**Session Date/Time:** 21 Mar 2024 23:30

# scitt

## Summary

This meeting covered updates on the SCITT architecture, use cases, and scrappy API. Discussions revolved around document status, terminology clarification, identity management, and interoperability with other transparency initiatives. The hackathon results were presented, and next steps included reviews, last calls, and potential interoperability testing.

## Key Discussion Points

*   **SCITT Goals:** Reinforcing the goals of supply chain integrity, transparency, and trust through interoperable building blocks. Key components include identity, artifacts, and statements.
*   **Cozy Receipts Dependency:** SCITT architecture has a normative dependency on Cozy receipts. Need for reviews for consistency proofs within Cozy receipts.
*   **Terminology Simplification:** Clarifying terminology like "verifier" and "relying party" to align with existing definitions in similar contexts, particularly NIST definitions.
*   **Issuer and Subject:** Addressing the ongoing discussion around issuer and subject relationships and identifier usage in signed artifacts. The pairing of issuer and subject is now mandatory.
*   **Use Case Document:** Discussing the value and potential future of the use case document, with potential extraction of key examples for inclusion in other documents.
*   **Scrappy API:** Overview of the Scrappy API, including mandatory and optional endpoints for posting signed statements, getting receipts, and identity management.
*   **Security Considerations:** The importance of clear security considerations and 0 trust implementations, including signing on the client and optional transparency service signing.
*   **Test Suites and Interoperability:** How to best test the scrappy API including thoughts about running test suites.
*   **Remote Signing and Threat Models:** remote signing is an important component but it's not a universal solution to signing binaries
*   **Election Integrity Use Case:** Presentation on using SCITT for election integrity, including securing ballot images with private keys within scanners.

## Decisions and Action Items

*   **Action Item:** Authors to provide a new version of the architecture document (draft-07) in approximately two weeks (+Easter Holiday)
*   **Action Item:** Call for reviews on architecture document after draft-07 is available.
*   **Decision:** Focus on developing and testing Scrappy to test its interoperability.
*   **Decision:** Use case document publication status is still undecided.

## Next Steps

*   Authors to release draft-07 of the architecture document.
*   Chairs to initiate a last call for the architecture document after draft-07 is available.
*   Coordinate with cozy chairs to verify the status of their receipts draft.
*   Reviews to be provided on the architecture document.
*   Consider forming or engaging with open source communities that can help develop and support test tooling for SCITT.
*   Explore opportunities for interoperability testing with other transparency initiatives (e.g., lite logs, certificate transparency).