IETF members and new SCITT Community look to drive real-world implementations of IETF SCITT specifications
RKVST announces its participation in the upcoming Internet Engineering Task Force (IETF) 116 Hackathon taking place March 25 and 26 in Yokohama, Japan. The hackathon will seek to exercise and inform the draft standards from the IETF Supply Chain Integrity, Transparency and Trust (SCITT) Working Group.
Supply chain risk and the serious threat posed by supply chain attacks are top of mind since the widely discussed SUNBURST attack (which famously affected SolarWinds, VMware and others), Kaseya ransomware attack and many others. Businesses need the ability to readily determine whether products and all their components meet security, reliability, privacy and sustainability requirements.
The IETF SCITT Working Group aims to improve supply chain security with the development of specifications that make the actions of entities in today’s increasingly complex supply chain transparent and accountable. A newly formed SCITT Community is complementary to this Working Group and aims to drive the adoption and development of these specifications through collaboration and real-world implementations, with representatives from Fraunhofer, mesur.io, Microsoft and RKVST, among others.
RKVST Provenance-as-a-Service will be used as the back end to an open source SCITT API Emulator. The emulator is intended as a standard client that mirrors the draft SCITT architecture specification. It was developed collaboratively by SCITT Community members to test and prove technical practicality and commercial interoperability for consumer choice. This SCITT emulator, along with an open source View COSE tool, will enable participants to experiment with the draft standards in a practical way. Working Group members, developers and subject matter experts will have the opportunity to discuss, collaborate and refine the IETF SCITT specifications to help solve supply chain accountability and transparency challenges.
Jon Geater, chief product officer, RKVST said:
“Right now, it’s challenging to manage the ongoing compliance of products and services against requirements across global end-to-end supply/value chains, the root causes being; insufficient standards for verifying identities of parties, tamper-proof and independently verifiable data stores; lack of legally meaningful and persistent supply/value chain data; and the absence of globally interoperable transparency services and trusted service discovery. The IETF SCITT Working Group aims to address these challenges with a set of specifications that will, over time, become standards — enabling multiple projects, products and services to interoperate. With this hackathon and other practical activities, we are investing in driving forward understanding and helping to accelerate the development of those standards for the benefit of all.”