Replies: 7 comments 10 replies
-
Appraise the Trust Basis then the key management properties given that trust basis. Trust basis includes the primary and secondary roots-of-trust. Are these autonomic (cryptographic zero-trust), administrative, or algorithmic) Key management: single sig, type of signature algorithm ECDSA, ED25519 etc, Multi-sig, type of multi-sig threshold. etc Key creation mechanism (HDK or random salt) Key state change (rotation) mechanism (verifiable, asserted, or multiply asserted etc) |
Beta Was this translation helpful? Give feedback.
-
Perhaps our (ANCR WG at Kantara) Transparency Performance Scheme and Indicators, could be used as a part of a framework for controller assessment, along with the receipt it can generate.
https://github.com/KantaraInitiative/WG-ANCR/blob/main/TPI/ANCR-Digital-Transaprency-Scheme-v0.9.1.pdf
From: Drummond Reed ***@***.***>
Sent: Tuesday, October 3, 2023 10:42 PM
To: trustoverip/trust-spanning-protocol ***@***.***>
Cc: Subscribed ***@***.***>
Subject: [trustoverip/trust-spanning-protocol] Criteria for our VID Appraisability Framework (Discussion #47)
In our 2023-09-27 TSPTF meeting, we discussed the following proposed text for section 2.1.5 of the specification:
When an endpoint is about to send to or receive from a VID, it must assess the trust basis of this VID. Note that this procedure concerns the assessment of the identifier itself, not the controller nor the subject of the identifier. Part of this assessment is done through the verification procedure (section 2.1.2), but for some applications that may not be sufficient.
The purpose of this discussion is to propose specific criteria that should be included in our appraisability framework. Please make each proposal a separate thread, and include in the starting post for the thread:
1. Short name for the criteria.
2. Description of the criteria and how it would be represented technically (e.g., property names and values).
3. Explanation of why the criteria should be part of the appraisability framework and how a verifier is likely to use it to help determine their trust basis.
—
Reply to this email directly, view it on GitHub <#47> , or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAHY7P3AVP23W4BW25MFAL3X5TEHFAVCNFSM6AAAAAA5R4MPCCVHI2DSMVQWIX3LMV43ERDJONRXK43TNFXW4OZVGY4TSMBVG4> .
You are receiving this because you are subscribed to this thread. <https://github.com/notifications/beacon/AAHY7P2OOLHWAKPKRBW7TCDX5TEHFA5CNFSM6AAAAAA5R4MPCCWGG33NNVSW45C7OR4XAZNKIRUXGY3VONZWS33OVJRW63LNMVXHIX3JMTHAAVXV6E.gif> Message ID: ***@***.*** ***@***.***> >
|
Beta Was this translation helpful? Give feedback.
-
I think there is some value in considering the following:
|
Beta Was this translation helpful? Give feedback.
-
Is this only appraising trust? Or other important aspects, such as endpoint support for needed protocols? |
Beta Was this translation helpful? Give feedback.
-
@TelegramSam I believe endpoint support is part of the VID supporting services for each type of VID. The appraisal framework is to enable a potential interactor or business logic to decide if they want to trust a given VID type or a given configuration of a given VID type. I think that how the VID goes about using endpoints could be part of the trust appraisal but not the actual protocol and infrastructuyre that does the endpoint support. Like are endpoints considered verifiable trusted or are they merely untrusted discovery services for other verifiable services. A zero-trust breakdown of what is trusted, trustable, verifiable (not trusted unless verified) etc is what an appraisal framework is all about. For a good example of work along these lines look at the IETF RATS attestestation specs which come from the trusted computing group. The term “appraisal” is inspired by their use of the term. |
Beta Was this translation helpful? Give feedback.
-
RATS
Evidence Appraisal: a Verifier applies policy and supply chain input, such as Endorsements and References Values, to create Attestation Results from Evidence. Attestation Results Appraisal: a Relying Party applies policy to Attestation Results associated with an Attester's Evidence that originates from a trusted Verifier. The results are trust decisions regarding the Attester. To improve the confidence in a system component's trustworthiness, a relying party may require evidence about: system component identity, other factors that could influence trust decisions. ToIPThe difference is that the RATS appraisal framework is largely driven by the needs of apprising the hardware and firmware of trusted computing devices and requires a trusted third party. The ToIP appraisal framework is meant for end-to-end-verifiable appraisal without a trusted third party. It is mean to enable a verifier (end) to appraise the trustworthiness of someone else’s VID. This end-verifiability means that the VID being appraised must produce verifiable evidence of trustworthiness. It operates at a higher level than RATS. The ToIP appraisal assumes that the root-of-trust is either autonomic, algorithmic, or administrative. This could be augmented by a RATS appraisal of the hardware/firmware of an underlying HSM, secure enclave, or TEE. But that augmentation is out of scope for the ToIP appraisal framework. |
Beta Was this translation helpful? Give feedback.
-
@talltree Drummond, would you be so kind to include your definition of the term "appraisability" in your original post. The dictionary explanation of the word is too generic to be useful here. What are your criteria to distinguish something (a VID?) that is appraisable, and that is not? Oskar |
Beta Was this translation helpful? Give feedback.
-
In our 2023-09-27 TSPTF meeting, we discussed the following proposed text for section 2.1.5 of the specification:
The term we have proposed for this assessment process is appraisability. Here is the current definition of that term in the ToIP Glossary:
The purpose of this discussion is to propose specific criteria that should be included in our appraisability framework. Please make each proposal a separate thread, and include in the starting post for the thread:
Beta Was this translation helpful? Give feedback.
All reactions