IETF Logo Mail Archive

Re: [Rats] Entity vs. role

Laurence Lundblade <lgl@island-resort.com> Wed, 23 March 2022 08:03 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50AE53A11F3 for <rats@ietfa.amsl.com>; Wed, 23 Mar 2022 01:03:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n1B9acTruvsg for <rats@ietfa.amsl.com>; Wed, 23 Mar 2022 01:02:55 -0700 (PDT)
Received: from p3plsmtpa07-06.prod.phx3.secureserver.net (p3plsmtpa07-06.prod.phx3.secureserver.net [173.201.192.235]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 169543A11EB for <rats@ietf.org>; Wed, 23 Mar 2022 01:02:54 -0700 (PDT)
Received: from [192.168.8.106] ([213.225.36.78]) by :SMTPAUTH: with ESMTPSA id WvxEn6Hrly4hiWvxFncJwp; Wed, 23 Mar 2022 01:02:54 -0700
X-CMAE-Analysis: v=2.4 cv=eu8acqlX c=1 sm=1 tr=0 ts=623ad42e a=73sqJBfw4EOcj9Wd6QYAcA==:117 a=73sqJBfw4EOcj9Wd6QYAcA==:17 a=AUd_NHdVAAAA:8 a=_fTGTkIjcBmb-bL0UQQA:9 a=QEXdDO2ut3YA:10 a=35-yo23LHAzZHJ_i:21 a=_W_S_7VecoQA:10
X-SECURESERVER-ACCT: lgl@island-resort.com
From: Laurence Lundblade <lgl@island-resort.com>
Message-Id: <9BFD1E45-569D-4E2F-BCD7-5DA6FF5A1BDF@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_E4C8B6AD-4CB0-4C90-9345-3138EB2E5EB2"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\))
Date: Wed, 23 Mar 2022 09:02:51 +0100
In-Reply-To: <BYAPR11MB31255F64BDB773DB93A0C6CCA1179@BYAPR11MB3125.namprd11.prod.outlook.com>
Cc: Thomas Fossati <tho.ietf@gmail.com>, "rats@ietf.org" <rats@ietf.org>, "Smith, Ned" <ned.smith@intel.com>
To: "Eric Voit (evoit)" <evoit@cisco.com>
References: <3407CFB9-B713-4E13-BDA3-08EC7B5A905E@intel.com> <CAObGJnOxU0vfxzzZ9tv1J64KHDigxLcEMrgx0gDy97bE7NQJcA@mail.gmail.com> <E20F61DD-8775-4E68-8E56-E6EC92682A18@island-resort.com> <CAObGJnOv8ePE=R6vvdg5uib3Y9=WS8A5vcOdpWY0sREXA98aPQ@mail.gmail.com> <2BC14C43-80D0-4611-BEA0-9D9B9948BE0C@island-resort.com> <BYAPR11MB31255F64BDB773DB93A0C6CCA1179@BYAPR11MB3125.namprd11.prod.outlook.com>
X-Mailer: Apple Mail (2.3608.120.23.2.1)
X-CMAE-Envelope: MS4xfDBcaj2+YJIaG6ZCmwbz96zVryTk+RWj+4HLM8+nnlpXBzugNwmIVIV7Tj/8Y2xZLZc7ybH6YFfICmWXe/vzTjWD+UM8jOH+7YnK4TyJ6/XtLpnOzGHJ Yu1yNP1okurzsA0D0cDwGnwv+YIYB3Toh89SHluSI+WmbeQ3e+h7uigvECr9df6Mu0Uyf3c9q1JyVUvdBx8w8g5mTCEDHSYd8Gq+jAl52C56OJrTTU7WvboY O/CZp0gQ0ntYbTs+7K/GYL+nZrk2Arc2S5ymlkUVuCc=
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/BWdk4M60x-bREjWpD8FwFpFaII0>
Subject: Re: [Rats] Entity vs. role
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Mar 2022 08:03:02 -0000


> On Mar 22, 2022, at 10:37 PM, Eric Voit (evoit) <evoit@cisco.com> wrote:
> 
> Yes, we can depict it like that conceptually, but in reality it could be one big machine learning engine or similar where you can’t separate it (you could even put unverified measurements in AR so they can be fed into a machine learning engine).
>  
> <eric> Ar4si uses the term "AR-Augmented Evidence" to show what flows into the unified Verifier + Relying Party roles.  Ar4si makes no assertions on what the full set of Evidence might include.
>  
> And RATS architecture doesn’t care about what’s in AP for AR and shouldn’t care about it. We’re only mentioning AP for AR for the sake of completeness. We’re not going to put any requirements on it or say anything more about it than it exists, right? Hope that right. 
>  
> <eric> The RATS architecture doesn't name specific objects.  But where AR flows between devices (e.g., in the passport model), this WG needs to understand how reusable Verifier generated objects/definitions might be consumed.  I.e., the ultimate consumer of RATS is the RP.
>  
> Eric


Yes, went backed and looked at your slides again. Makes sense. Definitely a use case to support.

When talking in terms of roles, I definitely think that Verifier B is just co-located with the RP, not part of the RP.

I’m not sure if we should consider Verifier A + Verifier B a composite Verifier or not. In my comments above I clearly asserted that all the verifiers (in a composite verifier) must have run before there is any AR. By that criteria it is definitely not, but maybe that definition is too strict? 

I’m also not sure what we should call the intermediate results between Verifier in a composite verifier. By my criteria above it can’t be AR-Augmented Evidence, but again, maybe that criteria is too strict.

Ironic in a way — I want to forward/passthrough Evidence in Results, you are forwarding/passingthrough Results in Evidence :-)

LL

v2.37.1 | Report a Bug | By Email | System Status