SCITT provides a set of components enabling Supply Chain, Integrity, Transparency and Trust. (see What Is SCITT) But what are the scenarios, projects and products that SCITT enables? This collection of docs will describe the core components of SCITT, and how it can be enabled and extended to support a breadth of use cases, enabling new and existing products and services.
As SCITT is in active design through the IETF SCITT working group, these documents aim to facilitate various design discussions, based on a set of SCITT primitives and scenarios.
The following is a list of documents we'll round out to enable discussions:
- Getting Started
- What is SCITT: a quick overview to get started
- What are Verifiable Identities: The importance of every piece of info in a supply chain to be backed by a verifiable identity
- Extending Existing Projects, Products and Services with SCITT
- Types of Claims and Evidence Supported by SCITT
- Original and Updated Claims & Evidence: How SCITT supports a continual stream of updates
- Importance of Detached Signatures, Claims and Evidence
- eNotary & Policy: The role of the eNotary and ingestion policy
- Scenarios SCITT Enables
- Canonical Customer Scenarios: Wabbit Networks and ACME Rockets
- Software Workflow
- Building and Consuming Dependencies
- Building Apps
- SBOM: Evidence, initiated at creation time
- Promoting from Dev, Test to Production
- Publishing Updates: how to communicate a new version is available, and does it supersede a previous version?
- Revocation: Claims that are continual updated as info of the product is learned.
- Hardware Scenarios
- Fuel Pump Certification: hardware scenario where multiple instances of a product (the serial number) have individual claims and evidence
- Design Discussions: Areas for us drill in, to enable the above scenarios
- Claims and Endorsement Format: Discussion why SCITT needs a simplified format for the claims, with links to the evidence
- One or Many Instances of SCITT: design goals and philosophy
- RBAC: How SCITT enables limited access
- Indexing Content Types: How SCITT is extensible to enable new, evolving content types