The IESG has approved the following document: - 'An Architecture for Trustworthy and Transparent Digital Supply Chains' (draft-ietf-scitt-architecture-21.txt) as Proposed Standard
This document is the product of the Supply Chain Integrity, Transparency, and Trust Working Group. The IESG contact persons are Paul Wouters and Deb Cooley. A URL of this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-scitt-architecture/ Technical Summary Traceability in supply chains is a growing security concern. While verifiable data structures have addressed specific issues, such as equivocation over digital certificates, they lack a universal architecture for all supply chains. This document proposes a scalable architecture for single-issuer signed statement transparency applicable to any supply chain. It ensures flexibility, interoperability between different transparency services, and compliance with various auditing procedures and regulatory requirements. Working Group Summary While there was active discussion on various aspects of this specification, concensus was reached. Document Quality Mediatypes: An amended version was submitted on 30 June at: https://mailarchive.ietf.org/arch/msg/media-types/az47kuF_lIG6IX_pccuEn7C10Gg/ The document contains EDN and CDDL snippets, which have been reviewed by the Working Group and by the cddlc validation tool. There are at least three implementations of the contents of the document, from Datatrails [0], Tradeverifyed [1] (formerly Transmute Industries), and Microsoft [2], all Open Source. Other parties have expressed an interest in implementing it as well, for example Dick Brooks, from Business Cyber Guardian [3]. [0] https://www.datatrails.ai [1] https://tradeverifyd.com [2] https://www.microsoft.com [3] https://businesscyberguardian.com Personnel The Document Shepherd for this document is Amaury Chamayou. The Responsible Area Director is Deb Cooley. _______________________________________________ IETF-Announce mailing list -- [email protected] To unsubscribe send an email to [email protected]
