IETF Logo Mail Archive

Re: [Rats] Entity vs. role

"Smith, Ned" <ned.smith@intel.com> Wed, 23 March 2022 20:33 UTC

Return-Path: <ned.smith@intel.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1AE73A0CB3 for <rats@ietfa.amsl.com>; Wed, 23 Mar 2022 13:33:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=intel.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2dAMLdppz52B for <rats@ietfa.amsl.com>; Wed, 23 Mar 2022 13:33:51 -0700 (PDT)
Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 31A883A0C83 for <rats@ietf.org>; Wed, 23 Mar 2022 13:33:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1648067631; x=1679603631; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=6RsyO/wMYbti2dkzMgXO+Nzqdb512yp/f80aubU0SpU=; b=aPNsNZjbHtWRLEuQmTb30Wu8lC9c8HKwEZldl/+lJGbI4KWulRjG2aux ZI2KA0onoiUm2kQiVHoKlAlYvPG4U3PDiqtqCjB+KcTMgAPn/ra0Hk8do +N8emkIjuBLK6/K8C7Pu7z9V3STT/5NJbbo2W6HhRpvJ8GU8NbvaAjTle 3pEjBi7sO+NrHeYLrRjX3+q5to4QQSYIXOWsOPN2vlkhNnzAfRg21Kq70 D2KBAkxPTiCygiOhOJyfuYx1Mvneg4htNWQnvMHSvwEU2rFJB8kaqH8ov vNO9H9HRvkb6ke+YpGfNPHErjWh268fmBLzPs/mXxsXtNZ5u4xqMgQMqE g==;
X-IronPort-AV: E=McAfee;i="6200,9189,10295"; a="238822754"
X-IronPort-AV: E=Sophos;i="5.90,204,1643702400"; d="scan'208,217";a="238822754"
Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Mar 2022 13:33:48 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.90,204,1643702400"; d="scan'208,217";a="637609527"
Received: from fmsmsx604.amr.corp.intel.com ([10.18.126.84]) by FMSMGA003.fm.intel.com with ESMTP; 23 Mar 2022 13:33:48 -0700
Received: from fmsmsx609.amr.corp.intel.com (10.18.126.89) by fmsmsx604.amr.corp.intel.com (10.18.126.84) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Wed, 23 Mar 2022 13:33:48 -0700
Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by fmsmsx609.amr.corp.intel.com (10.18.126.89) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27 via Frontend Transport; Wed, 23 Mar 2022 13:33:48 -0700
Received: from NAM10-BN7-obe.outbound.protection.outlook.com (104.47.70.100) by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.21; Wed, 23 Mar 2022 13:33:47 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ikmdlTnWCDzFS+DtMEmuxQWz1Wcvi584k+FnRcH/FXDlJCJWBkCcN0DgVhitD8E38FSvGQdyn0DpZ77rLtdc8y6qLDiZSoPYTMDSnNuwQdvlrKe2DkxeGvCykXTlbE22aP9tQQQm+Q6IoWKk4uIQXDdFIAVngCrTSrHKtX0SLxYu7ODHtT08ch2DoKOz060+zYbcpUL8o4Sh+dXLy/1euQQOHz0tvoY75YLkZu8PfkuSeeq55JQ405e46Qxqs6B3oNdY42k4GWhFf1UcxDVlvWix1J6CnfZZDMUWF8OlU4HD+X24CHkMDbqGPAYdXUvxylfwm9jzizU2FU9Rkgr9wg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=6RsyO/wMYbti2dkzMgXO+Nzqdb512yp/f80aubU0SpU=; b=awY7UavREzw1OZ185a0pmWGwEu6mKnAqEwgIR+PkyAAvt2FYwLqC3o6f2cTyGzUiOQOv6Jbc9/Zt87FLEbzeA9mxuetbJn9BDahauIUOpkW14XiqG5cJSatBW40GeJ5fZ06PoULrLNVoqYVYLLK18kRGxsbnUqTG+XwSoRWLMTnr0oSC0nvHbeNKZi1SdfhvWUN35K1U/UwTdmKoXGDTpUvCCuiE85uPbep9Ee7ljkukI5Ll9a4Msb+fuJyNlXqYm7v3wjz1/xn82MeDUhRpTqClhBHUWrt4qzmQaD7OdCsizHjqDVFUW4gK71GoG3ZRCicSz2LU8QXknYIJJlFIZA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none
Received: from CO1PR11MB5169.namprd11.prod.outlook.com (2603:10b6:303:95::19) by DM5PR11MB1532.namprd11.prod.outlook.com (2603:10b6:4:a::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5102.16; Wed, 23 Mar 2022 20:33:45 +0000
Received: from CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::4818:ff2c:ac59:8bc4]) by CO1PR11MB5169.namprd11.prod.outlook.com ([fe80::4818:ff2c:ac59:8bc4%3]) with mapi id 15.20.5102.016; Wed, 23 Mar 2022 20:33:45 +0000
From: "Smith, Ned" <ned.smith@intel.com>
To: "Eric Voit (evoit)" <evoit=40cisco.com@dmarc.ietf.org>, Laurence Lundblade <lgl@island-resort.com>
CC: "rats@ietf.org" <rats@ietf.org>, Thomas Fossati <tho.ietf@gmail.com>
Thread-Topic: [Rats] Entity vs. role
Thread-Index: AQHYPe6PgQWbu8zDYE+F8zzrq4lIsazLg0QAgAA6DYCAABj+AIAABWwAgAASg4CAAK6tgIAAUWwAgACRIwA=
Date: Wed, 23 Mar 2022 20:33:45 +0000
Message-ID: <D2410344-D402-49FC-B5FB-12D773DD2DB9@intel.com>
References: <3407CFB9-B713-4E13-BDA3-08EC7B5A905E@intel.com> <CAObGJnOxU0vfxzzZ9tv1J64KHDigxLcEMrgx0gDy97bE7NQJcA@mail.gmail.com> <E20F61DD-8775-4E68-8E56-E6EC92682A18@island-resort.com> <CAObGJnOv8ePE=R6vvdg5uib3Y9=WS8A5vcOdpWY0sREXA98aPQ@mail.gmail.com> <2BC14C43-80D0-4611-BEA0-9D9B9948BE0C@island-resort.com> <BYAPR11MB31255F64BDB773DB93A0C6CCA1179@BYAPR11MB3125.namprd11.prod.outlook.com> <9BFD1E45-569D-4E2F-BCD7-5DA6FF5A1BDF@island-resort.com> <SN6PR11MB3135EBAF7783D637C7BBA04AA1189@SN6PR11MB3135.namprd11.prod.outlook.com>
In-Reply-To: <SN6PR11MB3135EBAF7783D637C7BBA04AA1189@SN6PR11MB3135.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.59.22031300
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 31704c83-17b1-4106-e688-08da0d0c6d77
x-ms-traffictypediagnostic: DM5PR11MB1532:EE_
x-microsoft-antispam-prvs: <DM5PR11MB1532D8CA7A4E5E2058B88495E5189@DM5PR11MB1532.namprd11.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 9C64ET5Le3jG0qqoYOeisJRQxqTxoIvHrcrArPZ+dwvEn4WSUyM9QZF0TaOVH5Rmr+XqHaNQcKQl2JilI11mhWwVcQLqdG8aZmUWsv864yTdr3jcGXmvu78d+5hDCZZJKs9w930mkIjDBIDuk/q09OOZOPSPvYm3SKA3cwn0V2OAmYv/uEc0SqEMVMkfYctGFQ3AoBUUp3YQyZGZTaTP/cfRIVjE/xLQDIb9DukksEHaaSyJ4Do0CaXBScO6hv1QcQml2o5yJEzr2MpBXN5AQIGFQQ5XHNTwpTFDFR9cJ+Wz1Fi9ispml7VdfPKzyWDegbpuPFXovWpa2KeQQPBDXxH3oAqETseHwfFwdXh78GaHGubf9tDyLzfzEfvOerNpFQfuMt/g8ozxwYwhyrhtHLosvenIkC53Yc7iurSYhfQuXlQeQrb/5AsGML9uPR2eKIbetRwp3feJYLKvapYIazlmpdQMULD+s/wuOcdO+NPurzDJmhOA/so+4TjwW+kEkTtTJKK75n7e14rpJFse/HeJun3Kl6KuBjeeABqbAYMDjFpf2512XBTc+B5PTm/nfkZivivEbxn5D5rL0dHlQNcQ4KlkIcXTwKwSK6S35/6ZoMN8EyEaAU3G05BFn+O9iva+nRjwkCkXYGVtwHPFq+yRSEqdUiWBuvdllY4bDW62mO7cnBlnfSpozQW8ka2SKq2dVrshdYAzjLA9eq60HAHX3OeoFHbj4PkrBQg2v/wL2G0AY0Sty9vAzMhCFpgn
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO1PR11MB5169.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(366004)(66446008)(4326008)(64756008)(8676002)(2906002)(8936002)(66556008)(66476007)(316002)(54906003)(5660300002)(71200400001)(2616005)(6486002)(508600001)(26005)(53546011)(6512007)(6506007)(36756003)(186003)(110136005)(38100700002)(33656002)(122000001)(82960400001)(38070700005)(83380400001)(91956017)(76116006)(86362001)(66946007)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: lOVm/AWy1fFT3v87/5z/PbQrSBMrQubp8b5VxAZkhnFK7iAaDimigYkGDSh0VlSXHaX1XdvHewp1MdSss0zLY7enln1hwp0Jh+cXsZLqi7YfyfBLOmeYKpyxFtLW8rJkEmh9mQI3jZrtz/paRi4S/jRRcTFpMBTWYrVjGiFuFp/TE7mmBGYEHGNjM4UR6dldNS7d4q+TVrVzNvuKk2PszCJ8OA48pHDHnU5yHkTNvlPZOJFFeMQJXeqyJ7qLcoviVHNqRDOxqitj0G3Sc0ra6yPEetdMv0PMzIeZaa94r/Sn7eoOmCMAFLJuzvjg2kzpB+DhomJz5eB4T8S+NmirtJfRNdCV6C/D2SaSmTzssCQmMK1KJC5gP6eIOwwQuKX66BIGiMWffAEfwAHscFMrQ2IDmvtaiiQNqZ0ywSYataCsAn/08tU0neQ481ByChO/Mfgx7qjFGpt3D5p1cReKnlcfwpNGL7jzK+94Q506+T+3EYDE/+Z/3R54VKDaa8kEa/uOY5LWSmaukeUAk7pNOvod37RyGIUWBRUVtT2VEDMz9PfHwO2RhtbXTS9Vckb2+7dBBj+Inlz9lad+AK5EkaNRPQ6H+C3VNk1WgVZq/qa/l4i4J6YZiezpkLf3egSDqYknDqTyuHBr0plB+BshtJ3I0p821X5VrSFphWLu2vFWWOOIo6JmytzZ9uH6cnMZT1xWEFftq73X1E8Y9/XHL0QoR/fKHAcywzuRLmVIiQwM88QlZFou8hIdtu4KZGar17jkK1OXvJFsxevfm508A5onCuvBK1Svm/EQn82kI1nm8r4FZO8ISQS9MVVZnaRgpZw9JxAxG+RJhfPh9O04QU9/zD4MQHK8F8JxApveBPAUf3pReLC5+JNltrtmc2yXplBOoDI61zpTyqBuAtwD50TdTBoyuzwnDeT5CPwCTG36T5cIOiPJFPid/aSTi9akg20z54IKuhWgkaAGHoWE1tk2HyXUq6xUdpczS3JfsXSojnaDUfiBE5+uSr76vfByoy7Jzx30TwkvErx13jBVRHu8xxHZ4g4F+BI9aSFwo89YN5GI9UIcgS2J6fC21nKW7PIoxvDvhSfHFMq0oSPL02XhCANxPTebv+dpxiIO8u2chTySdZsL9KbqcZmVAm8Gw/q798sTl1BbntPiKiXxkvOvDa1Q2asmw0GvTz90FY06VWHnc8Ek2pNImKAv9T5HNRCoHNVIA25vfE2npNQM9bFhvdsDDwr4uEARwzhXcEAYLV2KORhWouEwY2W/iaKidDxW4bXj9+eHnGS02ojnyGc30ltl/FdHp06bgMkw9xfSlWsEK+Nki3kr2WSBdcq4UsTY14TWbFGL0feZC5z51SyyS4q0FdePgdU95oSXVcRMILeMHqHhDKjZLHIWezn4pntbRerH+S0yY7xaYdTAZU++bxvihfc4YkJE3Wc8SK37ZNnX4tq5dtXPiHXMxApt4j86/LUO9ROacw0Xr6Y56A==
Content-Type: multipart/alternative; boundary="_000_D2410344D40249FCB5FB12D773DD2DB9intelcom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB5169.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 31704c83-17b1-4106-e688-08da0d0c6d77
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Mar 2022 20:33:45.3051 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: c1xZBXVIWuuvc+gLMKY/BiZ1Ng5FW01jqYEpG6NL7z/s5Z/gnEkvbtZ6yFb6NBk77P35/N7CXYFVVDb2GSCbSg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR11MB1532
X-OriginatorOrg: intel.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/SSc5vZ6eC3-8cFlsheR7xFgS0WQ>
Subject: Re: [Rats] Entity vs. role
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Mar 2022 20:33:57 -0000

See inline [nms] – warning long reply

From: RATS <rats-bounces@ietf.org> on behalf of "Eric Voit (evoit)" <evoit=40cisco.com@dmarc.ietf.org>
Date: Wednesday, March 23, 2022 at 1:54 PM
To: Laurence Lundblade <lgl@island-resort.com>
Cc: "rats@ietf.org" <rats@ietf.org>, "Smith, Ned" <ned.smith@intel.com>, Thomas Fossati <tho.ietf@gmail.com>
Subject: Re: [Rats] Entity vs. role

From: Laurence Lundblade, March 23, 2022 4:03 AM
On Mar 22, 2022, at 10:37 PM, Eric Voit (evoit) <evoit@cisco.com<mailto:evoit@cisco.com>> wrote:

Yes, we can depict it like that conceptually, but in reality it could be one big machine learning engine or similar where you can’t separate it (you could even put unverified measurements in AR so they can be fed into a machine learning engine).

<eric> Ar4si uses the term "AR-Augmented Evidence" to show what flows into the unified Verifier + Relying Party roles.  Ar4si makes no assertions on what the full set of Evidence might include.

And RATS architecture doesn’t care about what’s in AP for AR and shouldn’t care about it. We’re only mentioning AP for AR for the sake of completeness. We’re not going to put any requirements on it or say anything more about it than it exists, right? Hope that right.

<eric> The RATS architecture doesn't name specific objects.  But where AR flows between devices (e.g., in the passport model), this WG needs to understand how reusable Verifier generated objects/definitions might be consumed.  I.e., the ultimate consumer of RATS is the RP.

Eric

Yes, went backed and looked at your slides again. Makes sense. Definitely a use case to support.

When talking in terms of roles, I definitely think that Verifier B is just co-located with the RP, not part of the RP.

I’m not sure if we should consider Verifier A + Verifier B a composite Verifier or not. In my comments above I clearly asserted that all the verifiers (in a composite verifier) must have run before there is any AR. By that criteria it is definitely not, but maybe that definition is too strict?

<eric>  There is no term "Composite Verifier" in the architecture.  And if there was, I wouldn't consider Verifier A + Verifier B composite because:
* Verifier A will often not even know about Verifier B.
* Verifier A & Verifier B will often be managed by different organizations.
[nms] The term ‘composite’ is defined in the context of ‘composite device’ which is an entity (not a role). The architecture didn’t define ‘composite verifier’ but if it did it would likely(?) define it as an entity (lower case verifier) – or some other name that avoids collisions with Verifier. Maybe I-Ds that describe different compositions of entities should be careful to use names that are well qualified such as a ‘distributed entity’(de)? Then it would be easier to talk about a Verifier on de-A or a Verifier on de-B. It may seem pedantic but it helps clear up “ambiguities” in the architecture by separating issues related to managing entities from those pertaining to role semantics and appraisal processing / interpretation. Roles focus attention on what can be said while entities focus on who is speaking.

I’m also not sure what we should call the intermediate results between Verifier in a composite verifier. By my criteria above it can’t be AR-Augmented Evidence, but again, maybe that criteria is too strict.

<eric> Verifier A does not know that it is creating "intermediate results".  It is delivering exactly the evaluation promised.  This is why what is coming from the Verifier A must be known as Attestation Results.

It is up to the end-to-end use case as understood by the Verifier B + RP to determine how to handle the full set of Evidence receives.
[nms] +1

Ironic in a way — I want to forward/passthrough Evidence in Results, you are forwarding/passingthrough Results in Evidence :-)

<eric> It is not me that puts Results in Evidence.  It is the definitions in the architecture document which requires it *must* be specified this way.

Others should chime in on whether they agree with my interpretation of the architecture document.  To me it is perfectly clear.
[nms] If entity-A says Evidence-1, AR-1 and Endorsement-1 then we can refer to entity-A as an Attester or Verifier or Endorser or combinations of these roles. But that may lead to confusion if the design needs to describe properties of both the entity and the role(s) it performs. The architecture takes some liberties for readability when describing RATS roles conceptually. Sometimes the roles read like entities. But the terminology section clearly describes the difference between role and entity. Nevertheless, I-D authors may need to be rigorous about distinguishing between properties that apply to entities and those that apply to roles.

Given Evidence is a logical statement that relates “who says what”, the following is an example of a RATS conceptual message:
“entity-X says conceptual message”

There is an implied assertion that “IF entity-X says Evidence THEN entity-X must be an Attester”. However, it is ambiguous whether conceptual message is either Evidence, Attestation Result, RV etc…

A credential that deliberately assigns the Attester role to entity-X would make the role assignment explicit and provable. The logical statement would be something like ‘entity-X has role Attester and says Evidence’. This statement would be cryptographically verifiable if ‘says’ is interpreted as use of a key.

The ‘says’ statement can be used for both role assignments and conceptual message construction.
E.g.,
Statement 1: “owner-entity-Y says entity-X has role Attester”
Statement 2: “entity-X says Evidence”

If statement 2 happened before statement 1 then that would be a security flaw.

Assuming the roles assignment happens in the right order, it is possible for an Evidence passthrough case to be expressed as:
     Setup steps:
Statement a: “owner-Y says entity-X has role Attester”
Statement b: “owner-Y says entity-Z1 has role Verifier”
Statement c: “owner-Y says entity-Z2 has role Verifier”
Statement d: “owner-Y says entity-RP has role Relying Party”

     Operational steps:
Statement 1: “entity-X says Evidence”
Statement 2: “entity-Z1 says (entity-X says Evidence)” ; passthrough evidence
Statement 3: “entity-Z2 says AR” ; and includes entailment for Statement 2

Alternatively, statement 3 could include the entailment in a single statement:
Statement 4: “entity-Z2 says (entity-Z1 says (entity-X says Evidence))”

The first parenthetical is the partial attestation result expressed as passthrough evidence. The RP might want AR claims expressed using the same format as was expressed by the Attester Evidence. Let’s say the claim is 264 (which is the IANA code point for location) with x,y,z coordinates.

    e.g.: Statement 4: “entity-Z2 says (entity-Z1 says (entity-X says 264=(x,y,z)))”

The RP might want to consume a claim in the ‘264’ format, but also wants to know that it was intended as AR and NOT Evidence that was routed through entity-Z1 or entity-Z2 where it picked up a signature as a consequence of secure routing protocols.

Based on this, Statement 2 and Statement 4 are passing evidence through, but it is partially appraised Evidence.

For example, Entity-Z1 might have an appraisal policy that requires Evidence to contain 3 different location sensing techniques (GPS, triangulated cell towers, and Bluetooth RSSI). The result of Z1 appraisal might result in only GPS location because Z2 expects Z1 to apply data reduction resulting in an intermediate form of Evidence that is a singleton location and partially appraised.

Entity-Z2 might process the location claim based on a Reference Value in the form of a geo-fence. If inside the fence, the location claim is propagated otherwise not. If propagated then it becomes an AR.

Even though the claim delivered to the RP is the same value encoding (264) as originally produced by entity-X as Evidence. The RP can determine that it is indeed Attestation Results in two ways.

(a)     By evaluating policy about who can say what (refers to the setup steps).

(b)     By evaluating a log of the statements (1-4) and determining if the statements have logic or sequencing errors.

Since Z1 and Z2 behavior are modified by appraisal policy. Statement 4 should include the policies they applied. Something like the following:

Statement 4: (entity-Z2 says (entity-Z1 says (entity-X says 264) by policy-Z1) by RV-Z2)

Since reference values are provided by RVPs. A RV is a statement of the form:
     (RVP says RV1) where RV1 is a geo-fence with four corners (264=c1, 264=c2, 264=c3, 264=c4)

Statement 4 then might be:

(entity-Z2 says (entity-Z1 says (entity-X says 264=(x,y,z) by policy-Z1) by (RVP says (264=c1, 264=c2, 264=c3, 264=c4)))

Note: Everything to the right of a “says” operator is a conceptual message.

Architecturally, statement 4 isn’t Attestation Results until the outer parenthesis is applied. Prior to that it is Evidence. I.e., (signed) appraised Evidence = AR.

From a RP perspective it is “un-appraised Attestation Results” until statement 4 is evaluated (appraised). It isn’t actionable by a RP-entity before then. It might make sense to call it “appraised AR” to clarify within the RP-entity what phase of processing it is in. From an RP-entity perspective, the line where the RATS RP Role crosses over to the RP-entity’s enforcement role occurs when an appraised AR exists. Prior to that it is just Attestation Results.



Eric

LL

v2.23.0 | Report a Bug | By Email