Terminology, dataflow/roles, and trust model

[dthaler]

Here's a first attempt to combine terminology sections, and trust model.
Includes new terms Endorser and Appraisal Policy per recent discussion.

Signed-off-by: Dave Thaler dthaler@microsoft.com

[nedmsmith]

Attester definition seems biased towards the perspective of a Relying Party rather than being described from the perspective of a "Verifier Appraisal Policy".

[nedmsmith]

Relying Party definition could be more specific to attestation roles by identifying the "verifier" as the entity that it trusts to provide Attestation Results.

[nedmsmith]

Verifier definition could be more specific about evaluating Evidence information about an Attester.

[nedmsmith]

In the trust model section I generally don't like sentence structure that ends in a preposition. Could be worded better.

[nedmsmith]

The word 'health' is generally being used where other words such as 'trustworthiness', or 'state' could be used. I'm concerned that 'health' might not easily be synonymous with 'trust'. It also seems to bias the architecture toward NEA (RFC5209) which IMO does not define attestation.

[dthaler]

The word 'health' is generally being used where other words such as 'trustworthiness', or 'state' could be used. I'm concerned that 'health' might not easily be synonymous with 'trust'. It also seems to bias the architecture toward NEA (RFC5209) which IMO does not define attestation.

Done

[dthaler]

In the trust model section I generally don't like sentence structure that ends in a preposition. Could be worded better.

Done. (But if you have feedback on a sentence like this in the future, please attach the comment directly to the code line under the "Files changed" tab, to make it easy to find which phrase you're referring to.)

[dthaler]

Verifier definition could be more specific about evaluating Evidence information about an Attester.

Done

[dthaler]

Attester definition seems biased towards the perspective of a Relying Party rather than being described from the perspective of a "Verifier Appraisal Policy".

Updated. How about now?

[mcr]

Who is speaking the Appraisal Policy?

[mcr]

Predominantly, it is the local organization/domain-administrator. Administrative-Domain. Or Owner.

[mcr]

Endorsement is a kind of manifest, like for a ship (a shipper!)

[William-PanWei]

Does the Known-Good-Value/Reference Value fall into Endorsement or Appraisal Policy? Is it better to add some text into the explanation of the related term to explicitly express that this term includes the Reference Value?

[mcr]

Appraisal Policy! (No, could be both) Reference Value is a 1:1 comparison. But, for geo-coordinates it would be more like a policy, a calculation is required. Appraisal Policy is a super set of Reference Value/KGV. An Endorsement is spoken by a supply chain entity, while an Appraisal Policy is spoken by an Owner.

[dthaler]

Appraisal Policy. And as Michael implies, Reference Value is just an example and is not sufficient in the general case so we do not want to imply that there is necessarily such a thing as a Reference Value, except in a specific example.

[William-PanWei]

Got it. Use Cases draft or 'Use Cases' section is a good place for giving an example to explain that Reference Value is one case of Appraisal Policy.

[mcr]

this term gets re-introduced here, without any annotation.
The appraisal policy are the rules on how to test the evidence.
Here, "Attestation" is the creation of the evidence
Often people use the term "Attestation" to refer to the whole process.
Suggestion that we should define this term somewhere, but maybe "Remote Attestation"?

[mcr]

FIDO has NONE-Attestation-Type, where there is no assessment. TCG would call this Implicit Attestation. https://www.w3.org/TR/webauthn/#none-attestation

[mcr]

Let's take this to the WG, and maybe we can not get consensus on this term.

[mcr]

Charter says: "Remote
attestation procedures (RATS) enable relying parties to establish a level of
confidence in the trustworthiness of remote system components through the
creation of attestation evidence by remote system components and a processing
chain towards the relying party."

[dthaler]

I would like to discuss the possibility of combining the terms "Endorsement" and "Attestation Result". Just like we have an Appraisal Policy for a verifier and an Appraisal Policy for a relying party, some might view an Attestation Result as an Endorsement for use by the relying party. I'm ok either way, but wanted to discuss this in our next call to see if others think it would help or confuse things.

[dthaler]

I still believe my original definition of Attestation is good, I haven't seen any comments here about what the problem was. For comparison, https://en.wikipedia.org/wiki/Attestation says it's "The process of validating the integrity of a computing device such as a server needed for trusted computing.". I'm also ok with that definition.

[nedmsmith]

I’m OK with that wording for introducing the concept. It may break down if the terminology for ‘device’ and ‘trusted computing’ become overly specified / specific. From: Dave Thaler <notifications@github.com> Reply-To: ietf-rats-wg/architecture <reply@reply.github.com> Date: Tuesday, December 17, 2019 at 6:59 AM To: ietf-rats-wg/architecture <architecture@noreply.github.com> Cc: "Smith, Ned" <ned.smith@intel.com>, Review requested <review_requested@noreply.github.com> Subject: Re: [ietf-rats-wg/architecture] Terminology, dataflow/roles, and trust model (#6) I still believe my original definition of Attestation is good, I haven't seen any comments here about what the problem was. For comparison, https://en.wikipedia.org/wiki/Attestation says it's "The process of validating the integrity of a computing device such as a server needed for trusted computing.". I'm also ok with that definition. — You are receiving this because your review was requested. Reply to this email directly, view it on GitHub<#6?email_source=notifications&email_token=ABPMCSA5A36322ZD6PAQN63QZDSENA5CNFSM4JSMUVFKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEHCUPCI#issuecomment-566577033>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ABPMCSEVNW5TYYWUW3O53ITQZDSENANCNFSM4JSMUVFA>.