IETF Logo Mail Archive

Re: [SCITT] Terminology Review

Jon Geater <jon.geater@rkvst.com> Wed, 12 October 2022 21:46 UTC

Return-Path: <jon.geater@rkvst.com>
X-Original-To: scitt@ietfa.amsl.com
Delivered-To: scitt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8282C14F73E for <scitt@ietfa.amsl.com>; Wed, 12 Oct 2022 14:46:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.798
X-Spam-Level:
X-Spam-Status: No, score=-1.798 tagged_above=-999 required=5 tests=[AC_DIV_BONANZA=0.001, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=jitsuin.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zOludRrF20LQ for <scitt@ietfa.amsl.com>; Wed, 12 Oct 2022 14:46:10 -0700 (PDT)
Received: from GBR01-CWL-obe.outbound.protection.outlook.com (mail-cwlgbr01on2046.outbound.protection.outlook.com [40.107.11.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 899D1C14F73F for <scitt@ietf.org>; Wed, 12 Oct 2022 14:46:10 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KYUYS6x1K1lYpXiTk059TTjSZwsTYWIAXOFQydgHZwKvzp4AD1lV6qxb7oH4QHnuo/mXTLXzSJgppuurp3m2fd3rbMrO8JgTVYsDkiV7uK8twtVw3GIThPLtiIuAQk5bQzwoscl+PTwQi73XmsIDR/oLgODJctebDQJ6ahsqdss5M8N1GDWGbHIoQE92IC6pbmQmS6CGOkU4oLA4LN36V6rMY3X/QBpoVcmbquObWphNLi2jHrgcs9w6sKL+ndW7vR7GwLme9TFt4GmdFxLz6gadqBfP7BiclhNwudAzbpK/0k4v7pU9XYWQDYGaGalLEEO64TNWOObI4MHLU5TBbw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dK+X0rZbKnxD29J9iqSFZpImXf1d9y8lvTbwWwVQQvI=; b=Ec7C66KwjwiO8YkqnSEoBwNILzM9rQGimQFLPJRkUuoaqEiD5dM/vlv7/9YOsbh6O/3dFdXcnllvlD6VFxU94t0mfY6BxHtO86Kll+GCbl5PdgAfCGB6jYOyaN9wZbe+/246S4u2XsHsfZG6Bw651IucYDvo0eG0iB0u+gKOXLYE33CjoOSPq4Y0PgDpkkF4SkO8z2u3OxiopfzDz5t+D8pmfAWEEFtU1GsbHfynalyXSxJHQtSCS2znx+DLkQ879wyyAj/cELIrEY2nHU6slGGy+Ewv97y4yq64j0joSvAu8Qm/I1LJuLUdKK4ApOuXSqCCP2Wh7OIZyav6+tGcLQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=rkvst.com; dmarc=pass action=none header.from=rkvst.com; dkim=pass header.d=rkvst.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jitsuin.onmicrosoft.com; s=selector1-jitsuin-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dK+X0rZbKnxD29J9iqSFZpImXf1d9y8lvTbwWwVQQvI=; b=Gur4tSwEPWI6cKVzbiejW8ySiosmEY/468Qf/aTCFNch9a1AAgZNjk5nXPp2dRzguRwAFD5SkJp1ZcSHBS/Gzizotv6z1BsEavZ22760Z2YG+rKji3p17yrUO+rKGbCvOpGPQHsQZD77aFXDOpDRuMiinzmV6gsLUia+vz4pPVEKbUWJjTbGqqO8lS/wmLiDHzKrebANlZ1MU/WezlH5eK3j7TC6N3xRMTAsJG3LE2Cw3LR5e9BvbtbsglBsEi2EdwREMsRx3i0OvPx9bMgqdg3EvLCJbjqqbwOuNKYtn/7dUxEHWNGcYKYS/TtzElryk3bawawtbN2nFHSqj8Te9g==
Received: from CWXP265MB5766.GBRP265.PROD.OUTLOOK.COM (2603:10a6:400:1a8::6) by CWLP265MB5708.GBRP265.PROD.OUTLOOK.COM (2603:10a6:400:1a2::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5709.21; Wed, 12 Oct 2022 21:46:06 +0000
Received: from CWXP265MB5766.GBRP265.PROD.OUTLOOK.COM ([fe80::9651:11b9:5753:e04f]) by CWXP265MB5766.GBRP265.PROD.OUTLOOK.COM ([fe80::9651:11b9:5753:e04f%3]) with mapi id 15.20.5709.021; Wed, 12 Oct 2022 21:46:05 +0000
From: Jon Geater <jon.geater@rkvst.com>
To: Steve Lasker <Steve.Lasker=40microsoft.com@dmarc.ietf.org>, Orie Steele <orie@transmute.industries>, scitt <scitt@ietf.org>
Thread-Topic: [SCITT] Terminology Review
Thread-Index: AQHY13RTVBMzcLhcdE+sziza5j9U7q4LVsiAgAABoNI=
Date: Wed, 12 Oct 2022 21:46:05 +0000
Message-ID: <CWXP265MB57667149855718FD62ABD97398229@CWXP265MB5766.GBRP265.PROD.OUTLOOK.COM>
References: <CAN8C-_LJrhdpZPYUM=nPjJSH79qoG38ws2BEDFMts5PcfC8-FQ@mail.gmail.com> <DS7PR21MB3341F33C0D42DB516D8B8E499C229@DS7PR21MB3341.namprd21.prod.outlook.com>
In-Reply-To: <DS7PR21MB3341F33C0D42DB516D8B8E499C229@DS7PR21MB3341.namprd21.prod.outlook.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=rkvst.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CWXP265MB5766:EE_|CWLP265MB5708:EE_
x-ms-office365-filtering-correlation-id: 7775efa4-7c22-498c-9618-08daac9b2a82
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 4mVFOGjfjX113OVVPJN1KbEAw7icbBLBb6OBLs1CtfY+T7amAlvJg0bV3kuC1debfbH8Vr1be5vNv8InTXU38O3EAhGGEgFjxczXRJLtJz5PtpR1DTWfoXiPo/Ze1SH7rWPkfWUKpA+ijwUeqc40LnQmpqt8e0TanrgcX/7g6LOBOcZc9ziPhEwni8K9ZmFwo39b1TNmi3K/GL+uGyJSIMmU0KU89WHrIFPL1E/VHiGVfH23TwuPGLGgbP7nkvLBhFSXsq4hsHhR6gHj97+PIIvI7udzfs6+EXJGbTymE0yLu5u8JqWy9gyYWe+yPMoGk2XWzFKzudye3qRKkitunFdSxEJfmkBcV4BS1gTL/lM8UGsX+BAlwVwJius/bZfvX0IsWpVF895zdikFr/yzOpHqhbX2RWZZwd4vZy/mB+/aPaj4xxFjutkGchL7XHw0D4V2PfakaUquXI4PN2C+Mh8ZYSs1EooDwYrHnVljIrRB3o/hfOqhMchDe3UOgv3GxP5M0BpMKWJRuE2r8J6IdezpUfrQi3Q2o1DqYFb62x8d73qcPUgfpLLz7jxXEK8N383hzu6QCbmwwDiNk07wc4wun1D7UedM+1o+K9tBDhEdhNvPFEI7m1WuFsNQHiFgoVx9b4lcUgFi16vfw9d/WwJQUgoZ0E/1OX98kAdZVUQIhzww2PWTyE0IAxx7Kf3XaZY2wl9jw7ePSYdR1e056pAmOUYHa+2WEZIr693LCWLEVoeGPxnjWd52DX96S453n3ZMR7Cq6j1lurRKGMtMlZwlSLP/3y7EIzMU4vcxrHau2egEEYu9AI4yJYyM/e4ySko7+W68l00W4xLYeWvghw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CWXP265MB5766.GBRP265.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230022)(376002)(39830400003)(366004)(396003)(346002)(136003)(451199015)(1690799008)(6506007)(7696005)(76116006)(316002)(66476007)(66556008)(91956017)(53546011)(38070700005)(2906002)(26005)(186003)(9686003)(86362001)(66946007)(110136005)(966005)(44832011)(122000001)(478600001)(166002)(8936002)(5660300002)(52536014)(66446008)(64756008)(41300700001)(38100700002)(19627235002)(71200400001)(55016003)(8676002)(5930299009)(33656002)(83380400001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: UnVlqlSCxXBuH6b2TYNJhvs0YNusDaSy60sV4cQC1d7uTWHCjY+GXcCzxFNiEWvPFyin+r5acTSv1xI/KeIjGMbLlTccu0JGd0suSuEGaL7TRbBSkjNxOMyZTaboUrcG6BswLbDuXuSMT83g10pTTE5WLaPxluOm/0lU/MiEJ2DA/Sa840x20Tjkdrn61fvm669tKl4pmWjNkyYYnjShdEc+WQ8GJH9B5IRSCIHaRHsAEaunFWP08Qz1fikhHAKwni7iUpuVzcEjsZ3BukJNa8TjBvT4bOSoZBEaZYV8n+Sr/G1+idW0dg4HokY4ZONWcHqiQVxyBmMSi9h69eAeCmwLcilf57B2fLhWrJWtcwTfmPwUrw7Aga8PPe8xzAPwbn8eg1pkk2JUxCSNyb6Wo14FZsG7eZMJXDf9B7SaeURt7vpurUXjPW+eKsTsa6NovAq7OgaacBzinerf+/tT83QX3V1mGL2AQWuy0yEo8Ae1ICw5r3348UKqbOROYJEGeLbcu3tJagiy2yGZq7tURLBHDtHqbR1EO0Qy8o9hhznz2bhA1kNMjzn1ZW/eUorYDbApN50noqjpEWE4l7HF0jhmirb1Vp/kON/ozL9LZQMOLW8rzii76unLoVxv9GgJ/VzihgOzG6eiiMg4Qd0DjdJ5IV+VssSfIX6Uo20p1C2HbDAO2FG6uDECE2KqYjLc6l5jrQWyRoCEeSmvhsbDe8HlsaTmNmXd6mH3k1MK0VCUGHw+VgHpaUEjeOZny2TLqDzlRTktQBUcoZIngsRkb9eThHXXd7U7dv30ZiUmABVzRFZJZuhrd/kuYIYFtyNIfe3mFLy97sTqbm2iYLt8pTWc+lsZnohNAYaYjL+ZtrgaaoGV2wodhnVSncxj2e/D1eeQXkjI9T24EulVoZXhzOf/UzXrPZqIL4o18t7t9zSjk/HvkogzlSsqJ7+RTXRTNn5QawomGipgAXedkmjTv4NMNYCW5kjJLoiZ1zI4I7/q8vsj6q1fxpd9vYMT/+AtNYw/XbiMvjHo4PYJRj8myLHDWmdcw+AlU/6JOn+DrWMtLe2BRnM4outOKTWC7LikZuj8IFijk0jpM3qdDF+wCJqvT6mpkr0vGBa4zAxgjOeNATPGQ4MYcirOjb6ddyFlPxIRpASI4k2o2wvdw1sOIYojVGmw18OkXRgGuKNKlWRwzMYWuzEXTOiddsDVKKCYGHY0QboNsbqQugcRKqZVdpa64oCyv+SpeeMJTJyZigDCyRQ6OQSqFz+bMNc3kWZlx4l5VzUbKAkO15ST3/3vJDl3RZVRz+Dj1WCGUtFsCqUPsT7OqTx6I8A5+Hc5VzxI0LPnumncvH7fNs2gAwczVfWM/CEVaQm8mhCzn4gFF/6hIRsSrQCo4aCPlfdhjZi1041t7jkDDaB7kk56S7Qzsig3QaaznW++b32/uZ8lPBUyufdIPNfV4IeHwSdFYvh+DPmBycInHCTHFt3myb0gFa49I/Ztwh/5Ga4Dh+mAWQFLY6L3cQkRmIudeF0XaIaGleds0Jj8CFhw9bXU+sDVrkBzG+c2gFq0I4rrwKb2+Ile3VPvIyWWB8mBaHy/PxtEHtCBJBsE1gEvogNvSqHm9KZrG6OVXLvs7ZiPZzboG5U=
Content-Type: multipart/alternative; boundary="_000_CWXP265MB57667149855718FD62ABD97398229CWXP265MB5766GBRP_"
MIME-Version: 1.0
X-OriginatorOrg: rkvst.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CWXP265MB5766.GBRP265.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 7775efa4-7c22-498c-9618-08daac9b2a82
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Oct 2022 21:46:05.8830 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: e6cd7cbd-4331-4942-b28d-a327d99a088a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: V06tsIAubsoexH4w+dYnjsVYGboUdszbaOFrY3cU/lD38HTrQG7yS8tbR2L/XgopwAu9I3wv2PhnpxGAbBdwbw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CWLP265MB5708
Archived-At: <https://mailarchive.ietf.org/arch/msg/scitt/p9oWUsDzAM2O2YUUdrmqJsHgQzA>
Subject: Re: [SCITT] Terminology Review
X-BeenThere: scitt@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Supply Chain Integrity, Transparency, and Trust" <scitt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scitt>, <mailto:scitt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scitt/>
List-Post: <mailto:scitt@ietf.org>
List-Help: <mailto:scitt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scitt>, <mailto:scitt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Oct 2022 21:46:13 -0000

Attestation is ridiculously overloaded. My architecture team is working on a formal ontology of NIST guidance (hard, it’s not specified that way), RATS (dead simple, and the diagram is neat with no crossing lines which suggests good order), and SCITT (pretty good, but more complex).

A unified UML model of them all showing how the SCITT roles interact with a RATS system required us to upgrade our Enterprise Architect license!

Complex indeed but I think it’s not really solvable at this point. Better to namespace things.

Jon

—
Jon Geater
Chief Technology Officer, RKVST (formerly Jitsuin)
+44 7500 786537
________________________________
From: SCITT <scitt-bounces@ietf.org> on behalf of Steve Lasker <Steve.Lasker=40microsoft.com@dmarc.ietf.org>
Sent: Wednesday, October 12, 2022 10:37:37 PM
To: Orie Steele <orie@transmute.industries>; scitt <scitt@ietf.org>
Subject: Re: [SCITT] Terminology Review


Thanks Orie for sending this. Reading through the Architecture, I found a few terms that seemed to duplicate each other. There are other acronyms that added some confusion as I kept reading TS as Time Stamp, rather than transparency service.



  *   Language mapping and terms. #24<https://github.com/ietf-scitt/draft-birkholz-scitt-architecture/issues/24>
  *   Replace TS with SCITT? #28<https://github.com/ietf-scitt/draft-birkholz-scitt-architecture/issues/28>
  *   Definitions & Terms: Change Statement to Evidence #29<https://github.com/ietf-scitt/draft-birkholz-scitt-architecture/issues/29>



It would be nice to get more concise, and KISS it.



From: SCITT <scitt-bounces@ietf.org> On Behalf Of Orie Steele
Sent: Monday, October 3, 2022 3:06 PM
To: scitt <scitt@ietf.org>
Subject: [SCITT] Terminology Review



I've been meaning to do a review of the terminology space.

My hope was to be able to easily identify the gaps between NIST / IETF / TCG / W3C.

RATs seems to be leading the way (doing most of the heavy lifting for IETF).

One part I found interesting was the "assertion" vs "claim" vs "attestation" overlap.

https://vocabulary.transmute.industries/ns/attestation/<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fvocabulary.transmute.industries%2Fns%2Fattestation%2F&data=05%7C01%7CSteve.Lasker%40microsoft.com%7C87027b753ec045856b8008daa58b737e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638004316274558906%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=mpLG1gBFRxJVpcZ4y%2Fb4L36jg71K8HzuCLL%2FqPGz%2Frs%3D&reserved=0>
https://vocabulary.transmute.industries/ns/assertion/<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fvocabulary.transmute.industries%2Fns%2Fassertion%2F&data=05%7C01%7CSteve.Lasker%40microsoft.com%7C87027b753ec045856b8008daa58b737e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638004316274558906%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=4wVoJdFeBqhMhnbexFWqyBcQtAwYDHIwk4ZunIv3Muo%3D&reserved=0>
https://vocabulary.transmute.industries/ns/claim/<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fvocabulary.transmute.industries%2Fns%2Fclaim%2F&data=05%7C01%7CSteve.Lasker%40microsoft.com%7C87027b753ec045856b8008daa58b737e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638004316274558906%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=kXofZp5NQhXaBfP08bU42JFIxqUnkcyOeV90t0IG1jI%3D&reserved=0>

It's also interesting how relatively untouched "endorsements" are.

Regards,

OS

--

ORIE STEELE

Chief Technical Officer

www.transmute.industries<http://www.transmute.industries>



[https://drive.google.com/a/transmute.industries/uc?id=1hbftCJoB5KdeV_kzj4eeyS28V3zS9d9c&export=download]<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.transmute.industries%2F&data=05%7C01%7CSteve.Lasker%40microsoft.com%7C87027b753ec045856b8008daa58b737e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638004316274558906%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=1mDIYIdt6Ed1iuAKhdFDjkIxkoeDaPCI4eCInwP234k%3D&reserved=0>

v2.23.0 | Report a Bug | By Email