Operations and security log and derived metrics for Internet-accessible systems #19
Description
Recently, I have been experimenting with software libraries and a strawman web application operated by a small cloud service provider offering as Software-as-a-Service solution to customers in a regulated industry. Said regulatory industry is mandating a shift from centralized reporting to a regulatory body to an attestation scheme where cloud service providers like I describe above must report metrics for the different systems that make up the one or more customer tenant environments for their SaaS offering. I would think this is an ideal solution a SCITT-conformant TS log.
Shall I open a PR to add such a use case to this I-D? I am early in the initial research phase, I cannot yet ascertain if it will "break" with the architecture or not, and I know a few minutes ago we identifed that as a key criteria for inclusion here versus the draft-ietf-scitt-architecture ID.