
their
mind
what
they
want
to
get
so
working
back
over
here
then,
on
this
registry
viewer
side,
you
have,
as
you
look
into
The
Ledger
through
the
API
or
however,
it's
done.
E
You
would
then
be
able
to
get
aggregations
of
a
given
product
release,
for
example,
and
then
a
business
to
business
evaluation
might
be
a
user
of
this
product,
and
then
that
would
feed
back
here
to
to
their
product.
Saying:
do
we
want
to
use
this
in
our
product
or
let's
update
our
bill
of
materials
or
what
something
like
that
and
that
could
be
at
different
levels
of
either
after
an
evaluation
this.
E
So
these
evaluations
are
logically,
in
my
mind,
not
part
of
The
Ledger
are
not
part
of
the
registry,
but
maybe
additional
services
that
would
do
verification,
validation
or
what
dick
is
always
asking
for,
which
is
a
valid
thing.
The
end
user
app
saying
is
the
software
trustworthy,
and
this
block
here
would
evaluate
the
given
a
request
from
a
ledger
for
a
given
that
given
product
release,
it
would
do
something
magic
here
and
decide
whether
it
was
trustworthy.
Okay,
but
the
actual
stuff
in
The
Ledger
does
not
say
this
is
trustworthy.
E
All
it
gives
you
is
all
the
information
such
that
you
can
create
this
this
determination
down
here
then
we
also
would
have
potentially
a
rats
entity
which
could
be
an
internet
of
things
or
perhaps
a
piece
of
software
loaded
on
a
cloud
service
or
something
and
and
it
the
verifier
needs
information
to
to
evaluate
this
and
then
and
then
maybe
that
evaluation
information
is
contained
in
the
the
release,
the
product
release,
aggregation
for
that
product
and
not
sure
about
this,
but
it
was
something
I'm
just
starting
to
think
about,
and
then,
but
certainly
I
think
it
applies.
E
Then
down
here
is
the
concept
of
a
ledger
registry,
which
probably
should
just
say
skit
registry
registry.
E
They
may
be
looking
at
various
say,
you
know,
Registries
that
are
maintained
either
by
the
given
manufacturers,
which
I
kind
of
anticipate
will
be
common
or
some
kind
of
like
main
registry.
If
there
happens
to
be
some
sort
of
amazon.com
sort
of
place
that
everybody
goes
to
I'm,
not
saying
amazon.com,
but
does
that
concept
of
everybody
buys
their
stuff
from
one
place
now
so
The
Ledger
and
as
I
was
showing
it
here
would
have
a.
E
Is
an
append
only
like
secure
data
table,
perhaps
and
very
likely,
maybe
something
like
the
qldb
offering
by
AWS
or
other.
You
know:
cloud
service
providers
have
the
same
type
of
thing
and
in
your
mind
you
can
think
of
this
as
a
as
basically
a
database
table
or
tables,
and
then
it's
limited
though
okay,
so
the
registry
entries
in
such
Ledger
offerings
are
limited
to
maybe
400
megabytes
per
entry,
so
you
can
that's,
which
is
pretty
big,
but
it's
not.
You
know
big
enough
for
many
like
container
type
of
things.
E
For
example,
the
containers
on
AWS
are
limited
to
10
gigabytes
right
now,
so
certainly
it
would
not
be
able
to
run
as
a
container
registry
itself,
but
then
you
would
have
bulk
storage
that
would
be
related
to
The,
Ledger
and
probably
co-located
in
the
same
data
center
or
data
centers.
Wherever
this
this
is
and
then
you
would
have
some
things
down
here,
which
is
external
storage
anywhere,
which
could
be
referred
to
by
The
Ledger,
and
you
know
you
could
pick
that
up
over
the
Internet.
E
Of
course,
then
you
have
to
think
about
whether
that
is
going
to
be
secure
enough
for
the
application,
like
you
want
to
guarantee
that
it's
not
going
to
be
deleted,
then
you
probably
want
to
put
it
on
this
Associated
bulk
storage.
E
I'm
sorry
I
wasn't
watching
it.
I
got
it
on
to
the
wrong.
Let's
see,
I
got
to
go
up
to
the
top
to
see
the
people's
hands.
Let
me
just
let
me
just
say
these
last
few
items
here:
okay
and
then
I'll
be
done.
E
Okay,
so
this
private
storage
only
available
for
comparison
challenges
is,
if
you
have
say,
a
binary
of
a
piece
of
software
that
you
cannot
release
to
the
public
or
you
don't
want
to,
and
yet
you
still
want
to
allow
it
to
be
challenged
by
you
know.
E
Users
to
say
is
this
the
you
know
golden
version,
and
here
is
a
you
know,
challenge
it
with
the
knots
and
then
you
wouldn't
have
to
look
at
it
to
see
if
it's
the
same
and
then
the
certification
Authority
is
something
that's
here,
so
I
guess
I'm
done
all
right.
So
let
me
I
gotta
move
this
up,
so
I
can
see.
Okay
here
we
go
I.
I
Me
can
you
damn
it
yep.
We
can
hear
you
hear
me
now:
okay,
yeah,
yes,
I
think
we're
all
struggling
with
the
media.com
anyway.
So
thanks
for
putting
this
together,
it
really
helps
you
know.
We
were
talking
last
time
around
the
we
were
zoomed
in
tightly
just
for
a
particular
terminology
and
see
more
of
the
workflows,
what's
more
context
to
everything,
and
it
resonates
really
well
with
the
things
we've
also
been
discussing
around.
I
You
know
things
that
will
be
in
on
or
in
The
Ledger
versus
external
Ledger
to
keep
the
size
constraints
down
to
things
that
are
in
already
in
other
storage
systems
that
we
need
to
link
to
so
I
think
it
speaks
well
to
all
of
those
pieces.
The
one
piece
that
I
was
trying
to
understand
a
little
bit.
More
was
a
couple
pieces,
but
the
first
one
was
in
the
drawing
my
first
perspective
of
it
was
on
the
left.
Was
the
producers
on
the
right?
I
Was
the
consumers,
not
consumers,
as
in
individuals
that
buy
products,
but
anybody
that
reads
and
writes
well
reads:
the
apis,
meaning
I'm
consuming
information
from
a
skit
configuration?
What
confused
me
a
little
bit
is
what
the
box
is.
So
if
somebody
stands
up
a
skid
instance,
what
is
it
that
would
be
assumed
to
be
inside
of
that
versus
external
to
it,
and
one
of
the
things,
for
instance,
you've
got
transparency
service
in
the
box
to
the
right
and
I
was
reading
the
box
to
the
right
as
being
the
consumption
part.
So
I
was
thinking.
I
Then
there's
a
concentric
Circle
outside
of
that
that
any
project,
product
or
service
that
implements
skit
would
add
some
value
on
top
of
those
specs
and
those
standards.
So
when
you
think
of
email,
there's
an
email
spec,
but
every
email
server
has
additional
capabilities
that
they
add,
but
it's
wrapped
around
those
existing
specs,
so
I
can
still
send
a
receive
email,
but
inside
the
email,
client
I
might
see
more
functionality
and
so
forth.
E
Okay,
yeah
so
I
in
my
mind
at
this
point,
I'm
thinking
that
that
these
boxes
over
here
are
actually
just
well,
it
depends
on
how
you
want
to
implement
it,
but,
but
certainly
you
you
need
to
know
like
who
can
submit
to
The
Ledger
and
you
need
to
know
the
organizations
those
could
be
part
of
The
Ledger.
E
In
other
words,
you
could
have
Ledger
entries
that
say
let
organization
X
here's
the
public
key,
here's
the
address,
blah
blah
blah
all
of
the
schema
things
that
you
know,
fields
and
I
did
add
down
in
the
document
here
and
some
of
the
things
that
the
schema.org
has
the
descriptors
for
organizations
and
there's
also
this
ISO
standard
for
the
structure
of
the
information
blah
blah.
It
turns
out.
I
think
this
is
the
way
things
are
going.
E
Is
the
EB
core
party
ID
type
technical
spec
by
the
Oasis
and
because
fairance.com
now
just
jumps
into
this,
and
so
so
essentially,
what
you
could
have
in
this
concept
here
is
that,
for
example,
the
organization
would
be
perhaps
a
skit
claim
that
says
I'm
this
organization
and
here's
my
information,
and
if
that's
all
you
wanted.
That's
you'd
say
tell
me
about
this
organization:
that's
what
you'd
get
if
you
said
tell
me
all
the
product
lines
that
are
tagged
with
this
organization.
E
You
would
get
those
entries
in
The
Ledger,
just
in
a
level
of
a
product
line.
You
could
say
tell
me
all
the
all
the
product
releases,
regardless
of
what
product
line,
maybe
or
of
a
given
product
line,
so
it
would
be
kind
of
like
look
up.
You
know,
capabilities
of
looking
up
in
the
table,
so
these
things
here
are
just
the
required
Concepts.
E
Okay,
regarding
what
the
how
the
registry
would
need
to
work,
because
you
need
the
concept
of
an
organization
unless
you
have
the
unaffiliated
user
and
you
know
so,
which
could
be
just
sort
of
like
a
a
shell
organization
with
nothing
in
it
around
a
user.
E
So
it
could
be
the
same
thing,
but
then
within
what
we
normally
think
of
as
an
organization
like
a
big
one
like
Microsoft
or
something,
then
there's
users
with
delegated
authority
for
a
given
product
line,
or
maybe
a
given
release
that
can
makes
that
is
tagged
with
being
having
the
authority
to
make
the
submission
through
the
submission
filter,
and
so
there's
some
there's
some
operational
things
that
you
would
have
to
deal
with
here.
E
E
E
E
So
if
the
Ledger
is
designed
such
that
you
could
say,
I
want
all
of
the
records
regarding
this
product
release,
then
The
Ledger
would
be
able
to
pull
those
out,
but
you'd
better,
be
aware
of
the
fact
that
people
are
going
to
be
wanting
to
access
it
that
way
they
don't
want
every
they
don't
want
to
see
the
best.
You
know
expanse
of
this
Ledger
with
all
of
the
injury.
E
They
want
to
see
just
the
specific
entries
for
this
product
really
or
for
this
product
line
find
out
which
releases
there
are
so
so
there
needs
to
be
some
way
of
of
like
saying.
Okay
for
this
release-
and
this
irrigation
tell
me
the
information
for
that
now
that
that
could
be
very
easy.
If
you
have
this
Ledger,
you
know
designed
right,
but
you
need
to
have
that
because
then
I
think
the
line
would
be
drawn
after
this.
So
so,
if
I
was
going
to
draw
a
box
around
the
registry,
it
would,
it
would
include.
E
The
aggregations
would
not
probably
include
the
verifier
could
not
include
The
Ledger
registry,
because
that's
not
part
of
it
would
include
the
bulk
storage.
Maybe
I,
don't
know
I
guess
can't
use
the
private
storage,
but
it
would
then
include
most
of
this
over
here.
It's
just
so,
but
I
would
say,
there's
a
lot.
The
line
should
be
drawn
like
right
there,
these
end
user
apps
would
be
logically,
not
part
of
it.
E
So
this
is
where
I
think
I
I'm
trying
to
support
what
dick
wants,
because
I
think
it's
really
important,
but
it's
not
part
of
the
actual
registry
itself.
It's
like
One,
Step
Beyond
that
I
see
a
bunch
of
hands
so
I'm
going
to
stop
there.
D
Thanks
Ray
yeah,
so
so
one
one
aspect
that
we
discussed
earlier
was
really
about
the
the
right
hand:
side
what
you
have
closer
to
the
end
user,
like
is
this
software,
trustworthy
that
the
peer-to-peer
evaluation?
That's
something
we
said
last
time
that
that
would
be
another
layer,
something
on
top
of
it.
So,
in
my
opinion,
based
on
the
discussions
we
had
earlier,
this
wouldn't
be
part
of
this
entire
box.
What
you
did
label
as
skit
registry
at
all,
so.
E
D
Raw
area
right
here,
but
keep
in
mind
what
the
purpose
of
this
whole
drawing
is,
and
we
have
a
lot
of
examples
to
to
look
at
from
other
working
groups-
is,
is
kind
of
the.
D
The
boxes
represent
things
that
we
really
find
important
for
the
minimum
amount
of
work
that
we
are
doing
just
to
get
sort
of
to
read
an
idea
like
what
the
minimalistic
version
looks
like
and
if
Steve
said
like
there
is
like
with
the
email
service,
there's,
obviously
lots
of
other
things
in
a
real
in
a
real
product,
for
a
variety
of
reasons,
which
we
would
then
add
on
top
of
it
and
I
think
that
would
belong
to
that
category.
D
Likewise,
on
the
left
hand
side
you
distinguish
between
identities
or
uses
of
individual
users
rather
than
users
that
are
sort
of
acting
on
half
of
a
corporation
and
I
think
that
could
be
lumped
together
in
one
box.
That
says
like
something
like
identity,
information
or
authentication.
I,
don't
know
something
like
this
and
telling
the
text
it
talks
about
these
aspects
and.
D
D
So
there
may
be
lots
of
different
things
and
the
queries
may
be
operating,
maybe
maybe
able
to
find
information
at
the
different
level
of
granularity,
whether
that's
an
aggregate
or
something
that
is
really
detailed,
and
that
may
be
all
sorts
of
things,
not
just
product
lines
and
product
releases
and
in
some
sense
those
are
the
artifacts
in
my
opinion,
but
and
whether
that
could
also
be
a
little
bit
abstract.
The
way.
E
Let
me
just
comment
on
that
last
point
and
actually
on
that
first
point
too:
I
I
do
agree
that
I
should
draw
this
box
differently,
so
I'll
do
that
I
kind
of
did
it
this
way,
because
if
I
didn't
put
this
box
around
it,
then
it
would
cut
the
end
user
in
half.
So
so
I
will
move
that
over
and
I
think
you're
right,
and
then
this
already
have
the
user
inside
here.
But
the
reason
I
think
this
is
pretty
important
and
I.
E
Don't
think
you
can
get
rid
of
the
concept
of
product
lines
and
releases
and
stuff
is
because
the
The
Ledger
will
need
to
be
able
definitely
to
find
product
lines
and
releases.
E
You
can
have
as
much
other
information
as
you
want,
and
this
doesn't
necessarily
mean
that
that
the
the
information
block
or
whatever
is
not
just
one
big
opaque
block
for
for
many
like
you
could
have
a
lower
level
here,
where
you
have
just
a
ledger
with
you
know
a
big
open
space
for
anybody
to
put
it
in
there
and
then
one
hash
value.
Something
like
that.
E
E
To
the
extent
that
these
users
over
here
will
be
able
to
say,
I
want
information
about
this,
which
is
outside
the
concept
of
The
Ledger,
because
it
has
to
be
like
World
information
that
says:
here's
an
organization
I
know
their
name
and
their
product
line
and
their
release
and
I
have
that
and
then
that's
everything
else
can
be
below
whatever
these
people
need
to
access
it.
That's
I
think
a
minimum,
but
it's
certainly
up
for
discussion.
Okay,
go
ahead.
D
H
Sorry
extra
steps
here
so
thanks
for
putting
us
together
Ray
this
is
very
interesting.
I
think
it's
a
probably
workable
flow
chart.
I
just
don't
think
it's
gonna.
It
looks
that
much
like
skit
as
we've
discussed
it.
Maybe
we
need
to
make
some
changes
there,
but
so
first
thing
I
would
say
is
the
user
thing
is
terrific?
That
is
absolutely
critical.
I,
don't
know
whether
that's
part
of
The
Ledger
or
not,
but
it
is
definitely
required
functionally
the
other.
H
The
other
thing
I
would
say
is
that
remembering
that
these
are
supplied
Goods,
not
necessarily
just
software,
the
first
software
problem
of
aggregating-
and
you
know,
product
lines
and
identifiers
and
so
on
and
so
forth
is
extremely
difficult
and
we
probably
don't
want
to
try
to
solve
it
here.
The
other
thing
that
sort
of
jumped
out
at
me
was
that
I
think
there's
a
lot
of
data
that
almost
has
to
be
in
The
Ledger.
H
That's
in
the
right
hand,
box
the
the
the
rats
stuff,
for
example,
you
know
the
I
don't
know
about
the
product,
at
least,
but
I
think
you
gotta
I,
think
that's
got
to
be
in
there
too.
I,
don't
think
the
software
you
know
title
or
product
line
hierarchy
is
really
intrinsic.
H
In
fact,
I
think
that's
almost
a
reference
thing
that
could
be
included
in
you
know
some
single
entry
by
the
by
the
organization,
and
the
final
thing
that
I
wanted
to
mention
is
that
so
so
I
guess
what
I
think
is
that
later
is
going
to
be
a
lot
bigger
and
the
second
thing
the
last
thing
was
you
know:
there's
the
certification,
Authority
I
think
is
a
little
bit
of
a
magic
happens
here
box
and
it's
perfectly
okay
at
this
stage
of
the
game,
but
there's
a
lot
going
on
in
there
as
well.
H
E
D
E
Okay,
no
I,
don't
think
the
rat's
entity
can
be
in
a
ledger.
That
is,
that
is
like
either
a
piece
of
software
running
in
a
cloud
or
on
an
iot
device
or
something
that
is
a
is
not
an
end
user,
but
a
but.
H
The
verifier,
though
I
mean,
isn't
there
a
isn't
there,
identifier
in
there
that.
E
E
Things
not
in
in
my
mind,
is
not
in
actually
in
the
registry.
This
is
the
registry
viewers
of
the
transparency
service,
so
I
was
thinking
that
this
entire
box
was
outside,
let
initially
outside
of
The,
Ledger
and
of
of
the
registry
itself,
which
was
kind
of
the
line
here,
but
I
think
now
looking
at
it,
this
part
here
would
be
would
be
inside
more
inside
the
Box,
but
the
verifier
seems
like
it
is
not
part
of
the
of
the
skit
registry.
E
H
Yeah
there's
a
lot
more
data
in
there
that
I
think
the
left
hand,
box
and
maybe
you've
you've.
Maybe
you've
agreed
already
on
that,
but.
B
A
Can
I
just
interject
for
a
second,
because
we've
got
we're
already
nearly
40
minutes
in
and
there's
a
long
queue.
A
Each
of
these
short
questions
is
soliciting
very
long
answers
and
I
wonder
if
we
might
be
better
served
by
getting
the
questions
and
comments
kind
of
out,
because
I've
got
one
I've
always
got
one
Neil
and
Hank
have
just
joined
the
queue.
Is
everyone?
Okay?
If
we
kind
of
get
the
comments
and
questions
out
and
then
get
them
all
addressed
kind
of
together?
So
then
that's
going
to
be
more
efficient.
Okay,.
H
J
See
at
there's
a
distinction
here
between
a
product
in
what's
in
the
ietf
to
I,
have
no
problem
with
what
was
written
here
by
Ray
there's
a
few
little
nuances
in
here
that
I
wanted
to
talk
about
which
we
can
cover
off.
You
know
if
we
do
our
jobs
right
with
The
Ledger
and
the
receipts
generates,
then
the
trust
in
the
content
is
a
simple
check
of
the
receipt.
The
deeper
audit
as
a
result
of
that
goes
against
The
Ledger,
and
that
should
be
a
a
lot
smaller
subset
of
people
doing
those
operations.
J
So
when
I
normally
draw
this
I
put
the
e-notary
inside
the
skit
and
say
hey,
the
queries
are
against
the
storage
brisk
it
not
The
Ledger,
but
that's
a
nuance
and
the
subtle
deed
that
that
raised
drawn
here,
I've
traveled.
There
is
some
comments
here
on
on
Rats
on
the
production
side,
you
could
Envision
a
model
where
we
finally
get
to
the
machine.
That's
that's
doing.
The
production
has
to
submit
rats
evidence
into
the
system.
J
So,
as
an
audit,
we
can
make
sure
the
machine
wasn't
hijacked
as
to
whether
the
customers
on
the
other
side
get
to
see
the
rats.
Information
seems
to
follow
between
a
boundary
that
we
have
to
decide.
Whether
is
OSS
code
shows
this
or
whether
big
companies
provide
their
rats
at
a
station
of
their
machines
to,
and
that
in
itself
gives
some
evidences
where
things
are
running.
J
Talking
about
that
I
think
we've
mentioned
before,
which
is
the
queries
against
the
data.
You
probably
want
the
last
of
a
specific
type
from
a
certain
specific
supplier
like
seeing
the
anti-malware
you're
really
kind
of
interested
in
the
last
result,
not
necessarily
the
the
previous
2000
results
right.
H
I
have
to
run
actually
but
I
think
this
is
a
great
start.
Ray
I
really
appreciate
the
kind
of
teasing
out
of
some
of
the
issues
here.
I
think
we're
really
going
to
get
to
the
to
the
details.
Now.
J
So
so,
basically,
what
I'm
thinking
here
is
what
you've
written
as
Ledger
I
think
more
of
a
skip
the
product
and
the
actual
Talking
To
The
Ledger
to
do
the
deeper
audit
is
what
we've
put
in
the
working
group
and
so
forth
as
a
building
block
the
certificate
Authority
is
I
think
is
raised,
is,
and
Charles
have
mentioned
is
just
there,
but
if
it's
against
the
receipt
and
we're
moving
towards
something
else
until
conceptually
sits
there,
as
somebody
has
to
have
policy
of
who
they
trust.
Those
are
the
only
comments.
A
Oh
fabulous
yeah,
so
thank
you.
I
I
would
Echo
that
I
think
we.
We
need
to
tease
these
issues
out,
and
these
are
indeed
the
issues
that
are
often
raised
mostly
by
by
dick,
but
I
do
think
we
need
to
find
ways
of
keeping
the
specifics
out
of
out
of
skit.
As
we've
mentioned.
You
know
it's
not
necessarily
just
software.
Even
when
we're
talking
about
software
supply
chain.
There
are
many
other
types
of
artifacts
and
products
and
claims
that
need
to
be
transported
and
I'm
wondering
why
we
can't
use
the
feed
concept.
C
Great
so
I
I
agree.
It
I
I
see
this
diagram
as
being
helpful
in
the
same
sort
of
way
that
use
cases
are
to
frame
the
functionality
from
a
user
perspective,
and
so
that's
helpful,
I
think
Steve
has
done
a
great
job
in
the
document.
C
Google
doc,
of
connecting
some
of
the
points
back
to
the
architecture
and
the
issues
and
I
think
we
would
be
most
productive
if
we
tried
to
get
back
to
that
and
look
at
specific
issues,
specific
text
in
the
document
and
use
this
to
kind
of
frame
those
issues
like
scalability.
So
you
know
this
whole
concept
of
a
feed
exactly
as
John
said,
already
exists
in
the
architecture.
It
seems
to
relate
very
closely
to
this
notion
of
how
a
user
would
find
product
lines
that
are
of
interest
to
them
and
so
on.
C
So
I
I
would
suggest
that
we
move
back
to
that
and
in
general
I
I
think
I
I,
don't
know
if
there's
already
an
issue
related
to
scalability
I
think
it
would
be
helpful
to
do
something
along
this
line
that
tried
to
estimate
you
know.
D
C
As
I
saw
it,
Steve
has
a
whole
bunch
of
comments
on
the
right
that
say
yeah.
This
thing
is
in
Issue
11
or
issue
17.,
as
we
were
discussing
last
week.
That's
what
I'm
talking
about
okay,
the
issue
tracker,
okay,
linking
raise.
You
know
elucidation
of
kind
of
some
user
challenges
to
the
existing
draft
that
I
I
guess
you
know
we're
trying
to
get
a
revised
draft
published
before
the
meeting
or
something
what's
our
timing
on
on
that
and
how
can
we
help
improve
it
and
and
in
particular
this
whole
transparent?
C
The
the
terminology
discussion
you
know,
I
was
going
through.
I
was
reading
the
document,
as
edited
by
I,
forget
who
to
to
be
more
precise
with
terminology
and
I
think
getting
that
adopted,
because
I
think
it's
it's
helpful
would
help
everybody
review
it.
D
I
So
what
I
was
just
trying
to
do
was
as
Ray
was
going
through,
the
dark
I
was
just
trying
to
capture
what
is
already
captured
in
the
issues,
so
we
don't
lose
new
points.
So
basically,
the
doc
is
great.
I
actually
put
a
link
to
the
doc
in
one
of
the
issues
around
it,
but
it
was
just
to
Neil's
Point
as
we're
going
through
it.
You
just
don't
want
to
lose
the
conversation
as
notes
in
this
particular
meeting.
Any
action
items
goes
back
to
issues
we
have
on
the
architecture
done.
D
Okay,
to
make
sure
that
I
put
the
correct
link
into
the
meeting
minute,
can
you
post
it
again
so
I
I
copy
it
over.
D
No,
no,
the
the
link
to
the
issues
that
Steve,
hey.
F
I,
we
put
it
under
Steve's,
like
notes
on
there
when
he,
when
he
posted
the
first
time
so
I
put
it
on
the
notes.
F
Link
yeah,
if
you
scroll
all
the
way
to
Steve
comment,
we
have.
G
G
Hi
this
is
Hank
yeah,
so
I
I
understand
why
rats
is
in
the
the
diagram.
I
think
Red's
entity
is,
is
all
things
that
says
to
offer,
so
that
has
to
be
more
specialized,
Monero
I,
think
all
of
these
boxes
can
benefit
from
some
Reds
roles
and
I
would
maybe,
in
the
very
first
iteration
remove
them.
So
we
can
add
them
at
a
later
step
when
it
is
more
consistent
from
the
point
of
view
of
skit,
I
think
Ray.
G
If
that
is,
if
you're
comfortable
with
that,
if
we
add
them
but
I,
think
in
more
places
and
more
consistently.
Okay,.
E
Okay,
so
let
me
try
to
just
quickly
respond
as
needed
to
some
of
these
yeah
I
did
not
try
to
start
from
the
existing
architecture
and
and
modify
it.
E
What
I
did
was
say:
okay,
Clean,
Slate
What's,
it
gonna
have
to
look
like
and
then
went
from
there,
and
these
boxes,
as
I
was
trying
to
say,
don't
actually
necessarily
represent
real
things,
but
are
just
Concepts
within
what
has
to
go
into
the
Ledger
or
how
the
day
the
information
needs
to
be
managed,
so
that
you
can
check
things
that
are
going
in
or
coming
out.
E
I
do
think
that
that
you're
not
going
to
be
able
to
get
away
from
some
sort
of
specification
of
say
organizations
and
offer
for
them
to
to
categorize
their
their
entries
such
that
they
can
be
easily
looked
up
and
and,
however,
that
is
and
I
think
that
for
most
software
and
Hardware
things
in
fact,
most
products
in
general.
E
They
have
these
Concepts
that
have
been
outlined
by
many
schema
organizations
like
schema.org
and
this
ISO
standard
for
talking
about
organizations
and
product
lines
and
releases.
So
so
to
so,
I
think
those
will
have
to
be
in
there
somehow
so
to
just
say:
okay,
we're
going
to
have
an
empty
box
or
anything
can
go
in
there.
You
can
do
it
that
way,
but
then
you'd
have
to
add
this
stuff
later
and
you
can
do
you
know
that's
one
way
to
approach.
E
It
is
to
say:
okay,
we're
going
to
have
one
big
empty
box
with
nothing
in
it,
except
just
a
hash
code.
And
then
then
you
start
adding
the
stuff
in-
and
you
add
just
a
minimum
of-
maybe
a
few
things
like
this
organization,
product
line
and
stuff
just
to
fill
that
in
and
then
allow
so
much
specification
for
contact
names
and
street
address
and
all
that
I
certainly
don't
want
to
Define
any
of
that,
but
the
certificate
yeah.
So
these
things
on
the
right
could
also
be
submitting
back
into
the
Ledger.
E
E
E
This
is
sort
of
a
mid-level
addressing
between,
like
the
use
case,
a
little
bit
more
concretely
and
then
trying
to
fill
understand
what
an
e-notary
might
have
to
do
on
this
side,
especially
so,
and
then
the
rats
thing
and-
and
a
lot
of
a
lot
of
these
things
are
are
not
like
I
could
try
to
put
arrows
around
all
kinds
of
things
here
or
put
rats
in
each
deal.
No
I
didn't
do
that,
because
I
wanted
to
try
to
make
it
simple.
E
So
this
is
just
the
largest
Sky
View
like
what
are
the
big
features
that
that
are
I
think
are
gonna
have
to
be
like
included
in
the
concept,
because,
for
example,
if
you
design
your
Ledger
without
the
concept
of
knowing
what
the
product
models
and
releases
are
it's
going
to
be
hard
to
look
through
it.
It's
going
to
be
hard
to
create
these
product
line
aggregations,
because
the
users
over
here
are
going
to
want
to
say,
I
have
this
organization's
product
from
the
release.
Give
me
all
the
information
about
it.
E
So
I
can
make
my
evaluation
so
I'm
trying
to
look
at
this
is
the
actual
use
for
the
kind
of
use
cases
that
dick
was
talking
about.
We
also
had
the
B2B
evaluations
of
people
trying
to
use
a
product
in
their
product,
and
so,
instead
of
showing
it
as
a
chain,
this
has
a
feedback
loop
going
to
the
next
user.
E
I
think
that's
all
of
the
answers
that
I
have.
D
Thanks
thanks
the
questioning
for
the
last
few
minutes,
eight
minutes
or
so
is
going
to
be
on.
How
can
we
update
the
document
to
capture
some
of
the
discussions
we
just
had
and
also
the
the
email
exchange
to
to
produce
a
new
document.
G
D
I
D
I
Actually
going
to
say
what
you
basically
just
said
is:
what
are
the
action
items
from
this,
because
I
think
there's
two
pieces
to
this
one,
as
we
were
discussing
the
architecture
terminology,
one
of
the
things
we
were
balancing
was
the
technical
accuracy
and
the
practicality
of
how
you
could
convey
this
to
Consumers
because
the
it
might
say
well
to
the
average
Layman
that
wants
to
be
able
to
use
this
service
as
part
of
their
secure
supply
chain.
I
So
I
think
one
side
of
the
surfaced
that
you
know
Ray
was
when
he's
going
through
the
doctors,
certain
terminology
that
may
or
may
not
have
fit
the
current
terminology.
That's
a
good
example.
We
need
to
fix
that.
There's
others
where
I
think
he
was
introducing
some
great
Concepts
like
whether
the
aggregate
of
others
do.
We
have
those
things
captured
in
the
architecture.
Should
they
be
tracked
as
new
issues
so
that
we've
been,
you
know,
continue
to
chip
away
at
this
or
are
they
external
Concepts?
I
That
are
you
know
on
top
of,
like
that,
might
even
be
a
product
specific
use
case,
or
it
might
just
be
a
particular
use
case
of
a
standard
skip
registry.
I
Let's
track
the
action
items
and
issues
and
then
link
back
to
this
doc.
But
this
way
we
have
the
issues
of
the
the
term
issues
on
the
architecture
dock,
as
our
indexing
of
how
to
make
sure
we
don't
lose
yeah.
D
Well,
practically
speaking,
we
have
till
next
Monday
to
submit
an
architecture
version
I.
So
the
reason
why
we
started
this
discussion
about
this
box
was
because
it
was
related
to
the
question
about
like
how
the
whole
thing
should
be
called
and
that
may
well.
It
seems
that
that
question
hasn't
really
been
answered
by
this
diagram,
but
but
it
gave
us
a
couple
of
additional
issues
to
think
about
so
so
capturing
those
issues.
I
think,
is
important.
D
But
on
the
positive
note
in
terms
of
advancing
the
document
and
having
something
to
submit
by
next
Monday,
we
also
had
some
agreement
on
some
of
the
terminology,
as
I
have
seen.
So
that's
fantastic
and
the
other
things
which
will
have
to
be
worked
out
and
thanks
Steve
for
capturing
some
of
those
open
issues
and
I
have
some
more
from
today's
meeting
in
the
in
the
meeting
minutes
as
well.
Neil.
C
Put
in
the
chat
I
think
it
would
be
helpful
if
we
accepted
the
pull
request
on
vast
terminology
overhaul,
just
because
it
I
in
my
opinion,
it
cleans
a
bunch
of
things
up
pretty
effectively
and
it's
hard
to
read
the
document
I.
If,
if
that's
the
case,
if
we
want
it,
it
just
makes
it
easier
to
read
the
document
because
there's
an
official
version
of
it
that's
available.
So
is
there
pushback
on
that
General
thrust.
There's
been
a
lot
of
commentary
on
it.
C
It
just
seems
like
there's
still
stuff
to
tweak,
but
it
would
make
sense
to
get
that
back
in
the
main
line
of
of.
B
Yeah
so.
G
This
is
Hank,
I
might
have
an
answer
to
this.
Ultimately,
that
is
a
suggestion.
I
think
yes,
it's
worthwhile
to
merge
now,
because
it
becomes
a
little
bit
clunky.
It's
vast
also
I
want
to
highlight
that
Ori,
you
Ned
and
Steve
made
valuable
contributions
that
are
captured
as
comments,
not
only
as
change
requests.
Also,
some
of
the
change
requests,
for
example,
coming
from
Ori,
have
have
to
be
have
to
be
discussed.
G
I
think
most
of
them
are
sane,
but
I
think
people
have
to
agree
and
so
merging
the
portal
request
might
make
them
less
visible
for
now,
so
please
keep
in
mind
emerged.
Pull
request
like
this
seg
16
will
include
a
ton
of
good
suggestions
that
we
will
have
to
unearth
again.
Okay,
so
they're
not
gone
or
ignored,
especially
down
below,
where
net
commented
a
lot
and
he's
not
here
anymore.
G
In
this
call
about
normative
language
and
such
they
are
not
ignored,
if
you
put
it
without
addressing
them,
okay,
I
think
you
have
to
make
them
very
clear.
I
G
Don't
lose
that
it's
a
ton,
it's
I
would
say
this
is
these
are
like
30
to
40
issues.
G
Capturing
them
is
not
something
we
can
do
if
we
want
to
have
a
publishable
idea
next
week,
Monday.
Yes,
we
should
do
that,
but
I
think
I
think
or
is
because
he
provided
suggestions,
hinting
that's
a
cool
idea.
That
is
that
these
are
the
easiest
to
address.
G
D
D
D
D
But
I
think
what
I
what
we
could
ask
for
like
it.
Obviously
there's
not
enough
time
to
go
through
this
now
to
the
BR
now,
but
it's
basically
a
request
to
everyone
to
have
a
look
at
that
VR
and
to
indicate
like
where
whether
they
are
kind
of
happy
with
this
merging
with
it
and
and
sort
of
capturing
the
open
issues.
Knowing
that
there
will
be
lots
of
open
issues.
E
D
Well,
Ray,
your
your
contribution
was
extremely
valuable
because
it
made
us
talk
about
the
different
components
and-
and
we
have
a
bunch
of
open
issues
and
we
obviously
there's
a
agreement
on
some
of
the
aspects.
So
we
need
to
then
see
how
we
best
fold
in,
like
the
the
whole
identity,
discussion,
user,
authentication,
Etc,
whatever
you
want
to
call
it,
for
example.
So
so
that's
that's.
B
C
Yeah
I
just
wanted
to
say:
should
we
I
mean?
Are
we
going
to
merge
it
right
away,
or
should
we
if
we
want
to
tweak
it,
should
we
have
pull
requests
that
build
on
that
particular
Branch
or,
like
you
know,
how
do
we
try
to
make
progress
in
the
next
week.
D
Yeah,
let
me
do
the
following:
I
will
look
through
and
reach
out
to
some
of
the
folks
who
contributed
and
see
what
it
they
they
are.
Okay
with
it
from
from
the
immediate
feedback,
I
I,
don't
get
sort
of
like
I,
didn't
hear
anyone
screaming
so
so
it
looks
pretty
good,
but
I
don't
want
to
ignore
someone's
feedback
and
I
haven't
I
haven't
checked
the
the
the
latest
sort
of
issues
there.
So
there
was
a
lot
of.
D
On
that
PR
is
that
does
that
make
sense,
but
your
your
request
is
obviously
super
timely,
given
that
we
have
the
draft
submission
deadline
upcoming
next
Monday.
So
we
need
to
do
something
sooner
rather
than
later,
and
we
can
still
make
further
progress
before
the
IDF
meeting
itself
after
the
after
the
deadline.
B
D
I
would
say
thank
you
all
for
the
discussion
and
thanks
Ray
for
leading
today's
sort
of
description
of
the
terminology
and
the
architectural
building
blocks,
and
and
thank
you
Steve
for
capturing
issues
and
for
advancing
that
work.