search

ietf-scitt / charter

Documentation of initial IETF Supply Chain Integrity Transparency and Trust (SCITT) WG Charter
6 stars 13 forks source link

Use of term "registry" #6

Open henkbirkholz opened 2 years ago

henkbirkholz commented 2 years ago

https://github.com/ietf-scitt/charter/pull/3#issuecomment-1168500475

to most IETF'lers the "registry" in "Transparency Registry" will probably read counter-intuitive (violation of POLA). As I also do not know a better word, we probably have to introduce our use of "registry" a little bit better instead, I think

OR13 commented 2 years ago

Related concepts from specs I have worked on:

Verifiable data registries

In order to be resolvable to DID documents, DIDs are typically recorded on an underlying system or network of some kind. Regardless of the specific technology used, any such system that supports recording DIDs and returning data necessary to produce DID documents is called a verifiable data registry. Examples include distributed ledgers, decentralized file systems, databases of any kind, peer-to-peer networks, and other forms of trusted data storage. This concept is further elaborated upon in § 8. Methods.

verifiable data registry

A role a system might perform by mediating the creation and verification of identifiers, keys, and other relevant data, such as verifiable credential schemas, revocation registries, issuer public keys, and so on, which might be required to use verifiable credentials. Some configurations might require correlatable identifiers for subjects. Some registries, such as ones for UUIDs and public keys, might just act as namespaces for identifiers.

These have been used as abstractions for both "permissioned, permissionless ledger systems"... which includes blockchains and similar systems such as verifiable databases built on merkle proofs, etc...

Examples include: Trillian, IPFS/IPLD, Bitcoin, Ethereum, Amazon QLDB, etc...

henkbirkholz commented 2 years ago

@roywill you assigned this issue to yourself. Are we good?

henkbirkholz commented 2 years ago

I-D.birkholz-scitt-architecture for now uses the terms registry (the essential building block that maintains the append-only log) and transparency service (basically the notary actor with API and convenience frosting around it). Based on that status, I'd say we go with registry for now and then find out in WG work, if that is too confusing in relation to IANA registries, a register operation (e.g. to a subscription service, etc.).

As we are intending to push the updated charter text to 00-02: are there any objections to go with registry for now?