IETF Logo Mail Archive

Re: [SCITT] [EXT]Re: Endor: A SCITT PoC for W3C Verifiable Credentials

"Hart, Charlie" <charlie.hart@hal.hitachi.com> Wed, 03 August 2022 15:59 UTC

Return-Path: <charlie.hart@hal.hitachi.com>
X-Original-To: scitt@ietfa.amsl.com
Delivered-To: scitt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 24BD4C15A73D for <scitt@ietfa.amsl.com>; Wed, 3 Aug 2022 08:59:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.905
X-Spam-Level:
X-Spam-Status: No, score=-1.905 tagged_above=-999 required=5 tests=[AC_DIV_BONANZA=0.001, BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wzV_NVOcrSGv for <scitt@ietfa.amsl.com>; Wed, 3 Aug 2022 08:59:42 -0700 (PDT)
Received: from esa.hc514-86.ap.iphmx.com (esa.hc514-86.ap.iphmx.com [139.138.45.249]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 14468C157B41 for <scitt@ietf.org>; Wed, 3 Aug 2022 08:59:41 -0700 (PDT)
IronPort-SDR: m44QG3pwA+UyMoL6Vlanma7IVI0Nv9kZaPjUDIvnfn038+hy1Brpg471g/B9A1gLaZJPWNmYaf bDx/Tj98HCs3f6DoE6YTh1vcvkrKLjoLQlWTdmLJOyumuNUytJskJsu/kkvQfc/t21vpcdpdGF gvWuu7AEbR89oFZMvbiAcdb5edVIBIV48wKaVumiUzS33kKg0qXwtnCLe0Dl12ZjUtF9Zh0oWs XXegM2/W6JoIa66MNj/7ZMfZZT8ME+vVNn2yQ+YkJwz8aKNQ7IsD8txv0i9qny1PCF8y5ZABAL x1A=
X-IronPort-AV: E=Sophos;i="5.93,214,1654560000"; d="png'150?scan'150,208,217,150";a="130386886"
Received: from mail-tycjpn01lp2176.outbound.protection.outlook.com (HELO JPN01-TYC-obe.outbound.protection.outlook.com) ([104.47.23.176]) by ob1.hc514-86.ap.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Aug 2022 15:59:38 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fFUSxTaIYurJh2SLgVSPlf9+dxHNz4IGWz+aq7SL/2cLTOQ5yn7ILRM+8tRSNyA8eQKiUjHlq2pIS1r9rP6rCgOpGNk9c675jlr2rSAMvd9AikQok2ppkgjzuzTwSjYo0s13OaI6Gx5JsNfuhqnm5D/wkeT6i7EOechadsWuuMGXo/ptyU8aAQgDO7x8PnmamxCoocmCJTQk7Alrbuid6ouHg9Ca5FT9E15hJjwuzkdaH/2XA/Dk7pLgl7CZ7gjZ2CjncDRoQf2Qpj/aC0hrn/DtVy5KRB5sh2Y7iWjBWEkRBfMGikCvrciZncmpkF8QfqczzbYYCJwkR1LLrWmIlA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=BYU4/3HR7P8QB05qmfcFr67pvCRap/RYgp27SS+Rl8Q=; b=Mk+HnFDYMRlIvn8VqB2zt9l/d0tIQ/8yWnbql4xU7cqGFcItAJcfojBGGoJ3Y5LJH0featyBMxZerYG+s6i5Iz/AJWrZpuVi3WJiQUv7r0xrHHomowvYR70RaN/Roj4Vo1qv+c9xKcOXBS3no8N/PVEF1tiX+zxPkCYRa1YKtHbdC/ygF2g+dyDYoKFki6zzf1g6g/hp90c2srXp9UWC7AQ8+6u1ndyDlXGP9N2xSWAYFedS/OUjignVqzFm62Uv7a/XLIQWcHFVumPvcRa6f9vy+Wdm/WvYbfnfM/Hxkr/+qedSxyhH4ZtKhe34rZcUHaMwfTqOUQABPLuzeVuTjw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=hal.hitachi.com; dmarc=pass action=none header.from=hal.hitachi.com; dkim=pass header.d=hal.hitachi.com; arc=none
Received: from OS3PR01MB7527.jpnprd01.prod.outlook.com (2603:1096:604:14d::11) by OS3PR01MB5752.jpnprd01.prod.outlook.com (2603:1096:604:c6::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5504.14; Wed, 3 Aug 2022 15:59:36 +0000
Received: from OS3PR01MB7527.jpnprd01.prod.outlook.com ([fe80::1d32:1f65:2fde:7234]) by OS3PR01MB7527.jpnprd01.prod.outlook.com ([fe80::1d32:1f65:2fde:7234%7]) with mapi id 15.20.5482.016; Wed, 3 Aug 2022 15:59:36 +0000
From: "Hart, Charlie" <charlie.hart@hal.hitachi.com>
To: 'Orie Steele' <orie@transmute.industries>, "dick@reliableenergyanalytics.com" <dick@reliableenergyanalytics.com>
CC: 'Steve Lasker' <Steve.Lasker=40microsoft.com@dmarc.ietf.org>, "scitt@ietf.org" <scitt@ietf.org>
Thread-Topic: [SCITT] [EXT]Re: Endor: A SCITT PoC for W3C Verifiable Credentials
Thread-Index: AQHYp1IHtIiqGQvIB0OZ1FbpApQWNg==
Date: Wed, 03 Aug 2022 15:59:36 +0000
Message-ID: <OS3PR01MB75272702BC43C5DA50A57081D19C9@OS3PR01MB7527.jpnprd01.prod.outlook.com>
References: <CAN8C-_K-w5QQqrZDS9VH2-gzOO9e+HS8b9nGvG+ZBjJ-PM-MCw@mail.gmail.com> <LV2PR21MB3350154C13FA8A6F9D940FA79C9C9@LV2PR21MB3350.namprd21.prod.outlook.com> <13e501d8a738$1b277ed0$51767c70$@reliableenergyanalytics.com> <CAN8C-_JvDwS4CTBJMm9YN8jdXnLATPg0j3xO5BFs+yraWZc2Yg@mail.gmail.com> <144801d8a73c$adb8dec0$092a9c40$@reliableenergyanalytics.com> <OS3PR01MB75270FA0BFF65C76B2AD2D58D19C9@OS3PR01MB7527.jpnprd01.prod.outlook.com>
In-Reply-To: <OS3PR01MB75270FA0BFF65C76B2AD2D58D19C9@OS3PR01MB7527.jpnprd01.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
msip_labels:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=hal.hitachi.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: b0ac51c4-9315-420c-25c9-08da75692a13
x-ms-traffictypediagnostic: OS3PR01MB5752:EE_
x-outbound-auth: hmi5pk8xKUiLsPJx
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: FGbyk4itoNcXqPbW7nVuZ0lVD76Kz3rAWL2xYaWhujl1giBP4zSAFolZxmIL1ZhkXEAQmtjvMeNxDQwmpghsX9nTBPmpfN66q9eXpDGwGc8Da3vjesKOj8NtF1nI5IaWZN8OAtlgkszgaR45/8lOCRfQdfqpyTuUR0ddAIHLyZzZbqOry7HZmST0Xt5fMio10x4c4a/xEeLNuI7d2OZJ72GW35OwEujcC0i/rqEKHyI0K9V13+KVFfiJ2UV7oNojTKbBjkVLn1Jz9vc6FS3V/89Xm8AzJhw+G5zIpqfJC/zlVHNPPqu7r+rcLlIqcuyC+1GVg1biqOQDhHYErxj4xy+V1MD0gRTbGnza8igEZRVjqMAmGmuWJsqS90EfWkLdqDMPlEPSuuOyTxKcdfGUP35R+iIowZ5peRPMTBi9ts4yB4f2G1d492jCUtX85DxvBM6ZWJmgG1wd6gYhtWCcR1s37KS1XsIM1QXIAEUqBLJ9yckxi5FWgYddZ0pqyfXC74zv+WJ+yLu+zIK5lQHKphVMaTNwA66jtceVsiKQr90do2OekQ/Gq0Nbb/iyeyzBq0aN8s/++DZhvGlzvNAe312W5nNVCooUeoCdavxP5eh4HFTIooNQg1yebXenMrWCFwU0kJ13E3A79EMtFgkFAvppogD3MVIOVVMgbbX/kogbvZmBeQlzf6xj5g7pwuEHEdhz/a4llUHcBmd14RNcTCF0e8VZhCpOr6dEFmZcyBgbPjkN9XQAE+wV8r63Fs0PA7vnHhbSH8OlZTCrbILud9LMqRI22BQUVMT+REV3uqCS4rTqLmTLxEC+3SVaNsYU5fjw6ZYObiExswWG5vi6UA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:OS3PR01MB7527.jpnprd01.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(366004)(346002)(376002)(39860400002)(396003)(136003)(966005)(71200400001)(478600001)(110136005)(54906003)(9686003)(55016003)(41300700001)(19627405001)(316002)(7696005)(6506007)(2940100002)(26005)(53546011)(33656002)(83380400001)(40140700001)(186003)(2906002)(166002)(82960400001)(38070700005)(91956017)(66556008)(76116006)(66946007)(66476007)(64756008)(4326008)(86362001)(8676002)(66446008)(122000001)(8936002)(5660300002)(52536014)(99936003)(38100700002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: ReKP/XLss32qG9ChPD8X2XK5raT9FAPO4a/cZr3dhU5b17tx4Rk3wyldodihZ8n911NQTEWX7M1Xc2Y4rGYGmJA16/dIbTLjzEvsYK5qPTcqI3hNYhyUwceCWZF+mixnlot83NQjzZ8hCo/Q3CYxBUPzhZUXmEjQTYApSflr4tgSBm/YHuIlRAu4msWEeYm7Wmw8bXzkkvKzNdAAJ9iQLCT4kWJ1DFmMDR/Ci/3vjXvwGenuulBzb6YrSAnzWHgYu4sZV1XurCzCq3AcTeZVtJKPzkP1xtNverNlVGA5U4JXHrLcp8ZN42/ePrtmzCu+SWOrENCkWgqXNulhTjIdcqkWNdWLuqjllsxn3g3jK5etACrmQeFbNTp4NRfDwlzyuT+F6VdT4Hc/9IO8F9KwEwI1Q7467HnaDdUv4vxc9z7/QqgMMqrXORllqoVCYpHPez5+PctUwUuhDlzOkTF6jiQgnWeBXJr1piORK2Igmk2doS02nt0WFbsUuY07XzoqIDsQuVsfoDin2sxh5ZruGkg8Jg4j5aikPcpRt3hj7ZQU3WM+knm237S9HYNVOjPzT4bHaLlr7XP7HxTC6eNfv98eKhTpMURzgWcZOr4wHPvOus19WXBmfZov7aWpD1cHQFhuT0rJ0buqxtcaCHX6TOZ3Dl6dcUn2Sf7Lvrla0ZWWOCK0KCmaREnOvZ9C/Z41RmYxSyLRi0lyNa+prfNyawS5bQKLkqN1EtWU38OD6QO+T+byNQ7uFK+Zl9o+QNZ8WbnE2cX3ypxCCJyFNGxn6quEmePDjT8KU0muLmt5UzR/jYtAdWBYUo4EGDatxBKHQnYexM7klA8LN3wdMI/Ha+xoxZi++vR/NYOC5r6jMJxSZIdYZYjvKlnmq+pV87m1phmG8mM9Lb45UNRMlemmwSUevTIzKWAQaqEhMKWzLNmZQ6TjBRycCaNwSfekwA7Gv2zdDZsw/HuYNg8oQ9+adDYwxJhe8SN22ROJf98iAWT9/lOKUcEL8p2mBvQDXOmp/fce6Yw0pIsFPgSNaSVUD+nebIFE7OwwASQILGQL6ALckVh6HnqpLJ6auOr02ZjzhrCaAZ41j5vBLHaNKdQA8Xt49oHHUIp6miM/U8LhxF4dplf+2Fx2h/Ub9NMrdcmrsDDTw2V8BkqGfmR+GM7vy5UPaODJwUuDyPoVoZNCn0rU5hQrzN4TycIPgB2/Nlp2fFg6r1YlCGU5KLK0pKO0voCWFlWd0e3EnlgZ4myYLz4/ZgWVjj0Nwl3A+7G91iPtaYn9uc6VtgCRVjpZFxNqWQFvUyWgI4hWF0AYQaEiT3gPYi9PK3JJa1T890Im4f/ORwsE+prWFKvCZ4BbYquER9pRT1xQ6MzpMKpYNRXuYAC8ysxKa47xoqXi0y46tik8a0WktBNSe3A/lcSiON3tgAf7QZHne/oQ/AnspWIa9f+OvD2OYQWpXyTEBwjuap5Vi/gT9TjWDhE+1/bxeuecG9tJTtS24UUEgWBLlZsKf8LFeKQcOpP36OZwO+Lv3ue4b6fm7hHEg05jehm6I7YhaXP59gXc1BeCTwfWaeeK33kwgvW12V4TU6SXshcQwvDmR1t08v23deYLkx+PvS200w==
Content-Type: multipart/related; boundary="_005_OS3PR01MB75272702BC43C5DA50A57081D19C9OS3PR01MB7527jpnp_"; type="multipart/alternative"
MIME-Version: 1.0
X-OriginatorOrg: hal.hitachi.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: OS3PR01MB7527.jpnprd01.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b0ac51c4-9315-420c-25c9-08da75692a13
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Aug 2022 15:59:36.4103 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f54277c9-dafe-44aa-85a4-73d5c7c52450
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: VnGPFIa4fE8WnhkcLhR9BvX5lkVCTyPls5WGEWTHln0qC8oeQyEE3knVy8Xu6c10ztWV/OQItXjaj0hLAIBm9zANaou4PtznOPT02NLNp5M=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: OS3PR01MB5752
Archived-At: <https://mailarchive.ietf.org/arch/msg/scitt/cF6Krn6vjV1ZVGH6opjsbAiwruM>
Subject: Re: [SCITT] [EXT]Re: Endor: A SCITT PoC for W3C Verifiable Credentials
X-BeenThere: scitt@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Supply Chain Integrity, Transparency, and Trust" <scitt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scitt>, <mailto:scitt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scitt/>
List-Post: <mailto:scitt@ietf.org>
List-Help: <mailto:scitt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scitt>, <mailto:scitt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Aug 2022 15:59:47 -0000

(Side comment: I see that OATI is not a recognized root certificate authority by Mozilla or Apple - didn't check others - so the website is therefore inaccessible without relaxing security.)

________________________________
From: SCITT <scitt-bounces@ietf.org> on behalf of Hart, Charlie <charlie.hart@hal.hitachi.com>
Sent: Wednesday, August 3, 2022 11:48 AM
To: 'Orie Steele' <orie@transmute.industries>; dick@reliableenergyanalytics.com <dick@reliableenergyanalytics.com>
Cc: 'Steve Lasker' <Steve.Lasker=40microsoft.com@dmarc.ietf.org>; scitt@ietf.org <scitt@ietf.org>
Subject: Re: [SCITT] [EXT]Re: Endor: A SCITT PoC for W3C Verifiable Credentials

Thanks Dick. That is really helpful for SCITT a lot of related projects I am working on.

Charlie
________________________________
From: SCITT <scitt-bounces@ietf.org> on behalf of Dick Brooks <dick@reliableenergyanalytics.com>
Sent: Wednesday, August 3, 2022 9:26 AM
To: 'Orie Steele' <orie@transmute.industries>
Cc: 'Steve Lasker' <Steve.Lasker=40microsoft.com@dmarc.ietf.org>; scitt@ietf.org <scitt@ietf.org>
Subject: [EXT]Re: [SCITT] Endor: A SCITT PoC for W3C Verifiable Credentials


Orie,



Here is a high-level overview of the authentication mechanism and tracking used today for OASIS, inter-tie electricity scheduling.



Everything starts with the NAESB registry (EIR); https://www.naesb.org/pdf4/webregistry_mo_registration_quick_ref_guide_v1.0_0417.pdf<https://secure-web.cisco.com/1IukwuhEQqregcVfBu_YTf7qloyu0S9CLEMvuw998GuhDfEFcipDth2Xtizyt11QWJE_rg9tKWNdFy9sR6AYzFs5C9RVZkYIdTyO90iI560dk7KjlRPsssiji4ni2uFgQoviKwbEitz9W0A-Jkx8qlZ-bf02dT2GpXl7-qqNgMCReV-n9bPYr7-gF7wRDuDdEpNTctYLkQFh_ODy3F4KcLc2yzJA66rSl-AObqSJo6LSNwG5QHs27-jxMPvsyvzy25FLEf6Q2NCVCA80ajyeRx-DLlAeVOtx8sKKHCAdqS60vvgk6XONNeacK9KVifmF7/https%3A%2F%2Fwww.naesb.org%2Fpdf4%2Fwebregistry_mo_registration_quick_ref_guide_v1.0_0417.pdf>



Entities involved in inter-tie electricity transactions must register with NAESB’s EIR, see link above.

The registration process requires a party to obtain a NAESB compliant X.509 certificate from an accredited certificate authority (ACA); https://www.naesb.org/pdf4/ac_authorities_2022.pdf<https://secure-web.cisco.com/1T_py857nSLdfkwTRZ1F7IUeOLa0Mr0av8bfeuUJwVfOrnlR9B8EzOzxv92Uz4iu2yhDeR4WKL_eKK39aC0HZNHbI0L6S2ynYyf3MIqoWrhcKic931Qc8ha00DiNeKcev3mIQGWSdmm3oQWFZZeYhZ_XBpcojw3HL66SqprENJXYRuXx_69m7-vIbXr6m_muJ25A0-WOODvl0ZvSKLB5bCCNQHy8CETUnFlhi7KK4XlPGw6ngc0NPELIFd66qeSsonDSqajtS6_XsVDeQZ9afWewRkWRR2CS3RPxKELdvgtWbTLdNUMEo_OVauUoZUAaf/https%3A%2F%2Fwww.naesb.org%2Fpdf4%2Fac_authorities_2022.pdf>



Entities use their digital certificates for identification in OASIS; https://www.naesbwry.oati.com/NAESBWRY/sys-index.wml<https://secure-web.cisco.com/1K2p4qEguxjMHN9-wdAstRzAre5VeA0Zed0mvgfndElWXB3ORaiJPQc8AT7JJNrTMjapfMno_fFQCf0Y62gyPgnjQbEmdVMFYieaur2q043F0tN564aUJcAdmTBs4wbQV9V3zBPE-_4E3LKMveTRd4EEA3R0FVZKKh4vLBs4hzSu8wqJmm85OMK7l0hlniB0BYAgK4rRAKxGyo9m2gQbGh64ogBMsxFwFgbsiArp0Y6fdpXW0-RGp2kcNruYE4OtklUzkSHLHYNwG_4xj3QZVT0CcrM1parwb_zHxkQwcXBjyXQwqawaXGq5azf6Ymysk/https%3A%2F%2Fwww.naesbwry.oati.com%2FNAESBWRY%2Fsys-index.wml>



Inter-tie transactions are scheduled and tracked, using an E-TAG; https://en.wikipedia.org/wiki/NERC_Tag<https://secure-web.cisco.com/1jg0PAl4xaAUqdpMj0XlwOYUgtyWJ8AEDByMI06i_FhGx7hBsVedp3De0cfsLDJrOWQk0OpLsHA-LZhek33mGBHnd1yGGQeO7gyBdmpJ8iJUh1jEMhZRFRhVJl0de4TxzOc-JCGbVPgYXa-8-oyvGUdvqCL1u0riyE5i35ZXxhgFrK5jS167ftdpGerze8DpFzv01q-lfBzQY3KxMikI7Aq599QaeahZrP9NaHPsunaoGrxrKD2WGOgLGAbiIogZvwqD6F-rbN2lIbrdeJZSVYw42P3L69rJ7XlgeaYjhgkVyPIJ1HC1whjq-NLkd-N0k/https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FNERC_Tag>



E-TAG’s are used to “connect the dots” and settle transactions that flow across Balancing Authroities.



Hope this helps.



Thanks,



Dick Brooks

[cid:image001.png@01D8A719.8E73E2D0]  [cid:image003.png@01D8A71B.24F12A50]

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership



Never trust software, always verify and report!<https://secure-web.cisco.com/1uy0clDWHgs8Om4IdyHuQzeSluoA8y61U3xQt6svGk4U9mgvOzG2j87xdGPNZwfL_6NeZLyvs2RtDXbQkJ-uy5FySOKYDraC9BCS46sTnuZZuNABtffYE50uYM3Wm6rGdSXPbIPyLIo1S9U5eKgRY62SvXzyvZStiEIy-g4zrHrqiwoZ4G2AfwJHqEMJbnR-Z8wwwLfANn8naHWq7IhHtieZojGBeisJx2LyDGehov7fBpcHgRQuNF-I-Idh5jB6CnEp4puLs01qMMVa-dVd11j8FHVTLpLcooV6gqqaabRENW_QqNKXvWegEhvV1Ow4u/https%3A%2F%2Freliableenergyanalytics.com%2Fproducts>http://www.reliableenergyanalytics.com<http://secure-web.cisco.com/1GaJ6l5AOFj6kxiBsMksWncl4vuiZ-pUmsWTXCh5o60xFuI9fXHdmN1JPI17VWNKtRAJykdCd5QOfGdmalJsZes_8gztMRvB-TvoYWb6WOAm14Usouk0VNKr4H31T9BT5T0w1SnOo7YCh-3jVo0P2A80_8zELCxl4Ngnjzy7TfQm5dwNV_k8eKhiVi6wwvKSudLmuLC5ig0f-n4vQfqd3zlefh4egnP1zyrbhWoo50tuzH3ceMULrOjDHUs9QVKGe8Q74awwW_o1b6KYbqOP7Z8sQrpBMjf_ClYd-WXRlq6NNIXX0Ncd2niPfogZIcU6Y/http%3A%2F%2Fwww.reliableenergyanalytics.com%2F>

Email: dick@reliableenergyanalytics.com<mailto:dick@reliableenergyanalytics.com>

Tel: +1 978-696-1788



From: Orie Steele <orie@transmute.industries>
Sent: Wednesday, August 3, 2022 9:09 AM
To: dick <dick@reliableenergyanalytics.com>
Cc: Steve Lasker <Steve.Lasker=40microsoft.com@dmarc.ietf.org>; scitt@ietf.org
Subject: Re: [SCITT] Endor: A SCITT PoC for W3C Verifiable Credentials



Thanks!



I am interested in applying Verifiable Credentials to energy use cases, even if we don't have customers in that sector today.

The calls are open (https://github.com/w3c-ccg/traceability-vocab#meetings<https://secure-web.cisco.com/1HgK84MRR4bzXYAE7Niaeb8pYlkoyIfmiR0g4Dwj3DQJAh8OlSJW5p7TckF_9U5dHGeGuxJhuDgslYxAZNOsxcRUvIxstDWa3DOjtKeNjD-_Hps6IsgjIJjvkoJM6z6RXWAtxjfWtD3HV63XpkV_CEsvexRY-o5lFOUDFBoLvOST5pm3bbQJt3vdY1-67GIT9kXmrMYnnWWXvjuDcZkNODE1fmxIV1SYT7tQT9JveadGh5Z92HkOF2nqx92HaLeF53pxMJ1kYS8DiFQiewlQiLm9iNH3U9ZkX9n0d4hCRmD8Sp062hKxDB9F-2b8UFejS/https%3A%2F%2Fgithub.com%2Fw3c-ccg%2Ftraceability-vocab%23meetings>), but fair warning that most of the work happens on github async, and we usually just process issues and PRs during call time.

There are also aspects of Verifiable Credentials that I believe are relevant to the structure of endorsements / receipts:

The concept of "evidence":

- https://www.w3.org/TR/vc-data-model/#evidence<https://secure-web.cisco.com/1q-6jNVM6JiTVpXBQDNrSw3REGqFIliEx86xQ3m1hKtfX38eVvCRSGYTej4K2SK8mdFcn2JqBZgNoMPS_rcXVBpyF1l5PmPOoFcCN-jmLI5CobgwDRSgnNTCovBIYUYq-zsaSmiiEAjGR8kgswrCi8csy-ZzBotSGM-M-GgM63-EeON2WUp7tplgZcM0drfvbvSkPmJNyhQ7IVz_JWZxPH45UgBXDwg3rEsIvPQjU2jV8dtlLOSr9PG4zRhRFcn9AsvFV6OrKVwmbgHSCHZuRW-k3T397qO__A7xJXOWprvooFuCc9y3ROkMuPUf12DNw/https%3A%2F%2Fwww.w3.org%2FTR%2Fvc-data-model%2F%23evidence>
- https://datatracker.ietf.org/doc/html/draft-ietf-cose-countersign#section-3.1<https://secure-web.cisco.com/13CILjI0celZHQgVsa-DDsoLq4Y6By6DHs7W3LY0H0AaoPvolfKPwURAqZMWPsqbcYMf_kWUKJ-sA8NLPu8wziluBz0l68B1CFniaOfUMqbMnF6C6XI8csVpayR5nSduP0DzdtYVrex3bRpGSYyBCgbFgdA9HbqgX48TPfCCsHHqaKMfCgJpqP1qqkn_Rvw8fRnwCncrbvhrPVrZR2672B85djLFYzQp6QkfNZLX2m7CyYa7EPkxXYtqpqrgKQ86Yl61tsyZjFCIlMY3qaHk_-T7iJ8rYjvtEwV0uGSDPKFXIQ-beS1aVt3d7utZHCYYa/https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-cose-countersign%23section-3.1>
- https://datatracker.ietf.org/doc/html/rfc4998<https://secure-web.cisco.com/17DAGq2foFEYXkhjzWI_n3yyo-dU8HMigJwlon4x4SGlq2nwnPypo_SZZqn_HVrT0rymuTwcEF4muUKWKqsOGLkvOVa-LFd_al2zZ_lLftgtmhzFQhRFS7caOQJT0nf29VQs3woHnI7EoIfq1qF_87Py293jXAOIKL085OwcNuJbugCi46HG7Aoa0iPHiyavETuibYIlyB9E0dX9ck-eC39YMnZLGZAbf_U_zNKqeI-AYJbaKiKSYOMap89Xfp9wsrscC0zBwrQyJbQeJeX0W6bmWhWAyUuBgeHltrwzsA_eV6OT02qMLpg525iRIanpK/https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc4998>



As one example.

I am hopeful that the next version of the Verifiable Credentials specification can point more directly to IETF RFCs to make its arguments,
even if the json data model can't be updated to support CBOR / COSE as a first class citizen this round.
Perhaps the next charter for that WG might support this better, if we pave the way with examples.

Regards,

OS



On Wed, Aug 3, 2022, 7:54 AM Dick Brooks <dick@reliableenergyanalytics.com<mailto:dick@reliableenergyanalytics.com>> wrote:

I agree. This paper by Orie, Michael, Brian and Mahmoud is very useful as guide for terminology and semantics.



I can provide the authors with a description of how we track electricity transactions for inter-tie scheduling, called OASIS a NAESB standard, if interested.



Thanks,



Dick Brooks



Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership



Never trust software, always verify and report!<https://secure-web.cisco.com/1uy0clDWHgs8Om4IdyHuQzeSluoA8y61U3xQt6svGk4U9mgvOzG2j87xdGPNZwfL_6NeZLyvs2RtDXbQkJ-uy5FySOKYDraC9BCS46sTnuZZuNABtffYE50uYM3Wm6rGdSXPbIPyLIo1S9U5eKgRY62SvXzyvZStiEIy-g4zrHrqiwoZ4G2AfwJHqEMJbnR-Z8wwwLfANn8naHWq7IhHtieZojGBeisJx2LyDGehov7fBpcHgRQuNF-I-Idh5jB6CnEp4puLs01qMMVa-dVd11j8FHVTLpLcooV6gqqaabRENW_QqNKXvWegEhvV1Ow4u/https%3A%2F%2Freliableenergyanalytics.com%2Fproducts>http://www.reliableenergyanalytics.com<http://secure-web.cisco.com/1GaJ6l5AOFj6kxiBsMksWncl4vuiZ-pUmsWTXCh5o60xFuI9fXHdmN1JPI17VWNKtRAJykdCd5QOfGdmalJsZes_8gztMRvB-TvoYWb6WOAm14Usouk0VNKr4H31T9BT5T0w1SnOo7YCh-3jVo0P2A80_8zELCxl4Ngnjzy7TfQm5dwNV_k8eKhiVi6wwvKSudLmuLC5ig0f-n4vQfqd3zlefh4egnP1zyrbhWoo50tuzH3ceMULrOjDHUs9QVKGe8Q74awwW_o1b6KYbqOP7Z8sQrpBMjf_ClYd-WXRlq6NNIXX0Ncd2niPfogZIcU6Y/http%3A%2F%2Fwww.reliableenergyanalytics.com%2F>

Email: dick@reliableenergyanalytics.com<mailto:dick@reliableenergyanalytics.com>

Tel: +1 978-696-1788



From: SCITT <scitt-bounces@ietf.org<mailto:scitt-bounces@ietf.org>> On Behalf Of Steve Lasker
Sent: Tuesday, August 2, 2022 8:21 PM
To: Orie Steele <orie@transmute.industries<mailto:orie@transmute.industries>>; scitt@ietf.org<mailto:scitt@ietf.org>
Subject: Re: [SCITT] Endor: A SCITT PoC for W3C Verifiable Credentials



Very cool, Orie.

Love the sandbox experiments





From: SCITT <scitt-bounces@ietf.org<mailto:scitt-bounces@ietf.org>> On Behalf Of Orie Steele
Sent: Saturday, July 30, 2022 2:08 PM
To: scitt@ietf.org<mailto:scitt@ietf.org>
Subject: [SCITT] Endor: A SCITT PoC for W3C Verifiable Credentials



I made this today:

https://github.com/OR13/endor<https://secure-web.cisco.com/1JdHGvnoZNb-fsV-unMzNkw21OKT7rRYo5H60Wa4K-Q4p7fB8jPlLTjzltfaxYOFnI68iv9RdZu4eeZzCvslBoPZThRfqgjbkIpAc_QAmXII8wXvclTmJp1PwWBck7W8vUKCgPgTPKwAgR4azwJsBLeLGe7E_NyiTmvg20gtS7omF01B7xzwXNs2jk4HRv9cwHQUOknpcyXaDoXN69mDdag7A6KlfSI3EnnlDQtYrlaKovDQmzajAmTkxfuCfWTP_pf0IHh1ylWT3YFkVxRBNLDyDNrCvdIUdSvpseyxcBy2VV7YxaRLm7g0FGZCbhIv6/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fgithub.com%252FOR13%252Fendor%26data%3D05%257C01%257CSteve.Lasker%2540microsoft.com%257C79cb3d326bec41bf51ac08da726fb0f1%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C637948121310174010%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C3000%257C%257C%257C%26sdata%3DGdRRD0aMpzOJQIcqCyhajcz2NXRZH4irlRR31FFausk%253D%26reserved%3D0>

As it says in the readme, this is just a toy example I made up to experiment with.

The nice thing about endorsing W3C Verifiable Credentials is that they are already an abstraction that applies to "non software supply chain" use cases...

For example, we model cyber physical supply chain flows using them:

https://w3id.org/eability<https://secure-web.cisco.com/12vv3ms4fQAlyFEE4k1zPXuwNVQhbw5JZJG1gBL6pcqttkVpsiI3zrO00D8muCuDxuryJz9JNlTjNav5jhFZwmrDOzf2g002uvnOa4j5zplIUKqg9fIr9y-JZ4w5q4mXJXza6z62EHNy6BzBsjPIluYavv0fR109auX6z1titrQhnW1fmk_usfbPqwJgY780ZABU5QTV12sZSiHaInC4MzZokObYCrnulteZlYaIml9emeQtOkK5mYExh0HK13aas-6VpgxE3PbRyBO3h9W_wUt3BpoaWT0QrjMaAM3NSTsiDsayitR5Pm48JR4E_wr_U/https%3A%2F%2Fw3id.org%2Feability>

There are a number of organizations looking at oil and gas, steel, ecommerce, and agriculture supply chains.

Often they will share some common trade documents such as Bills of Lading or Commercial Invoices.

These are examples of "SCITT Artifact Types" which you might expect to see across various distinct supply chain use cases.

However, as is the case with Oil and Gas needing to account for fluid dynamics, and software needing to account for compilers, build servers and various source files, there are cases where you may need to model components of a supply chain with Verifiable Credentials that are highly specific to the use case.

If you can tolerate modeling in RDF, W3C Verifiable Credentials come with a built in abstract data model that integrates well with existing industry ontologies such as:

- https://www.ebi.ac.uk/chebi/<https://secure-web.cisco.com/1xFJzJsWalPbOckWorQVNuB3cCxcqr_4Pnqdh8BSqQrkm5N_-bHyC7w5_vXmkyt3-yiVfIj2Taw61Ngm4aT3AjD2Qv9jcxLAp632sCb0f7Z5opQ1IopQYFh035H3GJnum5M15fE7-kYGBh8eU24y4DJKQAGfZ6-2bMGAFBVdqq-7OCluOKHpJ7klc1xO775JEUod25j8sSRq32VCH023VBaqj9QgsfC-48IxN6LcJbg6jK3GgYWuUW9etiMl5z6YA0zskfxChMC6yEEFi8jPu3jPIy1SKm5Zu3HDbk7_-aS_gzJ-Kg45rGJrtq0L6Yh9Y/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fwww.ebi.ac.uk%252Fchebi%252F%26data%3D05%257C01%257CSteve.Lasker%2540microsoft.com%257C79cb3d326bec41bf51ac08da726fb0f1%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C637948121310174010%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C3000%257C%257C%257C%26sdata%3DbXykuDkWeLmveTLjWO5zepwu20MQ5H8LIcQJyCaKN%252BM%253D%26reserved%3D0>
- https://qudt.org/<https://secure-web.cisco.com/1wTZmUTRG0X-fSLt6dzZoQCNorRuSvOgI2Zkd9g1PT-Iict4ikGg0GMZvBAIgZsC1maaOAyMgHegWdFG3dXEcQrYKnrjpiOl7OWCtiRGcjVJC4W7PiyfkrkoEDMc-WVzXjqIc3RTjhCVEO2Hy1KcH5Xg8lqTshdNo9NGPllnHT63UctpLAAQ4N8tGBMfu3q7YUicxI0zcgap8yD60I8HL33SfI2MFnr2DphA42faHPK6e5mePI5N1MZuhmdt3ou2MvF4zqUj9xhZGwb3nRkquaaObQFWXt8G-nog2o8iwaQFLpUTsPJbOJlpOLnLalkAL/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fqudt.org%252F%26data%3D05%257C01%257CSteve.Lasker%2540microsoft.com%257C79cb3d326bec41bf51ac08da726fb0f1%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C637948121310174010%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C3000%257C%257C%257C%26sdata%3DQOs%252F5MIMJSm%252BkqzHSSxV6MtsA4mOIzanJ6Vwtpl4NO8%253D%26reserved%3D0>

My main complaint against W3C Verifiable Credentials is the limitation to JSON representations, if we could represent RDF in CBOR, we would have the best of both worlds with the main remaining disadvantage being the namespace overhead inherent in RDF.

If you drop that, you will likely need some registry or algorithm process for handling collisions and interoperability, but there are various solutions to those problems.

If you feel I butchered any of the concepts or terminology, feel free to yell at me here or on github issues, as I said, I made this today, it's not reflective of actual SCITT architecture, it was just to explore the space.

Regards,

OS




--

ORIE STEELE

Chief Technical Officer

www.transmute.industries<http://secure-web.cisco.com/1Pqu2CqEyHo4isckQh51PNnQ8tUbRhJ7fbWyn-w7XWT8mKjJG9jHB52pzDC91cVOUDvvB6yXP7TPyKL-6KQw4nyDVUvafmadZHo9d8Ch-lC1xIGYylhkgiUeEJlkJzb-8_bPpc3HM-numNyVUnz3wy-QWiv7Bwzc0EZvjlrk8l2zMTP7sgOAXQE64zUCay7yyWGYJm91CoHDytU3DDP8fEQdoS8GBRvo94T1w1wYmTEFjJWuq9_05ol76LbaYkHTQoZhRROFIusDfu9XNDv5Ofj1Xk0y_YmZkz6KS0Mx2eClGFuUIOo_FtTiX7i0x16EI/http%3A%2F%2Fwww.transmute.industries>



<https://secure-web.cisco.com/1bjrCBfGOdTl68S8z6MFmy6wdIgVCWKbGADYlzl4y7EFMpUY8fg0a2mP8VxR-hBXz6ktNIMpcPQQAW2u5iYC5iO-VnAhuontHbB4F8lXraq2NcsVvj3TAuLJZCrq0xtX6PCuxXYWUPX7kGfxmnICud6wXL1nmaadXy4jbbFg2AGQun-ogbW6StxcF5fYiNWuWEIXnn6y8txrzzkivVAn8kZ1iNr0RXTNJUkPgXppB3fYQymeETqMcQHjiI-6S-d9DegSgZlFq5Q4Q9uZZor9LVcXLifVEZCoGHLxPs2EISxGxD4Qh0uKFFJdrgUkKYBKj/https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fwww.transmute.industries%252F%26data%3D05%257C01%257CSteve.Lasker%2540microsoft.com%257C79cb3d326bec41bf51ac08da726fb0f1%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C637948121310174010%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C3000%257C%257C%257C%26sdata%3DRgoG8nYGEEYJJBk1amvfg9rTTO71hz9Z8SXKK1Ot7FE%253D%26reserved%3D0>

v2.23.0 | Report a Bug | By Email