IETF Logo Mail Archive

[SCITT] Re: IETF 120 Topics of Interest

John Andersen <johnandersenpdx@gmail.com> Thu, 11 July 2024 16:59 UTC

Return-Path: <johnandersenpdx@gmail.com>
X-Original-To: scitt@ietfa.amsl.com
Delivered-To: scitt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D313C15199A for <scitt@ietfa.amsl.com>; Thu, 11 Jul 2024 09:59:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U18ELfpsaL6f for <scitt@ietfa.amsl.com>; Thu, 11 Jul 2024 09:59:36 -0700 (PDT)
Received: from mail-lj1-x22e.google.com (mail-lj1-x22e.google.com [IPv6:2a00:1450:4864:20::22e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B1ACBC15198C for <scitt@ietf.org>; Thu, 11 Jul 2024 09:59:36 -0700 (PDT)
Received: by mail-lj1-x22e.google.com with SMTP id 38308e7fff4ca-2eaa89464a3so12503631fa.3 for <scitt@ietf.org>; Thu, 11 Jul 2024 09:59:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1720717174; x=1721321974; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=UBPccosezibT4aH2DvPA9s0272GV+wXecQTuDWq/IOk=; b=PkCoyafa3uoyjTg7hHr0HOCuw81tu7imgY0oIX8Cp8aA8J/yGMadn7OuvbYtLpvLkl SgeFqfa3n2+F/eDZPOmPuXYV1OC8XFHjC1yHwFUJU0AEjuwSTkyEWBfskgybDrdcVow/ a5t6SpPyusy+PiG33DJh4fXpS+Vcu0Pm9Gkqe4fVn92YUml03fKtOLW5qvb+2WBQY9wu Iw5EzJClCp+A7tCEody0xgHa2EWcSwpi7nFnD5QsOt+ECT9ev1ueSVus4i+00ahUg0Ea kMSn5aHmlaNs8zkVsPn5YgUUXQJtykomHPCiz3gQ7j7eSlJSSUNnANv4SXLbbDeF8SDw 1yDA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1720717174; x=1721321974; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=UBPccosezibT4aH2DvPA9s0272GV+wXecQTuDWq/IOk=; b=Apnehoxq9jWoxbFyoqWxOrLdiWFgC3XfCd2l02VaG1fg2yEXsutd5oXarL+vt9y7K+ 89lb4OXxhFyAuGLE8wf+ltpynCSgW17hGk80E0qeyrmDmsW7WApB4z07rZG3/boNdexC loywuqo9KA5IcNQzaxAgbhCECC1kScZVOHDLeDRQiREFiTTDwuPghkQwqMbxPUr27Dqf Ug5C2Lmg7JZhThOe0CVE6IAU2eQsn/48fxpjlJB7Y6VOqNrYzxW929tlym33pmcMvX3C BWkGpGOjxr6Pv72CsQYrKbH4vww/D7h2J4UOGmUe2SpBUmEuKBlfCRc5CAkG4aC1lH8E cwCw==
X-Forwarded-Encrypted: i=1; AJvYcCV++Nhn1QGf//5tvtV14SJJIHQm+ZSnO8QYKz0b/AjIjRJirvmUHXf4PWaenCes6ioSCIWzbPezEksrIivm5A==
X-Gm-Message-State: AOJu0YyuJcx/u/xvbS4q/K9HDhlR3PR6bzmrEkuRm2mGeErNwzl84VeC 6yoDoSN2kCRXwU7qdAsTmgNHD71yVWCvv2dQYoof0m4DE4jqsV9jPKHR/BUvScsq5Pyo5NQX4Tt CcjaUQKcvO2H7YUsmaPrS/W4HV/8e0BPc
X-Google-Smtp-Source: AGHT+IGV38Dm0P5a5H+HeV4ptGwIiXd2Ggw8pantw+iuCj1xTqwDpcoAJO4bpBUDFXv1Uy9zk/YOKgaCieUTUdyQu3E=
X-Received: by 2002:a2e:b059:0:b0:2ec:53fb:39cb with SMTP id 38308e7fff4ca-2eeb30ba0edmr60434301fa.6.1720717174181; Thu, 11 Jul 2024 09:59:34 -0700 (PDT)
MIME-Version: 1.0
References: <CAN8C-_+eTuG6gwgURuC6Ra6sbqORk_Ec0QY1wA41LfpyZWZPRA@mail.gmail.com> <CAPFAYiVXsC5nJdmH4Anxy9WbRqcTKzjg+6ANyssE4GZSTGFLdQ@mail.gmail.com> <CAGJKSNS4_QYPKqXs3_8gT361z0LYLJnZgbbKE08dgAOp+XhZKA@mail.gmail.com>
In-Reply-To: <CAGJKSNS4_QYPKqXs3_8gT361z0LYLJnZgbbKE08dgAOp+XhZKA@mail.gmail.com>
From: John Andersen <johnandersenpdx@gmail.com>
Date: Thu, 11 Jul 2024 09:59:22 -0700
Message-ID: <CAPFAYiVPuXMjWjOSxU3QqEsSkMzEGrmS-HbeL1wo4iB=fDzBgg@mail.gmail.com>
To: Michael Prorock <mprorock@mesur.io>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: Y2QIY6ULA5ZSI6OVPMVW6ZCKC4W3O6DM
X-Message-ID-Hash: Y2QIY6ULA5ZSI6OVPMVW6ZCKC4W3O6DM
X-MailFrom: johnandersenpdx@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Orie Steele <orie@transmute.industries>, scitt <scitt@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [SCITT] Re: IETF 120 Topics of Interest
List-Id: "Supply Chain Integrity, Transparency, and Trust" <scitt.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/scitt/BjCAySWyODuhDWwn4kMtCoY5eDA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scitt>
List-Help: <mailto:scitt-request@ietf.org?subject=help>
List-Owner: <mailto:scitt-owner@ietf.org>
List-Post: <mailto:scitt@ietf.org>
List-Subscribe: <mailto:scitt-join@ietf.org>
List-Unsubscribe: <mailto:scitt-leave@ietf.org>

Most excellent! Please let us know if there's any sample code we can play with.

The stuff I have is rough but it's over here:
- https://github.com/pdxjohnny/scitt-api-emulator/blob/policy_engine_cwt_rebase/scitt_emulator/policy_engine.py
  - LiteLLM sending transparent statement URNs to relying party phase
0 to get workload identity token for tool call:
https://github.com/pdxjohnny/litellm/commit/3b6b7427b15c0cadd23a8b5da639e22a2fba5043#diff-95a105c80600ebb2de10fddc4f64a9754c12815ad7f00e3265400a789ed18786R87-R299

Thank you,
John

On Thu, Jul 11, 2024 at 8:02 AM Michael Prorock <mprorock@mesur.io> wrote:
>
> 100%
> we have already run some tests on using SCITT notaries for tracking AI data inputs as well as agent decision making and model components.
>
> I suspect that this will get more formalized and documented publicly as we roll some of those features more broadly out, but that approach is proving valuable for certain key use cases so far.
>
> Mike Prorock
> founder - mesur.io
>
> On Thu, Jul 11, 2024, 09:52 John Andersen <johnandersenpdx@gmail.com> wrote:
>>
>> Thank you for sharing Orie!
>>
>> Maybe AI agent workload identity would be useful to determine access as well. SCITT could be helpful in keeping an audit trail as AI workloads mutate. Statements around the state of the BOM of the workload could be used to give it access based in its current state.
>>
>> Thank you,
>> John
>>
>> On Thu, Jul 11, 2024 at 08:46 Orie Steele <orie@transmute.industries> wrote:
>>>
>>> Hello,
>>>
>>> I wanted to share some work happening in the IETF that may be of interest to contributors to this list:
>>>
>>> ## IAB Workshop on AI-CONTROL
>>>
>>> Large Language Models and other machine learning techniques require voluminous input data, and one common source of such data is the Internet -- usually, "crawling" Web sites for publicly available content, much in the same way that search engines crawl the Web. This similarity has led to an emerging practice of allowing the Robots Exclusion Protocol (RFC 9309) to control the behavior of AI-oriented crawlers.
>>> ...
>>> - https://mailarchive.ietf.org/arch/msg/ietf-announce/VQvsuYJV6M8gEpm86TTk-LT1CKM/
>>>
>>> ## DIEM Birds of a Feather
>>>
>>> Digital Emblems BoF will discuss the problem of protecting resources with digital emblems (discoverable signatures, credentials, ... tbd).
>>> There has been significant discussion of the problem space and stakeholders.
>>> I would summarize the discussion as:
>>> There are 2 scenarios, protecting digital resources from attack in regions of conflict (cyber space), in accordance with international laws.
>>> Protecting physical and digital resources in accordance with laws (supply chain / cross border trade / customs clearance).
>>> The BoF will likely focus on stakeholders and interest in these use cases, and I would expect a significant discussion of physical and digital supply chain topics.
>>>
>>> - https://datatracker.ietf.org/wg/diem/about/
>>> - https://mailarchive.ietf.org/arch/msg/diem/4oSkrAAWsY-liKfQ1fyutwMPj90/
>>>
>>> Regards,
>>>
>>> OS
>>>
>>>
>>> --
>>> SCITT mailing list -- scitt@ietf.org
>>> To unsubscribe send an email to scitt-leave@ietf.org
>>
>> --
>> SCITT mailing list -- scitt@ietf.org
>> To unsubscribe send an email to scitt-leave@ietf.org

v2.46.0 | Report a Bug | By Email | System Status