-
Notifications
You must be signed in to change notification settings - Fork 6
CoRIM‐based Evidence Appraisal (take 2)
Thomas Fossati edited this page Oct 2, 2023
·
11 revisions
Usual RATS arch pic, with an explicit distinction between trust anchors and endorsed values added.
The reason for separating the concepts is that they play fundamentally different roles in the appraisal process.
flowchart TD
R((reference</br>values))
Ev((endorsed</br>values))
Ei((trust</br>anchors))
P((appraisal policy</br>for evidence))
VO([verifier</br>owner])
RFP([reference</br>value</br>provider])
E([endorser])
RP([relying</br>party])
A([attester])
e((Evidence))
a((Attestation</br>Result))
V([verifier])
subgraph " "
Ev
Ei
end
subgraph " "
R
end
subgraph " "
P
end
VO --> P
RFP --> R
E --> Ev
E --> Ei
P --> V
R --> V
RP --> e
A --> e
Ev --> V
Ei --> V
V --> a
e --> V
A -.-> RP
The picture below provides a closer look in to the appraisal process, describing what the CoRIM-based verification flow looks like. The flow is broken down into four separate stages:
- Crypto verification
- Reference values match
- Endorsed values decoration
- Attestation result assembly and signing
Notes:
- The appraisal policy is an input to all the processing stages
- All non-final processing stages can output a "failure" signal that short circuits the appraisal
flowchart TD
v1[crypto</br>verification]
v2[refval</br>match]
v3[endorsed values</br>decoration]
v4[AR assembly</br>and signing]
Ei((trust</br>anchors))
e((Evidence))
P((appraisal policy</br>for evidence))
skV>verifier signing key]
a((Attestation</br>Result))
R((reference</br>values))
Ev((endorsed</br>values))
subgraph " "
Ev
Ei
end
subgraph " "
R
end
subgraph " "
P
end
subgraph stages[" "]
v1
v2
v3
v4
end
subgraph " "
skV
end
e --> v1
Ei --> v1
v1 -- evidence claims-set --> v2
P --> stages
v2 -- evidence claims-set --> v3
v3 -- evidence claims-set</br>derived claims-set --> v4
skV --> v4
v4 --> a
R --> v2
Ev --> v3
v1 -- failure -->v4
v2 -- failure -->v4
Input:
- Evidence to be verified
- Trust anchors
- Look up the matching trust anchor (e.g., a raw public key, a TA store, etc.)
- Use the key material to verify the Evidence's cryptographic envelope
Output:
- the (cryptographically verified) Evidence's claims-set
flowchart TD
v1[crypto</br>verification]
Ei((trust</br>anchors))
e((Evidence))
P((appraisal policy</br>for evidence))
Ecs((evidence</br>claims-set))
FAIL((("failure")))
v1 --> FAIL
Ei --> v1
e --> v1
v1 --> Ecs
P --> v1
Input:
- Evidence claims-set
- Reference values
- Look up any applicable reference values
- Match reference values against the claims-set
Output:
- (validated) Evidence claims-set
flowchart TD
v2[refval</br>match]
P((appraisal policy</br>for evidence))
R((reference</br>values))
Ecs1((evidence</br>claims-set))
Ecs2((evidence</br>claims-set))
FAIL((("failure")))
v2 --> FAIL
v2 --> Ecs2
R --> v2
Ecs1 --> v2
P --> v2
Input:
- The Evidence claims-set
- Endorsed values
- Look up applicable endorsed values
- decide (based on policy) which endorsed values can be added to the claims-set
Output:
- Evidence claims-set
- Derived claims-set
flowchart TD
v3[endorsed values</br>decoration]
P((appraisal policy</br>for evidence))
Ev((endorsed</br>values))
Ecs1((evidence</br>claims-set))
Ecs2((evidence</br>claims-set))
Dcs((derived</br>claims-set))
FAIL((("failure")))
Ev --> v3
Ecs1 --> v3
v3 --> FAIL
v3 --> Dcs
v3 --> Ecs2
P --> v3
Input:
- Evidence and Derived claims-set, or a failure signal
- the Verifier private key that signs the attestation result
- Determine the attestation result claims-set based on the input claims-set and policy
- Sign the final attestation result statement
Output:
- Signed attestation results
flowchart TD
v4[AR assembly</br>and signing]
P((appraisal policy</br>for evidence))
skV>verifier signing key]
a((Attestation</br>Result))
Ecs((evidence</br>claims-set))
Dcs((derived</br>claims-set))
FAIL((("failure")))
FAIL --> v4
Ecs --> v4
Dcs --> v4
P --> v4
skV --> v4
v4 --> a