Skip to content

Use CWT claim names #53

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Aug 13, 2025
Merged

Use CWT claim names #53

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions specifications/ietf-eat-profile/cddl/ietf_eat_ocp_profile.cddl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
cwt-envelope-signed-eat = {
; The EAT Profile for OCP OID
&(eat_profile : 265 ) => ~oid ; TODO: OCP Security to assign a value - note: `~` strips CBOR tag #6.111(oid) from `oid`
&(EAT Profile : 265 ) => ~oid ; TODO: OCP Security to assign a value - note: `~` strips CBOR tag #6.111(oid) from `oid`

; Issuer claim is StringOrURI (tstr)
&(iss : 1) => tstr
Expand All @@ -9,7 +9,7 @@ cwt-envelope-signed-eat = {
&(Nonce : 10) => bstr

; EAT measurements claim is defined in section-4.2.16
&(measurements : 273) => measurements-type
&(Measurements : 273) => measurements-type

; Private Claims (they have to be < -65536 for rfc8392) per RFC 8392

Expand Down
4 changes: 2 additions & 2 deletions specifications/ietf-eat-profile/spec.ocp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -155,13 +155,13 @@ in the unsigned section of the COSE_Sign1 header.
The CWT claim set is intentionally minimalistic, serving primarily as an
integrity-protected wrapper for concise evidence.

1. **eat_profile**
1. **EAT Profile**
* This claim is used by the attester to identify the profile. It **MUST** be present and **SHALL** contain the OID assigned to the OCP Profile. **TODO: OCP to assign OID Value**
2. **issuer**
* This claim is optionally used by the attester to bind the EAT to the certificate chain that issued it. If present, **SHALL** match the SUBJECT Common Name of the Attestation Key (AK) Certificate.
3. **Nonce**
* This claim is used by the attester to ensure the freshness of the response. It **MUST** be present and **SHALL** be a string or an array of strings. It **SHALL** contain as minimum the nonce value passed by the requester.
4. **measurements**
4. **Measurements**
* This claim is used by the attester to present the target environment claims that verifier will consume for the appraisal policy. It **MUST** be present and **SHALL** encapsulate a “concise-evidence” using the appropriate IANA media type.
5. **rim-locators**
* This claim is used by the attester to point the verifier to the rim repository. If present, **SHALL** be an array of corim-locator-map (as defined by the IETF CoRIM Draft).
Expand Down