You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Coswid triple is separate from reference / endorsement triples. Coswid triple can describe evidence state natively using evidence-entry. Reference values are contained in payload-entry. The remaining values in the coswid tag can be treated as endorsed values. That is, the rest of the coswid tag values (not in payoad-entry) are accepted on the condition that the payload-entry values match evidence-entry values.
Once processed (via appraisal), these claims are added to the ACS. They can be added to the ACS logically under the measurement-values-map by extension. However, if the external representation of ACS follows the measurement-values-map structure, there needs to be code points that don't conflict with other measurement-values-map code points.
This suggests the need to identify a code point range for measurement-values-map that is dedicated to coswid claims. Alternatively, the ACS models ARs using the coswid triple and Relying Parties map the AR format to an internal format.
The coswid-triple-record doesn't include and authorized-by field. Given the current default authority is the RIM signer, and that satisfies known use cases, then the authorized-by field in the ACS schema can be used to track authorization.
However, if the default authority is insufficient. There are a couple of possible ways to model authority.
update coswid-triple-record to include 'authorized-by'
allow signed coswids in the corim schema
Option 2 is reasonable since RFC9393 defines signed-coswid which could be a $concise-tag-type-choice. If so, a signed coswid tag could provide authority that differs (or is in addition to) the RIM signer authority.
Authority delegation may not be achieved using option 2 unless the counter-signature from the RIM signature over the signed-coswid signature is interpreted as delegation.
The text was updated successfully, but these errors were encountered:
Coswid triple is separate from reference / endorsement triples. Coswid triple can describe evidence state natively using
evidence-entry
. Reference values are contained inpayload-entry
. The remaining values in the coswid tag can be treated as endorsed values. That is, the rest of the coswid tag values (not inpayoad-entry
) are accepted on the condition that thepayload-entry
values matchevidence-entry
values.Once processed (via appraisal), these claims are added to the ACS. They can be added to the ACS logically under the
measurement-values-map
by extension. However, if the external representation of ACS follows themeasurement-values-map
structure, there needs to be code points that don't conflict with othermeasurement-values-map
code points.This suggests the need to identify a code point range for
measurement-values-map
that is dedicated to coswid claims. Alternatively, the ACS models ARs using the coswid triple and Relying Parties map the AR format to an internal format.The coswid-triple-record doesn't include and
authorized-by
field. Given the current default authority is the RIM signer, and that satisfies known use cases, then theauthorized-by
field in the ACS schema can be used to track authorization.However, if the default authority is insufficient. There are a couple of possible ways to model authority.
coswid-triple-record
to include 'authorized-by'Option 2 is reasonable since RFC9393 defines
signed-coswid
which could be a$concise-tag-type-choice
. If so, a signed coswid tag could provide authority that differs (or is in addition to) the RIM signer authority.Authority delegation may not be achieved using option 2 unless the counter-signature from the RIM signature over the
signed-coswid
signature is interpreted as delegation.The text was updated successfully, but these errors were encountered: