Add CCA Token example #176
Conversation
|
Thanks for the contribution, Giri. The text is good but I am wondering why you only included the Platform Evidence token instead of also the Realm token. Could you explain? |
Co-authored-by: Hannes Tschofenig <[email protected]>
Co-authored-by: Hannes Tschofenig <[email protected]>
Co-authored-by: Hannes Tschofenig <[email protected]>
Co-authored-by: Hannes Tschofenig <[email protected]>
I had not created a sample realm claim set yet, and this issue was pending for a while so I wanted to get something in for review. I can add a realm token example. One more question: will a single OID be allocated for CCA token? Or can different OID's be assigned for the different CCA attestation options? I think t least for CSR's there could potentially be three: (a) Platform token only, (b) DIrect model: Platform token + realm claims set, where a hash of the realm claims set is included in the platform token payload as challenge data, and (c) Delegated model: Platform token + Realm Attestation Token, where Platform token includes the Realm Attestation PubKey as challenge data. Another option is to just assign one OID for CCA, and have the variants be identified by CBOR tags. |
Co-authored-by: Hannes Tschofenig <[email protected]>
Co-authored-by: Hannes Tschofenig <[email protected]>
|
In your case I think it would be best to assign three OIDs - one for each of the encodings. |
To address #172