-
Notifications
You must be signed in to change notification settings - Fork 6
tiny CoRIM
One major source of complexity with CoRIM derives from the fact that we currently describe ACS as stateful.
This implies that CoRIM documents are programs, which sets the bar for CoRIM authors and implementers of the CoRIM verifier pretty high.
The approach proposed here makes the ACS read-only once populated with the Evidence Claims-Set that has successfully passed the reference values matching stage.
Alongside that, there is a separate, append-only, “augmented claims set” that is manipulated during endorsed values processing based on conditional matches over the read-only accepted Claims-Set.
Compared to the current, this would be a significantly simpler processing machine and one that is trivial to implement.
I suggest we make this "tiny" CoRIM the core that every implementation MUST provide and deal with more complex processing logic as optional extensions of this "tiny" core.
Quick recap:
- Initialize the "appraisal context"
- Verify Evidence's crypto protection
- Check Evidence against Reference Values
- Append matching Endorsed Values to the "augmented claims set" (ACS)
- (OOS) apply appraisal policy for Evidence
- (OOS) assemble Attestation Result
Goal: Obtaining all the "pieces" needed for appraisal.
This phase is influenced by inputs that are not necessarily in the scope of CoRIM, such as ACLs associated with supply chain actors, trust anchors, the identity associated with the appraisal requestor, retrieval protocols and their correct configuration, etc.
Output:
- Evidence (E), which we assume to have the following structure E{ ClaimsSet, Signature }
- reference values (RV),
- x-reference values (xRV),
- endorsed values (EV), which we assume to have the following structure EV{ Condition, Claims }
- verification keys (VK), and
- trust anchors (TA).
This phase may be amortized over several different appraisals.
Goal: Validate E's integrity and authenticate its origin.
Input:
- E
- VK, TA
Algorithm:
def verify(E, VK, TA):
if some_crypto_verification_defined_by_E(E, VK, TA):
return E.ClaimsSet
return NoneOutput:
- the verified Evidence Claims-Set or None
Goal: To check whether Evidence matches some "known good values" and does not match any "known bad values".
Input:
- Claims-Set
- RV
- xRV
Output:
- boolean status
Note RV and xRV are a subset of Claims-Set, i.e., there may be claims in Claims-Set that have no equivalent in RV and xRV
def process_reference_values(ClaimsSet, RV, xRV):
# deny list first
for bad in xRV:
if subset_match(bad, ClaimsSet):
# known bad values
return false
# accept list second
for good in RV:
if not subset_match(good, ClaimsSet):
# no good values
return false
return truewith (poetic license alert!):
def subset_match(A, B):
'''precondition: A is a subset of B'''
for (k, v) in A:
if B[k] != v:
return false
return trueGoal: To augment the Claims-Set with any matching endorsed value
Input:
- Claims-Set
- EV
Output:
- The "augmented" Claims-Set
def process_endorsed_values(EV, ClaimsSet):
ACS = []
for ev in EV:
if subset_match(ev.Condition, ClaimsSet):
ACS.append(ev.Claims)
return ACSdef corim_appraisal():
(E, RV, xRV, EV, VK, TA) = init_context()
cs = verify(E, VK, TA)
if cs == None:
return AR{appraised: false}
if not process_reference_values(cs, RV, xRV):
return AR{appraised: false}
ACS = process_endorsed_values(EV, cs)
# optional policy evaluator
return AR{appraised: true, ClaimsSet: cs, AugmentedClaimsSet: ACS}