►
From YouTube: IETF-SCITT-20230227-1600
Description
SCITT meeting session at IETF
2023/02/27 1600
https://datatracker.ietf.org/meeting//proceedings/
B
A
We
we
live
in
Massachusetts
and
we
are
famous
for
our
Coastal
snowstorms
that
we
call
northeasters
and
one
is
scheduled
to
arrive
this
evening
and
it'll
be
the
first
plowable
snow
in
our
area
that
we
get
so.
A
B
B
Yeah
I
think
you
can,
if
you
want
to
do
screen
sharing
I
can
I
can
approve
I.
Think
we
are.
We
should
be
ready
to
go.
It's
two
minutes
past
the
hour.
C
Okay,
so
the
thing
we
had
on
the
agenda
today
was
to
get
through
some
of
the
art
where
we
are
with
the
architecture
Dock
and
I'll
just
start
with.
Last
week
we
did
go
through
the
old
architecture
Dock
and
call
through
the
issues
to
make
sure
we
copied
everything
over.
C
So
if
you
notice
this
was
archived
and
there's
no
open
issues
or
pull
requests,
so
we
were
able
to
basically
go
through
the
list
of
issues
and
we
closed
the
ones
that
were
already
resolved
and
if
there's
obviously
for
those
that
opened
them,
if
they
feel
like
there's
anything
left
that
they
want
reopened
or
acted
on,
definitely
reopen
them,
but
not
here
we
moved
them
over
to
the
new
repo
which
now
that
we're
adopted
under
the
working
group,
so
here
we've
got,
we
copied
them
all
over
and
you
notice
that
in
fact,
one
of
them
was
called
for
the
previous
issues.
C
So
this
we
can
whoops
not
what
I
meant
to
do.
I,
don't
know
what
I
clicked
on
there,
but
anyway
closed
as
complete.
C
And
if
we
look
at
the
rest
of
the
issues,
we
can
just
walk
through
from
the
bottom.
Some
of
them
we
can
we'll
Skip
by
because
it's
just
pretty
obvious
what
they
are,
but
we'll
just
kind
of
walk
through
them.
That
was
the
plan
of
where
we're
at
so
from
there
one
was
just
the
the
adding
code
owners
just
to
make
sure
there's
you
know
visibility.
C
The
GitHub
teams
don't
really
provide
a
lot
of
transparency
in
history,
for
when
people
are
at
it
or
not,
so
we
just
try
to
do
some
housekeeping
there.
This
one
is
actually
the
make
file
for
the
specs
or
is
not
generating
apparently,
so
there
is
some
links
on
how
to
do
a
setup
for
it.
In
fact,
it
looks
like
this
person
Neil
put
a
link
to
it
here,
so
we'll
work
through
that
one
there
then
we
get
into
a
bunch
that
were
really
around
terminology.
C
So
if
we
remember
this
one
throughout
our
docs,
we
refer
to
the
in
fact,
I
only
copied
the
header,
obviously
I
didn't
copy
the
whole
thread
over.
So
if
we
come
through
here,
you'll
notice
that
we
actually
use
a
couple
different
terms
throughout
our
Docs
from
transparency
service
without
an
acronym,
a
registry,
a
skid
implementation,
a
transpiring
service
with
an
acronym,
because
it
was
used
TS
in
the
original
doc.
C
And
then
you
know,
if
there's
some
others.
So
we
had
a
couple
people
that
did
so
Mike
and
Dick
had
provided
some
thoughts
and
then
K
and
looks
like
at
least
from
here.
Transparency
service
was
the
you
know
the
request.
So
with
that
said,
Hank
had
done
a
PR
oops,
not
there.
C
Let
me
close
this
window
where
he's
got
a
vast
overhaul
terminology
and
transparency
service
is
one
of
the
pieces
that
he
had
in
here
before
I
drill
into
it,
I'm
going
to
go
back
and
cover
one
of
the
other,
a
couple
of
terminologies
this
one
here
for
converge,
claim
and
statement,
because
these
two
are
what
he's
got
captured
in
that
PR.
C
B
Nobody
in
the
queue-
yes
any
like
we
had.
This
obviously
had
been
asking
what
the
prefer
the
preferred
term
is.
We
have
to
use
registry,
and
some
people
also
use
lecture
in
the
past
and
discussions,
so
settling
for
the
transparency
service
seems
to
be
the
preference
like
good
for
me.
I,
don't
care.
C
C
The
if
we
look
at
the
this
is
what
I
was
actually
trying
to
put
a
picture
to
here
is
what
there's
components
to
a
system
right,
there's,
storage,
there's
The
Ledger,
we
can
decide,
you
know,
there's
sub
components,
the
notary
and
the
policy,
registration
policy
and
so
forth.
The
point
is:
what
do
we
want
to
call
number
one?
C
What
is
it
that,
when
not
just
the
specs
right,
there's
the
skit
specs,
but
when
I'm
actually
communicating
to
a
running
instance
and
I
want
to
say
I
am
putting
a
I'm
just
going
to
say
piece
of
information
onto
the
running
instance.
What
is
the
term
we
would
use
so
to
your
question?
We
actually
don't
have
registry
anywhere
in
this.
These
notes,
we've
been
using
the
term
registry
we've
been
using
the
term
TS
and
transparency
service
and
Ledger.
C
E
E
There
would
be
two
dick
there's
one
for
e-notary,
saying:
here's
the
list
of
identity
providers
that
we
will
validate
to
make
sure
they
can
be
put
on
the
system
and
at
a
Storage
level,
once
you
get
into
storage
or
whatever
you
kind
of
need,
a
second
policy
for
our
back
saying
who
can
who
can
make
claims
against
an
existing
product?
It's
either
one
transparency,
service
per
organization
or,
if
it's
shared,
then
you
kind
of
have
to
track
who
owns
what
products
these
competitors
can't
make
negative
claims
on
other
people's
products.
F
Yeah
sure
so,
I
think
Steve.
How
did
I
did
that
yeah
that
I
created
a
PR
based
on
the
mechanical
input
that
for
now
consolidates
the
refinement
of
the
assertion
about
the
product
called
a
statement
by
being
issued
as
a
science
statement
and
then
buying
processed
by
transparency
service
to
become
a
transparent
statement.
That's
relatively
symmetric
and
all
that
during
that
I
created
issue
15.
F
and
what
Steve
highlighted
issue
15
includes
it's.
A
humongous
issue
includes
that
as
inconsistency
between
the
use
of
registry
log,
Ledger
and
transparency
service,
currently
in
the
text
and
to
dicks
question
I,
my
my
current
understanding
is
that
a
transparency
service
is
at
least
composed
of
two
building
blocks.
Probably
three
one
of
them
is
the
append
Only
log.
That
is
the
retention
of
the
information
that
guarantees
that
depend
only
the
second
one
is
the
generation
of
the
there
is
the
corresponding
receipt
that
it
has
been
con.
F
This
is
action
has
been
conducted,
and
my
very
strong
assumption
is
because
we
have
registration
policies
which
I
think
the
use
of
the
term
registry
also
accidentally
comes
in
here
is
that
there
is
a
gateway
function
here
that
limits
the
use
of
the
transparency
service
to
based
on
issuer
and
maybe
other
policies
so
I.
My
personal
understanding
is
that
the
transparency
service
again
has
three
functions
rather
than
the
notary
maintaining
depend
on
The
Ledger.
One
of
them
is
the
receipt.
F
A
Thank
you
Hank,
so
it
sounds
like
what
you're
suggesting
is
that
a
that
a
transparency
service
and
the
owner
or
operator
of
that
service
has
some
type
of
policies
which
dictate
what
they
record
in
their
registry
and,
and
that
is
and
that
basically
constrains
what
a
notary
can
place
into
the
registry.
As
far
as
statements
correct.
F
My
assumption
is
that
you,
you
can
some
to
some
extent
the
the
the
the
the
the
the
the
the
duty
of
the
whole
transparency
services
not
to
detect
lies,
so
you
could
fool
easily
a
transparency
server
for
saying,
hey.
This
is
application
text
and
put
a
cat
video
there.
So
I'm
not
sure.
F
That's
the
verification
process
that
every
transparency
service
has
to
judge,
even
if
the
I
want
to
say,
media
type
or
ctry
is
is,
is
correct
in
inside
of
that
statement,
that
could
be
allies
of
laws
or
just
human
errors,
and
so
so
to
some
extent,
yes,
and
to
some
other
extent,
it's
an
informal
level
constraint.
Yeah,
it's
not
constrained
on
actual
verifying
the
truthfulness
of
the
actual
statement.
A
E
No,
no
so
remember
that
the
whole
point
of
the
the
notary
is
to
notarize
that
the
the
identity,
the
signature,
is
correct.
The
legal
document
in
the
case
of
a
notary,
the
notary,
doesn't
read
the
contract,
doesn't
know
whether
it's
complete
BS
or
not.
If
the
assumption
is
that
later
on,
looking
at
the
content
proves
to
be,
you
know
unsustainable,
that's
not
the
notary's
job
to
say:
hey,
it
was
an
incorrect
contract.
E
Listening
thanks,
no
no
I
I
think
you
know
we've
kind
of
limited
the
role
saying
the
notary's
job
is
to
make
sure
the
identity
is
validated
and
keep
track
of
what
we
use
to
prove
the
identity.
At
the
time
you
submitted
the
document,
the
the
value
of
the
document
or
the
accuracy
of
the
document
is
not
the
job
of
the
e-notary.
It's
part
of
the
vertical
than
which
the
notary
is
being
used
in
the
case
of
software
supply
chain.
E
E
A
E
Right,
so
that's
why
I
said
there
were
two
different
policies,
one
for
the
notary
for
the
identity
and
the
second
one
for
the
hour
back
of
the
the
product,
and
that's
where
you
would
tie
in
a
vertical
saying:
hey.
The
only
thing
you're
allowed
to
submit
here
is
X,
Y
and
Z,
and
it
could
be
that,
depending
on
role,
the
content
may
vary
if
you're
in
a
commercial
anti-malware
scanner.
Maybe
that's
configured
to
allow
you
to
scribble
on
claims
on
anybody
else's
products.
E
That's
till
TBD.
We
haven't
even
got
to
that
level
of
detail
right
at
a
true
level.
You
would
argue:
hey
here's
the
limited
set
of
of
content
types
you're
allowed
to
submit
to
the
transparency
service,
and
then,
on
top
of
that
you
could
say,
hey
who
else
is
allowed
or
what
other
factories
are
allowed
to
write
on
to
your
product
and
those
are
longer
things
that
are
outside
the
the
skip
working
group.
A
Okay,
so
I
guess
I'll
use
an
analogy
here.
It
sounds
like
what
you're
saying
is
that
the
Registries
can
be
contained.
Specific
statements
like
if
you
want
to
know
the
registry,
if
you
want
to
know
the
land
records
you
go
to
the
registry
of
deeds,
and
if
you
want
to
know
the
you
know
the
Carfax,
you
you
go
to
the
registry
that
has
the
Carfax
information
about
you
know
in
a
car
vehicle.
You
know
damage
and
such
so.
You
got
to
go
to
the
right
registry,
the
right
transparency
service
right.
It's.
E
A
E
You
said
the
the
ledgers
in
the
e-notaries
portion
is
also
to
capture
the
data
that
allowed
it
to
validate
the
identity
like
the
driver's
license,
the
snapshot
of
a
person's
passport
and
so
forth,
and
the
third
thing
it
allows
is
the
the
auditing
of
that
data
and
those
are
the
three
things
that
e-notary
is
doing
for
us.
Okay,.
A
D
Hank,
why
not.
B
Take
meeting
minutes
if
someone
else
could
double
check
that
I'm
able
to
capture
things
correctly.
That
would
be
great.
G
A
G
Go
ahead
and,
let's
hang
please
yeah
I
thought
you.
This
was
really
about
the
terminology,
and
so
I
would
like
to
separate
to
aspect.
One
of
them
is
definitely
Concepts
and
that's
something
that
is
more
interesting
but
also
I.
Do
not
sure
we
want
to
reopen
that
box
yeah
and
then
in
your
world
to
refer
to
each
of
those
Concepts
and
that's
an
easier,
more
superficial
problems.
Essentially
it's
injective,
Dynamics
and
I.
G
Think
we
are
discussing
this
should
be
official,
is
very
important
for
clarity,
but
I
I
think
that
if
we
jump
to
rediscussing
the
government
sets
instead
of
the
terminology
is
going
to,
we
are
going
into
loops
and
I'd,
rather
not
do
that.
G
So,
partly
because
we
had
lots
and
lots
of
discussions
about
data
already
so
I
I
think
the
increasing
at
CBD
in
the
picture
is
something
that
we
have
consistently
been
referring
to
as
the
transparency
service,
and
it
can
grow
very
in
the
transferences,
something
else
if
there
is
a
good
reason
for
that,
but
as
a
concept
it
has
been
very
stable,
also
I
think
summarizing
prior
discussions.
G
G
Because
of
the
confusion,
blockchains
may
be
closing.
So
that's
why
we
are
using
log
instead
of
lecture
and
that's
why
we
are
still
using
conspiracy
Services.
G
What?
If
that's,
if
there
is
a
good
reason
for
that.
E
Cedric
I
had
a
question:
there
are
internal
team
was
thinking
of
of
needing
to
distribute
and
smear
across
multiple
e-notary
systems,
in
which
case
then
they
had
the
thought
of
potentially
having
an
outer
wrapper
deal
with
transaction
IDs
and
so
forth.
We
need
to
go
and
get
to
the
bottom
of
that
before
you
can
pancake
this
discussion
and
to
say,
hey,
they're,
one
I
would
love
it
to
be
one,
but
unless
we've
solved
that
issue
that
Jerome
was
was
Raising
internally.
We
kind
of
need
to
think
this
through
a
bit.
G
Well,
I'm
very
happy
to
discuss
it,
but
but
yes
please,
please
tell
me
more
about
that
and
what.
G
E
B
E
Email
here
is,
if
e-notaries
are,
are
single
instance
and
you
need
to
have
a
higher
volume
and
having
redundancy
do
you
need
to
smear
it
and
have
transaction,
IDs
and
so
forth
at
an
Uber
level
outside,
in
which
case
that
becomes
a
transaction
service
or
do?
Is
it
something
we
have
to
go
off
and
work
through
and
internally?
We
think
we
have
some
need
for
Global
access
and
redundancy
and
scale
and
I
would
love
to
get
that
solved
and
say
hey.
This
is
pancake
down.
E
E
Yeah
I'll
find
it
Cedric,
so
yeah
Hannah
as
soon
as
I
can
get
this
answered.
I
will
respond
back
to
the
the
mailing
list
with
here's
what
our
thoughts
were
and
and
why
we
we
think
this
is
necessary
yeah
until
we
I
can
get
people
to
agree
that
it
would
be
fluttering
in
the
in
the
breeze
here
right.
B
It
definitely
makes
sense
to
talk
about
the
cardinality
of
different
entities
in
inside
that
box.
So.
B
B
As
you
pointed
out
like
is,
there
is
the
policy?
Is
there
one-to-one
relationship
between
the
one
instance
of
ino3
and
that
policy,
or
like
also
likewise
with
the
lecture?
Is
there
one-to-one
relationship?
Is
there
only
one
letter,
multiple
different
implementations
of
a
lecture
and
a
transparency
service?
I
I,
don't
know
what
the
relationships
are.
Yeah.
E
That's
exactly
what
we
have
to
think
through
and
or
the
case
where
one
has
been
retired
and
the
new
one's
brought
up,
because
the
hardware
failed.
Those
sorts
of
migration
things
I
think
are
covered
somewhat
in
Cedric's
document,
but
we
just
need
to
get
consistency.
I
want
to
make
sure
Ray
has
some
time
here.
H
H
I,
don't
agree
with
the
concept
that
things
flow
through
e-notary
and
that's
part
of
this.
This
larger
box
I,
don't
agree
that
that
thing
should
be
called
a
transparency
service,
and
in
this
diagram
we
don't
have
any
view
of
identifying.
H
You
know
identity
like
determining
the
identity
of
a
both
a
user
of
the
service
and
the
identity,
which
would
be
one
level
like.
Can
you
just
log
into
the
service?
Okay,
then
the
second
level
of
identity
is
like.
H
Do
you
have
the
right
to
talk
about
this
certain,
maybe
line
of
products,
and
then
what
goes
into
The
Ledger
I
believe
should
be
pretty
small
and
simple
in
terms
of
a
root
hash
value
and
the
semantic
name
for
what
it
is,
which
is
sort
of
like
owned
by
one
of
the
users,
the
semantic
name
and
then
also
it's
near.
H
That
would
be
some
storage
and
then
there'd,
be
another
box
out
here
called
the
transparency
service
that
lets,
maybe
others
look
at
The
Ledger
and
the
storage
area,
so
The
Ledger,
and
that
all
this
other
stuff
is
not
a
transparency
service.
That
is
just
a
means
to
keep
track
of
things,
and
the
transparency
service
would
be
a
service
to
let
either
the
public
or
other
people
that
are
also
authorized
to
take
a
look
at
it
and
but
not
not
change
it
just
to
look
at
it.
H
So
the
so
certainly
what's
missing
here.
The
e-notary
probably
should
not
be
a
gatekeeper,
as
you
guys
have
been
thinking,
in
other
words,
you're
allowed
to
put
stuff
on
The
Ledger
kind
of
like
when
you
sign
a
contract.
The
person
like
the
e-notary
I,
guess
the.
If
you
have
a
real
notary,
they
need
to
watch
you
sign
it.
H
I,
don't
know
if
that
that
same
concept
needs
to
be
here
where
you
have
to
in
the
same
time
period
watch
the
person
make
the
entry,
because
we
can,
we
can
determine
like
who
signed
it.
Based
on
you
know,
cyber
you
know
cryptographical
mechanisms,
and
so
that
could
be
yes
yet
another
claim,
and
that
relates
to
to
that
entry.
H
So
you
could
have
the
entry
which
is
simple
and
then
a
notary
later
says
you
know
what
I
checked
on
this,
and
this
is
actually
the
right
party
and
they
have
a
right
to
to
this
product
line.
You
know
name,
and
this
is
a
legitimate
entry.
H
According
to
me,
now
the
just
to
make
the
entry
you'd
have
to
get
you'd
have
to
get
into.
You
know
kind
of
like
sign
into
the
service,
which
would
be
not
necessarily
a
public
thing.
It
could
be.
You
know
it
could
be
a
huge
public
deal,
but
then
whether
or
not
people
can
look
at
it
is
different
than
whether
they
can
make
entries
to
it.
So
the
transparency
service,
I
think
needs
to
be
put
off
to
the
other
side.
B
D
B
H
What
I'll
do
I'll
tell
you
what
I'll
do
is
I'll
make
a
drawing
of
a
different
point
of
view
and
I'll
try
to
put
all
these
things
in,
because
I
think
we
can
agree
that
we
need
to
have
the
identity
service
in
here
shown
as
a
box,
we
need
to
have
a
storage
service
shown
as
a
box.
That's
different
than
the
Ledger,
because
the
the
actual
Ledger
itself
I
mean
you
could
think
of
it
as
one
one
thing,
but
it
has
to
have
an
Associated
Storage
or
maybe
not.
Maybe
it
could
this.
H
You
know
the
storage
could
be
somewhere
else
as
long
as
it
gets
into
The
Ledger.
That
could
be
another
policy,
but
the
the
the
concept
of
okay
we've
got
a
different
picture
here.
C
Ray
could
I
interject
just
to
help
a
little
bit,
and
then
you
can
tell
me
you
still
don't
agree,
but
let
me
just
try
to
help
a
little
bit
in
this.
Drawing
I
was
just
trying
to
figure
out
how
to
simplify
this
to
the
point
to
be
focused
on
the
particular
topic.
So,
yes,
there
absolutely
is
a
an
R
back
up
front
that
not
any,
and
nobody
can
just
write
to
every
transparency
service.
C
That's
a
configuration
if
somebody
wants
to
make
it
Anonymous,
that's
their
choice,
but
their
the
assumption
is:
there's
usually
rights
on
you
know
our
back
role-based
access
control
for
who
can
write
and
possibly
even
read
a
specific
transparency
service
instance
that's
up
in
front
of
this,
and
it
is
captured
in
the
skid
IO
site,
where
I
discussed
it
a
little
bit
more
and
I
obviously
have
larger
space.
So
if
you
notice
here
there's
in
step
four,
where
is
it
step
four
when
you're
actually
writing
to
it?
C
Our
back
comes
in
and
to
your
other
point,
is
while
The
Ledger.
In
fact,
if
you
notice
here
this
drawing
expands
out
the
different
options
for
the
actual
persistence,
we
want
to
make
sure
that
different,
Cloud
operators,
different
on-prem
different
Technologies,
could
be
used
for
the
actual
transparency
service
storage.
C
But
here
we
talk
about,
you
can
store
the
actual
this
stocks
I
refer
to
it
as
evidence,
but
the
s-bombs,
the
Vex
reports,
all
that
stuff
could
be
in
various
different
status
data
stores,
so
I
think
we,
we
absolutely
are
thinking
we're
in
sync,
with
what
your
partial
thoughts
are
on.
You
know,
partially
on
what
you
were
referring
to
is
just
a
matter
of
how
do
you
put
all
of
that
in
an
image?
That's
digestible
and
be
focused
on
the
instance
in
this
case,
no.
B
H
Let
me
just
say
that
yeah,
the
a
lot
of
the
discussions
I
hear
have
to
do
with
whether
what
goes
into
the
registry
is
kind
of
like
a
final
determination
of
this
is
trustable
versus
a
lower
level
of
things
that
go
in
and
that
are
determined
to
be
trustable
by
another
mechanism.
H
And
it's
more
like
an
Evidence
collector
rather
than
a
conclusion
collector
and
the
the
e-notary
I
think
is
a
problem
here,
because
it
makes
it
seem
like
there
is
a
lot
of
inspection
on
what
goes
into
The
Ledger
before
it
goes
in
and
well.
C
H
Be
gonna
be
the
case
I
think
what's
going
to
happen,
is
we
we
get
a
bunch
of
evidence
that
goes
in?
It
may
be
a
lot
of
different
things
and
then
there's
going
to
be
an
another.
The
e-notary
would
be
there,
but
just
doing
a
very
cursory
review
of
basically
the
identity
and
and
I
don't
know.
Maybe
we
can
change
the
name
of
that
to
just
the
identity
service
and
have
another
couple
blocks
out
there,
but.
E
H
But
then
you
need
to
have
you
I'm
sorry,
but
you're
gonna,
you're
gonna
have
to
have
identity
thought
of
here
and
even
if
it's
not
in
the
box,
it's
going
to
need
to
be
outside
the
box.
C
Well,
I
was
just
going
to
say
because
I
I
appreciate
everything,
you've
been
saying
the
the
piece
and
then
that's
why
I'm
wondering
is
the
picture
is
not
capturing
it
where
we
try
to
capture
it
more
elaborately
in
the
skid
IO,
where
we
took
more
time
to
you
know
and
and
navigatable
pages
to
to
drill
into
it,
but
the
e-notary
does
just
what
you
were
saying.
That's
why
I'm
kind
of
curious
how
it
was
interpreted
differently
is
all
that
you
know
to
be
doing
is
verifying
that
the
identity
is
accurate.
C
Just
like
you
would
go
to
a
physical
notary
and
to
exactly
your
point,
you
don't
need
a
sign
in
front
of
the
e-notary
in
this
case,
because
a
digital
signature
can
be
verified
where
an
ink
based
signature
can't
so
they're.
Looking
at
me
physically
sign
it
to
see
that
I
am
the
writing
instrument
for
that
signature,
whereas
a
digital
notary
can
say,
I'll
submit
it
with
my
signature
and
the
enote
portion
can
go
out
and
verify.
Was
that
signature
valid?
C
Was
it
revoked
yeah?
Is
it?
Is
it
a
recognizable
one
purely
from
a
policy
perspective,
then
that
specific
instance
of
the
transparency
service
testing
the
terminology
we've
been
discussing
here
can
make
a
decision
whether
they'll
accept
the
different
types
of
identities
or
the
specific
identity.
I
might
use.
You
know
an
x509
certificate
and
it
comes
from
a
certain
CA
and
that
policy
might
decide.
Don't
trust
that
one,
whereas
another
instance
can
decide
they
do
trust
the
e-notary.
C
E
C
B
B
Doesn't
I
I
think
what
Ray
is
saying
like
what
he
was
expecting
is
to
literally
have
the
the
drawing
of
sort
of
like
that
transparency
service,
to
include
somebody
identity
sort
of
more
prominent?
But
while
in
in
your
drawing,
you
include
that
identity
topic
as
part
of
the
e-notary,
alongside
with
a
separate
policy
I.
Think
in
the
end,
it's
the
same.
I
think
that
we're
talking
about
the
same
stuff
and
we
cover
sort
of
like
what
you
want
Ray.
B
H
Well,
well,
there's
there
are
several
levels
of
identity:
I
think
that
that
we
need
to
probably
pull
apart
at
some
point.
Okay,
and
one
is
just
you
know,
being
able
to
use
a
service
there's
going
to
be
a
threshold
there
and
then
what
can
you
say
like
different
identities
will
have
different
rights
to
say
certain
things
into
The
Ledger
now.
H
Does
the
the
question
is
that
then-
and
this
is
I-
think
the
Crux
of
the
issue
with
with
what
dick
usually
brings
up
is
how
hard
is
it
to
put
stuff
into
The
Ledger?
Does
it
have
to
meet
a
very
high
threshold
or
not
that
high
of
a
threshold
you
just
have
to
and
then
later
it's
checked?
H
Of
course,
if
the
Ledger
is
it
doesn't
have,
and
the
other
issue
I
know
that
we're
going
to
have
to
wrestle
with
is
if
this
is
a
append
only
Ledger,
then
it's
going
to
grow
without
bound
you're
going
to
have
to
have
some
way
to
Sunset
it
into
chunks
or
something
where
yeah
you
can
store
it,
but
you
may
not
want
to
have
it
be
an
active.
H
You
know,
after
10
years
you
may
not
have
have
to
have
everything
still
you
know
rolling,
so
it
is
so
I
and
then
the
concept
of
transparency
I
think
we
need
to
think
of
as
a
separate
thing
and
not
an
encapsulating
thing,
so
it
would
be
have
the
ability,
I
would
think
to
somehow
look
at
what's
in
The,
Ledger
and
inspect
The
Ledger
and
the
data
to
to
to
sort
of
pour
over
it
and
make
sure
that
everything
is
consistent
or
just
to
access
things.
H
So
there
could
be
another
side
of
this,
which
is
this
is
sort
of
the
submission
to
The
Ledger
and
then
there's
another
side,
which
is
a
okay.
Well,
I
want
to
use
this
stuff.
That's
been
submitted
and
I'm
not
going
to
ever
submit
anything
I'm,
just
gonna
get
it
and
I'm
going
to
I
know
that
this
is
now
a
you
know.
All
right,
I
want
to
buy
this
piece
of
software.
I
want
to
go
to
The,
Ledger
and
see.
H
If,
if
and
there's
there's
a
the
transparency
service,
then
would
be
more
like
what
dick
is
envisioning
where
it
actually
goes
in
and
is
a
buffer
between
the
user
and
this
trans,
this
you
know
Registries
part
and
actually
is
able
to
pull
together
all
the
claims
for
that
and
and
then
make
a
determination,
and
that
could
be.
That
could
be
a
separate
service.
That
is
not
a
writing
to
The
Ledger
service
at
all.
H
All
it
does
is
inspect
things
and
come
up
with
some
sort
of
a
notion
that
they
can
provide
to
the
user.
That
would
be
the
transparency
service
that
all
you're
doing
is
providing
transparency,
not
activity,
and
so
the
the
this
box
number
one
should
I,
don't
believe,
should
be
called
a
transparency
service.
H
I,
think
that
should
be
called
sort
of
like
the
registry
submission
service,
and
then
the
transparency
service
would
all
would
do
is
look
into
it.
Okay,
that's
enough!
For
me,
talking
I'll,
tell
you
what
I'll
do
I'll
try
to
draw
a
different,
a
different
figure
that
I
think
is
going
to
represent
these
things
together
and
maybe
have
a
go
at
that
thanks
thanks.
So.
E
Steve
correct
just
a
question:
could
you
also
elucidate
why
you
don't
like
notary,
because
the
similarities
between
this
and
what
a
human
is
doing
resonates
with
me
going
in
the
terminology
you
you're,
bringing
up
means.
We
have
conflicts
with
everybody,
every
other
working
group
within
the
damn
I
ietf
and
Beyond.
H
No
I,
don't
I,
don't
mind
using
that.
It's
just
that
that
the
what
you
show
here
is
a
big
blue
arrow
shining,
Into,
The
Ledger,
as
if
everything
goes
through
an
e-notary
Into,
The
Ledger,
when
in
fact
the
way
it
could
be
designed
is
that
things
go
into
The
Ledger,
based
on
a
very
low
threshold
of
I'm,
a
user
and
I'm
authorized
to
submit
stuff
to
The
Ledger.
H
Now
the
e-notary
would
then
later
come
in
and
say
I'm
submitting
a
different
claim:
Into
The
Ledger,
and
it's
not
tied
to
that
one,
even
though
it
may
have
a
a
semantic
linkage
to
it.
Or
you
know
a
number
or
something
that
says
I'm
talking
about
that
other
that
other
entry
and
I've
checked
it
over
and
verified
that
that
it
has,
because
otherwise
you're
gonna
you're,
going
to
you're
going
to
have
maybe
different
thresholds
of
e-notary,
and
also
you
don't
want
to
make
that
a
a
a
bottleneck
for
things
to
get
in.
H
If,
if
it's
not
a
like,
if
they
want
to
run
this
and
say
hey
it's
like
six
store,
we
just
take
our
users,
you
know
email
and
he's
a
member
of
GitHub.
That's
enough
for
us,
then
that
goes
into
the
Ledger.
That's
fine!
Then
later
we
can
have
another
Claim
about
it.
That
says:
okay,
this
user
is
actually
on
the
authorized
list
and
it
may
take
more
time
to
figure
out.
So
that's
why
I
don't
I
fundamentally,
don't
think
that
the
e-notary
is
part
of
the
flow
from
getting
stuff
in
there
that
it
should
be.
H
Another
thing
that
runs
at
you
know
could
be
a
very
different
levels
of
thresholds
of
how
much
you
want
to
inspect
stuff,
and
then
that
goes
back.
There
would
be
a
first
level
I,
so
I
I
don't
want
to
take
the
floor
here
for
too
long
I
see
those
other
hands
up.
H
C
So
the
to
just
to
consider
for
what
you
were
discussing,
so
the
registration
policy
is
up
to
the
instance.
If
somebody
wants
to
make
it
open,
they
certainly
can.
The
thought
was
that
the
the
E
notary
is
the
gatekeeper.
The
registration
policy
is
a
gatekeeper,
but
maybe
that's
a
better
way
to
say
it,
and
it's
just
one
of
the
gatekeeping
policies
is
for
the
instance
to
decide
which
identities
they
want
to
allow.
You
know
a
government
agency
may
not
allow
certain
identities
to
write
to
it.
C
Regardless
of
what
somebody
else
might
say,
hey
anybody
can
write
doesn't
matter.
The
whole
idea
that
was
all
we're
saying
here
is,
as
part
of
the
registration
process
is
an
instance.
Has
the
option
to
decide
if
they
want
to
limit
who
writes
based
on?
Is
the
identity
valid
and
it's
different
than
the
identity
of?
Who
is
writing
so,
for
instance,
if
I
personally,
if
I
Steve
want
to
write,
my
identity
is
being
used
to
as
the
r
back
to
write
to
the
transparency
service.
C
So
my
point
is:
is
that
so
at
that
point,
that
e-notary
is
validating
the
canonical
signature,
not
mine,
because
mine
I've
just
got
our
back
rights
and
then
the
E
notary?
If
the
policy
is
set,
that
way
can
say:
oh
yeah,
that
canonical
signature,
that's
perfectly
fine,
go
on
and
improve
and
if
somebody
else
wants
to
leave
it
completely
open,
they
can.
H
Yeah,
okay,
well,
yeah,
I,
understand
that
and
I
basically
agree,
but
I'm.
Just
saying
that
the
that
that
the
putting
too
much
in
that
e-notary
up
front
is
gonna,
be
a
problem
in
two
ways:
number
one:
it's
a
gonna
lead
people
astray
like
dick,
is
going
to
think.
Oh
well,
then
e
notary
actually
determines
if
it's
trustworthy
and
before
it
gets
into
the
legend
and
that's
not
happening
according
to
what
I
understand,
and
so
the
e-notary
should
be
like
a
smaller
little
box.
H
If
you
will
and
then
not
everything,
just
checking
what
is
going
in
versus
being
but
yeah,
you
know:
there's
a
gatekeeping
there's
some
sort
of
a
at
least
minimal
gatekeeping
there,
because
you
have
to
be
a
you
know:
authorized
user
of
the
system
to
be
able
to
submit
something
to
it.
You
just
can't
have
any
hacker.
You
know
submitting
stuff
into
her.
It's
a
mess!
H
So
there's
yeah
there's
that,
but
then
there
could
be
another
level,
that's
all
I'm
saying
and
so
both
from
a
a
bottleneck
problem
and
also
a
conceptual
problem
where
people
think
that
that
now
everything
that
goes
in
there
is
fully
trusted
and
absolutely
true
and
that's
not
going
to
be
the
case.
Okay,
thanks.
I
So
this
is,
this
is
kind
of
loosely
related.
I
think
this
is
actually
I
think
this
is
very
much
related
to
some
of
the
stuff
that
I
was
saying
on
the
the
open,
ssf
metrics
use
case,
because
that's
really
more
around
you
know
hey
do
we
trust
that
software
and
what
I
was
trying
to
say
there
is
basically,
you
can
take
the
if
you
take
that
the
policy
portion
kind
of
the
the
number
one
item
of
you
know.
Is
there
a
gatekeeper
right
and
what
does
the
gatekeeper
care
about?
I
And
you
could
basically
just
run
out
you?
You
run
another
instance
of
skit
right,
and
so
you
say
when
I
want
to
check
something
and
I
want
to
know.
You
know
this
Fastpass
use
case
that
it
sounds
like
multiple
people
are
interested
in
this
sort
of
fast
path.
Like
can
I
trust
something
then
you
would.
You
would
basically
just
have
a
separate
instance
right.
I
E
B
B
So
please
sign
up
to
the
queue
if
you
want
to
mention
it,
so
we
have
a
little
bit
of
consistency
here.
If
that's
okay,.
E
So
the
the
issue
John
with
with
what
you
were
proposing,
gets
into
some
discussions
with
what
the
EO
and
and
the
rest
of
the
government
wants
to
do
of.
How
do
you
deal
with
cves
and
Vex
and
additional
claims
and
how
fast
they
replicate
through
the
system
as
soon
as
you
stand
up
other
instances
as
a
filtering
gate,
you
incur
some
delay
and
trying
to
work
through.
E
Those
is
something
we
have
to
discuss
through
and
conceptually,
if
you
thought
of
it
as
a
One-Shot,
stop
you,
you
created
something
and
it's
immutable
from
there
on
and
and
I'm
never
going
to
make
another
claim
that
would
work.
But
in
a
world
where
we're
saying
hey,
we
need
an
anti-malware
scan
done
every
week
or
every
two
weeks
on
your
product
and
you
can
make
Native
Claims
for
cves
and
how
those
replicate
have
to
be
thought
through
and
that's
why
I
run
into.
We
have
some
design
work
to
do.
E
On
the
other
hand,
ray
I
don't
agree
with
your
model.
If
the
notary
system
is
performant
enough,
why
you
wouldn't
want
it
as
a
gatekeeper
allowing
random
stuff
to
be
thrown
into
The,
Ledger
and
then
having
to
filter
it
after
is
seems
to
me
a
a
huge
amount
of
here's.
A
haystack
go
figure
out
what
the
hell
it
is.
That
said,
the
identity
of
jobs
the
notary
is
doing
is
also,
then
it
has
to
be
backed
up
with
the
rbac
role
right.
E
If,
if
there's
30
000
signatures
for
one
identity
and
they're,
all
different
Technologies,
then
figuring
out
that
they're
all
the
same
people,
which
is
why
I
was
getting
into
some
of
this
did
document
discussion
becomes
a
real
Uber
problem
on
the
outside,
like
what
is
the
identity
who
owns
this
content?
E
I
still
think,
there's
a
role
for
a
factory
style
model
where
the
the
cloud
does
a
lot
of
the
secure
supply
chain,
building
of
products
and
submits
the
evidence
on
behalf
of
the
product
owner,
in
which
case
then
the
identity
to
do
the
connection
to
the
skid
instance
or
the
transit
transparency
service
is
actually
the
factory,
not
the
identity.
So
it's
a
signature
of
the
content.
E
That's
coming
through
is
not
the
same
as
the
identity
used
to
authenticate
the
rbac
role
of
of
who
can
write
to
the
skid
Ledger
and
I
really
want
to
make
sure
that
we're
not
binding
ourselves
into
a
world
where
hey
the
identity
and
we
have
to
you,
know,
mask
and
impersonate
a
different
role
over
from
the
factory
for
every
right.
That
would
make
things
just
a
lot
more
complicated
I
wrote
some
of
this
in
the
the
chat
here
Ray.
E
B
Me
all
hand
it
off
to
you
guys
I
wonder
whether
we
are
drifting
away
a
little
bit
from
the
original
discussion
that
cebos
supposed
to
be
sort
of
focusing
on
which
was
architecture
document.
B
The
terminology
We
There
was
the
some
confusion
about
the
what
we
should
use
as
a
term
but
I
think
in
the
meanwhile,
we
are
often
to
like
performance
optimizations,
all
sorts
of
important,
but
are
probably
less
relevant
issues
at
this
point
in
time,
so
I
I
hope
we
could
get
back
a
little
bit
to
sort
of
like
this
earlier
stage
of
the
dominology
debate.
E
D
C
A
little
more
simplistic
we're
just
saying
what
is
number
one
when
we
refer
to
the
thing:
is
it
a
registry?
Is
it
a
transparency
service?
Is
it
a
TS
which
could
be
a
timestamp?
Is
it
you
know
that?
That's
really
all
we're
trying
to
do
on
this
particular
topic,
and
then
the
sharding
and
other
conversations
are
great
conversations
just
outside
of
the
scope
here,
unless
you
think,
for
some
reason
that
changes
we
wouldn't
use
transparency
service
would
equal
something
else.
B
Neil
is
waiting
so
long
in
the
queue
already
already
feel
bad
for
him.
So,
let's,
let's
have.
H
B
Need
to
talk
about
his
question.
First,
probably
it's
already
like
on
a
totally
different
topic.
J
Great,
thank
you
and
and
I
I
think
the
queue
is
helpful.
I
jumped
in
before
Roy
made
his
comments
I.
As
far
as
I
understand
things
so
far
agree
with
most
everything
Royce
said:
I
think
it
is
important
to
to
make
sure
that
whatever
service
we
provide
has
the
scalability
that
allows
it
to
help
manage
worldwide
Supply
chains.
J
So
you
know
thinking
about
how
fast
you
know
the
these
gating
functions
are
going
to
be
is
is
important,
so
I
just
want
to
support
that
I
want
to
support
the
notion
that
having
a
single
performant
e-notary
service,
that
really
is
only
focused
on
you
know,
is
this
identity
meeting
these
policies
to
get
something
on
there,
I'm
not
going
to
say
what
they're
saying
is
right,
I'm
just
going
to
say
that
they
have
a
right
to
say
it
in
this
particular
transparency,
log
or
whatever
the
terminology
is,
and
so
I
wanted
to
support
that,
and
then
say
that,
in
terms
of
terminology,
I'd
love
to
get
back
to
Steve's
stream
there
and
just
agree
for
now
to
come
up
with
some
terms
and
I'll
get
back
into
a
big
fight
about
what
the
final
terms
are
going
to
be,
but
really
just
get
some
terms
for
for
things
that
make
sense
so
that
we
can
just
talk
about
the
actual
flow
in
the
architecture.
H
Okay
thanks,
so
the
reason
I
think
we
are
talking
about
this
question.
You
know
so
I,
don't
think
we
diverge
from
the
question,
but
I
don't
think
this
diagram
is
right.
So
that's
why
I
think
that
it's
going
to
be
kind
of
like
a
mistake
to
try
to
be
naming
things
which
are
not
showing
what
we're
working
on.
So
what
trans?
What's
what's
shown
here
is
submitting
stuff
into
The
Ledger.
It
doesn't
show
looking
at
The,
Ledger
and
and
and
seeing
if
it's
there
now.
H
This
relates
sort
of
to
a
different
methods
of
filing
like
one
method
of
filing
you
categorize
everything
according
to
like
the
you
know,
and
you
put
stuff
on
shelves
according
to
where
they,
you
know
where
they're,
like
a
library
shells
where
you
put
things
together,
and
that
takes
a
lot
of
work
to
put
things
in
the
right
place
up
front,
but
it
makes
access
sort
of
easier
because
then
everything's
in
the
right
place
or
you
can
not
put
them
in
order
up
front
and
just
put
them
in
a
stack
and
then
act.
H
Finding
them
is
a
little
bit
more
work
now
for
computers
to
find
things
in
a
stack,
no
big
deal
they
just
they
can
keep
a
list
so
I,
don't.
This
is
not
about
the
performance
of
you
know
how
fast
things
can
run,
but
rather
do
you
do
all
the
work
up
front
before
things
get
into
The
Ledger,
or
do
you
let
things
in
easier,
Into,
The,
Ledger
and
identify
who
did
it
but
to
not
a
very
high
threshold
and
then
on
the
other
side,
which
is
not
pictured
here?
H
Is
the
transparency
service
which
actually
looks
at
The
Ledger
and
puts
things
together
and
says,
maybe
make
some
kind
of
a
conclusion
about
it?
That
is
the
thing
that
dick
wants
and
as
talks
about
in
every
single
time
and
is
not
shown,
so
you
have
stuff
going
into
The
Ledger,
but
not
coming
out
and
so
the
sorry,
so
the
transparency
service
isn't
really
even
shown
here.
I,
don't
think
because
there
would
be
a
Need
to
Be
an
Arrow
leading
out,
and
then
there
would
need
to
be
something
that
would
look
over
what's
in
the
ledger.
H
So
the
the
issue
is
that,
if,
if
you
say
we're
going
to
be
really
careful
about
what
goes
into
this
Ledger
and
everything
that
goes
in
is
already
going
to
be
fully
checked,
to
be
perfectly
good.
Now
that
in
itself,
would
you
know
satisfy
dick,
and
he
says
yeah
everything
in
there
is
I
can
call
it
now
the
trust
registry.
What
I'm
thinking
is
that
it's
going
to
be
a
little
bit.
H
At
the
same
time,
you
may
have
an
initial
like
signature
check
on
the
way
in,
and
the
initials
consistency
check
yeah
we
can
put
that
in,
but
then
a
more
lengthy
thing
that
says:
yeah
I
checked
through
the
background
of
this
this
entry
and
it
it
is
consistent,
and
that
would
be
maybe
a
different
service,
and
then
there
would
be
another
service
on
the
other
side.
That
would
let
you
look
at
The
Ledger
and
put
things
together
and
pull
things
out
at
a
higher
level
and
say:
okay,
based
on
my
policy.
H
This
is
trusted,
so
we
have
a
policy
thing
here
and
I
think
there
there
can
be
a
sort
of
a
small
policy
there,
but
then
there's
needs
to
be
another
policy
on
the
other
side,
as
things
are
pulled
out
so
fundamentally,
I
I
think
that
that
yeah
you
can.
You
can
model
something
like
this,
but
I.
Don't
think
this
is
going
to
be
enough
for
us
to
be.
H
You
know
the
concept,
transparency
service,
you're
saying
well,
where
is
that
go
that
doesn't
go
around
the
submission
that
goes
around
the
observation
of
what's
in
there
and
submit
and
letting
someone
look
at
it,
because
that's
when
you're
becoming
transparent,
think
about
what
transparency
means
so
anyway,
I
I
will
I
see
we're
getting
up
to
the
to
the
top
of
the
hour.
I
won't
just
write
that
up
a
little
bit
more,
so
people
can
read
what
I
think
thanks.
B
This
diagram
is
actually
only
on
the
issue
rather
than
in
the
document
itself,
but
I
think
what
would
be
helpful
for
moving
forward
is
not
only
the
the
post
to
the
list
by
by
Ray,
but
also,
if
folks
could
review
the
pr
I
would
send
a
reminder
to
the
mailing
list
to
have
a
look
at
it
and
to
see
whether
that's
moving
us
forward
I
think
it's
good
work
thanks
Hank
and
whoever
worked
on
it
Neil
do
you
want
to
say
some
last
words.
J
I
just
quickly
I,
you
know,
I
I,
I,
think
we're
actually
agreeing
except
on
terminology
and
I.
I
have
a
sense
that
Rey
is
misunderstanding.
What
a
transparency
service
does
I
think
a
transparency
service
or
transparency
log.
Is
this
really
low
level
underlying
thing
that
doesn't
help
dick
at
all,
except
in
the
sense
that
it?
It
provides
a
lot
of
evidence
that
I
agree
with
Ray
some
outside
service?
That
is
not
a
transparency
service.
It's
a
it's!
J
A
relying
party
policy
evaluation
thing
is
going
to
try
to
figure
out
what
it
from
its
perspective,
for
its
rules
thinks
the
truth
is
and
therefore
what
how
it
should
act
so
so
I
I,
you
know
if
somebody
else
knows
that
transparency
services
are
quite
different,
then
I'm
just
wrong.
But
anyway,
thanks
to
all.
B
Thank
you
yeah.
We
definitely
need
to
discuss
that
on
the
list
as
it
sounds,
but.
D
B
Think,
from
sort
of
following
the
discussion,
I
think
we
are
not
too
far
apart,
but
the
level
of
details
we
everyone
or
different
people
want
in
that
diagram.
It
varies
a
little
bit
but
I
think
we'll
get
there
once
we
actually
put
the
diagram
into
the
document
in
the
first
place
anyway,
I
have,
unfortunately
a
hard
stop,
and
so
we
need
to
wrap
up
here.