-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
prohibition around "passing through" claims from evidence to attestation results #345
Comments
Added 'wontfix' label for now, but please take this to the WG to ensure consensus before making this a MUST requirement. |
When using the FIDO model for Relying Party (as an example), the verifier is within the boundary of the RP and can process top-level claims, yet may still be relayed as is within the RP context. It is up to the implementation, as FIDO certification programs place no such requirement on existing attestation formats. However, making this a "MUST NOT" requirement (at least without considerably more explanation than what has been proposed in this issue) may mislead developers in the FIDO context - if the claim is passed as is within the RP security boundary from an integrated verifier then it does not appear to have any drawback. Since EAT is meant to target different standards and associated ecosystems (e.g. FIDO, GlobalPlatform, etc.), the SHOULD requirement appears to be sufficient. |
Thanks for articulating the FIDO use case. What about:
What is missing is a rationale for allowing exceptions, which should be present (or self-evident) when a SHOULD is used. |
Four ways forward have been discussed:
|
☝️ |
I've proposed removing the sentence entirely and relying on 1.3.1 in #360. Read the PR for more justification. |
Fixed with #360 |
In §4.3 we say:
I understand the reasoning behind the prohibition, but the prose needs to be tightened up a bit.
First of all, this applies to attestation result that are themselves encoded as a EAT.
Secondly, it only applies in case the evidence claims would end up at the top-level in the EAT claims-set rather than in their own clearly segregated space (e.g., in a sub-map).
If the two condition hold, these claims MUST NOT (rather than SHOULD NOT) be copied as-is, because the EAT carrying attestation results could have its own and they would clash.
Note: In our EAT attestation result we do copy the evidence profile claim, but that's completely separate from the top-level EAT profile so there's no clash nor ambiguity.
The text was updated successfully, but these errors were encountered: