First draft of adding Interaction Model examples #46
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
henkbirkholz
requested changes
Jan 25, 2022
| @@ -327,8 +327,7 @@ Appraisal procedures are application-specific and can be conducted via compariso | |||
| The final output of the Verifier are Attestation Results. Attestation Results constitute new Claim Sets about the properties and characteristics of an Attester, which enables Relying Parties, for example, to assess an Attester's trustworthiness. | |||
|
|
|||
| ### Models and example sequences of Challenge/Response Remote Attestation | |||
| According to RATS Architecture Document{{-RATS}}, two reference models for Challenge/Response Attestation has been proposed. This sections highlights the | |||
| information flow bewteen the Attestor, Verifier and Relying Party undergoing Remote Attestation Procedure, using these models. | |||
| According to RATS Architecture Document, two reference models for Challenge/Response Attestation has been proposed. This sections highlights the information flow bewteen the Attestor, Verifier and Relying Party undergoing Remote Attestation Procedure, using these models. | |||
There was a problem hiding this comment.
Suggested change
| According to RATS Architecture Document, two reference models for Challenge/Response Attestation has been proposed. This sections highlights the information flow bewteen the Attestor, Verifier and Relying Party undergoing Remote Attestation Procedure, using these models. | |
| According to the RATS Architecture , two reference models for Challenge/Response Attestation have been proposed. This sections highlights the information flows between the Attester, Verifier and Relying Party undergoing Remote Attestation Procedure, using these models. |
| ~~~~ | ||
|
|
||
| 2. BackGround Check Model | ||
|
|
||
| The background-check model is so named because of the resemblance of how employers and volunteer organizations perform background checks. In this model, the attestation sequence is initiated by a Relying Party. The Attestor conveys Evidence to the Relying Party. Upon receiving evidence the Relying Party initiates a session with the Verifier. Once session is established, it forwards the received Evidence to the Verfier. The Verifier, compares the received Evidence to its appraisal policy for evidence and returns an Attestation Result to the Relying Party. The Relying Party then compares the | ||
| The background-check model is so named because of the resemblance of how employers and volunteer organizations perform background checks. In this model, the attestation sequence is initiated by a Relying Party. The Attestor conveys Evidence to the Relying Party. Upon receiving evidence the Relying Party initiates a session with the Verifier. Once session is established, it forwards the received Evidence to the Verfier. The Verifier, compares the received Evidence to its appraisal policy for evidence and returns an Attestation Result to the Relying Party. The Relying Party then compares the |
There was a problem hiding this comment.
Suggested change
| The background-check model is so named because of the resemblance of how employers and volunteer organizations perform background checks. In this model, the attestation sequence is initiated by a Relying Party. The Attestor conveys Evidence to the Relying Party. Upon receiving evidence the Relying Party initiates a session with the Verifier. Once session is established, it forwards the received Evidence to the Verfier. The Verifier, compares the received Evidence to its appraisal policy for evidence and returns an Attestation Result to the Relying Party. The Relying Party then compares the | |
| The background-check model is so named because of the resemblance of how employers and volunteer organizations perform background checks. In this model, the attestation sequence is initiated by a Relying Party. The Attester conveys Evidence to the Relying Party, which does not process its payload, but relays the message and optionally checks it's signature against a policed trust anchor store. Upon receiving the evidence the Relying Party initiates a with the Verifier. Once session is established, it forwards the received Evidence to the Verfier. The Verifier appraises the received Evidence according to its Appraisal Policy for Evidence and returns a corresponding Attestation Result to the Relying Party. The Relying Party then checks the |
thomas-fossati
approved these changes
Jan 26, 2022
|
|
||
| 1. Passport Model | ||
|
|
||
| The passport modle is so named because of its resemblance to how nations issue passports to their citizens. In this Model, the attestation sequence is a |
There was a problem hiding this comment.
Suggested change
| The passport modle is so named because of its resemblance to how nations issue passports to their citizens. In this Model, the attestation sequence is a | |
| The passport model is so named because of its resemblance to how nations issue passports to their citizens. In this model, the attestation sequence is a |
| @@ -326,6 +326,74 @@ As soon as the Verifier receives the Evidence and the Event Logs, it appraises t | |||
| Appraisal procedures are application-specific and can be conducted via comparison of the Claims with corresponding Reference Values, such as Reference Integrity Measurements. | |||
| The final output of the Verifier are Attestation Results. Attestation Results constitute new Claim Sets about the properties and characteristics of an Attester, which enables Relying Parties, for example, to assess an Attester's trustworthiness. | |||
|
|
|||
| ### Models and example sequences of Challenge/Response Remote Attestation | |||
| According to the RATS Architecture, two reference models for Challenge/Response Attestation have been proposed. This sections highlights the information flows bewteen the Attestor, Verifier and Relying Party undergoing Remote Attestation Procedure, using these models. | |||
There was a problem hiding this comment.
Suggested change
| According to the RATS Architecture, two reference models for Challenge/Response Attestation have been proposed. This sections highlights the information flows bewteen the Attestor, Verifier and Relying Party undergoing Remote Attestation Procedure, using these models. | |
| According to the RATS Architecture, two reference models for Challenge/Response Attestation have been proposed. This sections highlights the information flows bewteen the Attester, Verifier and Relying Party undergoing Remote Attestation Procedure, using these models. |
|
|
||
| The passport modle is so named because of its resemblance to how nations issue passports to their citizens. In this Model, the attestation sequence is a | ||
| two step procedure. In the first step, an Attester conveys Evidence to a Verifier which compares the Evidence against its appraisal policy. The Verifier | ||
| then gives back an Attestation Result to the Attester, which simply caches it. In the second step, the Attester presents the Attestation Result (and possibly additional Claims/evidence) to a Relying Party, which then compares this information against its own appraisal policy to establish the trustworthiness of the attestor. |
There was a problem hiding this comment.
Suggested change
| then gives back an Attestation Result to the Attester, which simply caches it. In the second step, the Attester presents the Attestation Result (and possibly additional Claims/evidence) to a Relying Party, which then compares this information against its own appraisal policy to establish the trustworthiness of the attestor. | |
| then gives back an Attestation Result to the Attester, which simply caches it. In the second step, the Attester presents the Attestation Result (and possibly additional Claims/evidence) to a Relying Party, which then compares this information against its own appraisal policy to establish the trustworthiness of the attester. |
There was a problem hiding this comment.
Will correct this in next revision!
| | | | | ||
| | attestationResults <----------------------------------- | | | ||
| | | | | ||
| | attestationResults(evidence, results) ----------------------------------------------------------> | | | | |
There was a problem hiding this comment.
there seems to be a problem with NL here
There was a problem hiding this comment.
Sure thanks Thomas, will look into this later today!
William-PanWei
suggested changes
Jan 27, 2022
| @@ -326,6 +326,74 @@ As soon as the Verifier receives the Evidence and the Event Logs, it appraises t | |||
| Appraisal procedures are application-specific and can be conducted via comparison of the Claims with corresponding Reference Values, such as Reference Integrity Measurements. | |||
| The final output of the Verifier are Attestation Results. Attestation Results constitute new Claim Sets about the properties and characteristics of an Attester, which enables Relying Parties, for example, to assess an Attester's trustworthiness. | |||
|
|
|||
| ### Models and example sequences of Challenge/Response Remote Attestation | |||
| According to the RATS Architecture, two reference models for Challenge/Response Attestation have been proposed. This sections highlights the information flows bewteen the Attestor, Verifier and Relying Party undergoing Remote Attestation Procedure, using these models. | |||
There was a problem hiding this comment.
Suggested change
| According to the RATS Architecture, two reference models for Challenge/Response Attestation have been proposed. This sections highlights the information flows bewteen the Attestor, Verifier and Relying Party undergoing Remote Attestation Procedure, using these models. | |
| According to the RATS Architecture, two reference models for Challenge/Response Attestation have been proposed. This section highlights the information flows between the Attestor, Verifier, and Relying Party undergoing Remote Attestation Procedure, using these models. |
|
|
||
| 1. Passport Model | ||
|
|
||
| The passport modle is so named because of its resemblance to how nations issue passports to their citizens. In this Model, the attestation sequence is a |
There was a problem hiding this comment.
Suggested change
| The passport modle is so named because of its resemblance to how nations issue passports to their citizens. In this Model, the attestation sequence is a | |
| The passport model is so named because of its resemblance to how nations issue passports to their citizens. In this Model, the attestation sequence is a |
| 1. Passport Model | ||
|
|
||
| The passport modle is so named because of its resemblance to how nations issue passports to their citizens. In this Model, the attestation sequence is a | ||
| two step procedure. In the first step, an Attester conveys Evidence to a Verifier which compares the Evidence against its appraisal policy. The Verifier |
There was a problem hiding this comment.
Suggested change
| two step procedure. In the first step, an Attester conveys Evidence to a Verifier which compares the Evidence against its appraisal policy. The Verifier | |
| two-step procedure. In the first step, an Attester conveys Evidence to a Verifier, which compares the Evidence against its appraisal policy. The Verifier |
|
|
||
| The passport modle is so named because of its resemblance to how nations issue passports to their citizens. In this Model, the attestation sequence is a | ||
| two step procedure. In the first step, an Attester conveys Evidence to a Verifier which compares the Evidence against its appraisal policy. The Verifier | ||
| then gives back an Attestation Result to the Attester, which simply caches it. In the second step, the Attester presents the Attestation Result (and possibly additional Claims/evidence) to a Relying Party, which then compares this information against its own appraisal policy to establish the trustworthiness of the attestor. |
There was a problem hiding this comment.
Suggested change
| then gives back an Attestation Result to the Attester, which simply caches it. In the second step, the Attester presents the Attestation Result (and possibly additional Claims/evidence) to a Relying Party, which then compares this information against its own appraisal policy to establish the trustworthiness of the attestor. | |
| then gives back an Attestation Result to the Attester, which simply caches it. In the second step, the Attester presents the Attestation Result (and possibly additional Claims/evidence) to a Relying Party, which then compares this information against its own appraisal policy to establish the trustworthiness of the Attester. |
Comment on lines
+339
to
+341
| .----------. .----------. .----------. | ||
| | Attester | | Verifier | | R. P. | | ||
| '----------' '----------' '----------' |
There was a problem hiding this comment.
The width of this diagram exceeds the width limitation of the I-D.
|
|
||
| 2. BackGround Check Model | ||
|
|
||
| The background-check model is so named because of the resemblance of how employers and volunteer organizations perform background checks. In this model, the attestation sequence is initiated by a Relying Party. The Attester conveys Evidence to the Relying Party, which does not process its payload, but realys the message and optionally check its signature against a policed trust anchor store. Upon receiving the evidence the Relying Party initiates a session with the Verifier. Once session is established, it forwards the received Evidence to the Verfier. The Verifier, appraises the received Evidence according to its appraisal policy for Evidence and returns a corresponding Attestation Result to the Relying Party. The Relying Party then checks the Attestation Result against its own appraisal policy to conclude attestation. |
There was a problem hiding this comment.
Suggested change
| The background-check model is so named because of the resemblance of how employers and volunteer organizations perform background checks. In this model, the attestation sequence is initiated by a Relying Party. The Attester conveys Evidence to the Relying Party, which does not process its payload, but realys the message and optionally check its signature against a policed trust anchor store. Upon receiving the evidence the Relying Party initiates a session with the Verifier. Once session is established, it forwards the received Evidence to the Verfier. The Verifier, appraises the received Evidence according to its appraisal policy for Evidence and returns a corresponding Attestation Result to the Relying Party. The Relying Party then checks the Attestation Result against its own appraisal policy to conclude attestation. | |
| The background-check model is so named because of the resemblance of how employers and volunteer organizations perform background checks. In this model, the attestation sequence is initiated by a Relying Party. The Attester conveys Evidence to the Relying Party, which does not process its payload, but relays the message and optionally checks its signature against a policed trust anchor store. Upon receiving the evidence the Relying Party initiates a session with the Verifier. Once the session is established, it forwards the received Evidence to the Verifier. The Verifier appraises the received Evidence according to its appraisal policy for Evidence and returns a corresponding Attestation Result to the Relying Party. The Relying Party then checks the Attestation Result against its own appraisal policy to conclude attestation. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
@henkbirkholz : Please let me know, your views as to how is the information flow and anything else, we need to add?