From 1882627f7f519eb31e79a0a5a774447eb2d0506d Mon Sep 17 00:00:00 2001 From: Yogesh Deshpande Date: Tue, 25 Jan 2022 07:43:36 -0500 Subject: [PATCH 1/8] First draft of adding Interaction Model examples --- ...-ietf-rats-reference-interaction-models.md | 74 +++++++++++++++++++ 1 file changed, 74 insertions(+) diff --git a/draft-ietf-rats-reference-interaction-models.md b/draft-ietf-rats-reference-interaction-models.md index 358da81..e0ce6b0 100644 --- a/draft-ietf-rats-reference-interaction-models.md +++ b/draft-ietf-rats-reference-interaction-models.md @@ -326,6 +326,80 @@ As soon as the Verifier receives the Evidence and the Event Logs, it appraises t Appraisal procedures are application-specific and can be conducted via comparison of the Claims with corresponding Reference Values, such as Reference Integrity Measurements. The final output of the Verifier are Attestation Results. Attestation Results constitute new Claim Sets about the properties and characteristics of an Attester, which enables Relying Parties, for example, to assess an Attester's trustworthiness. +### Models and example sequences of Challenge/Response Remote Attestation +According to RATS Architecture Document{{-RATS}}, two reference models for Challenge/Response Attestation has been proposed. This sections highlights the +information flow bewteen the Attestor, Verifier and Relying Party undergoing Remote Attestation Procedure, using these models. + +1. Passport Model + +The passport modle is so named because of its resemblance to how nations issue passports to their citizens. In this Model, the attestation sequence is a +two step procedure. In the first step, an Attester conveys Evidence to a Verifier which compares the Evidence against its appraisal policy. The Verifier +then gives back an Attestation Result to the Attester, which simply caches it. In the second step, the Attester presents the Attestation Result (and possibly additional Claims/evidence) to a Relying Party, which then compares this information against its own appraisal policy to establish the trustworthiness of the attestor. + +~~~~ +.----------. .----------. .----------. +| Attester | | Verifier | | R. P. | +'----------' '----------' '----------' + | | | + generateClaims(attestingEnvironment) | | + | => claims, eventLogs | | + | | | + | <-- requestAttestation(handle, authSecIDs, claimSelection) | | + | | | + collectClaims(claims, claimSelection) | | + | => collectedClaims | | + | | | + generateEvidence(handle, authSecIDs, collectedClaims) | | + | => evidence | | + | | | + | evidence, eventLogs -------------------------------------> | | + | | | + | appraiseEvidence(evidence, eventLogs, refValues) | + | | | + | attestationResults <----------------------------------- | | + | | | + | attestationResults(evidence, results) ----------------------------------------------------------> | + | | | + | | | appraiseResults(evidence, results) + | | | + | | | +~~~~ + +2. BackGround Check Model +The background-check model is so named because of the resemblance of how employers and volunteer organizations perform background checks. In this model, the +attestation sequence is initiated by a Relying Party. The Attestor conveys Evidence to the Relying Party. Upon receiving evidence the Relying Party initiates a +session with the Verifier. Once session is established, it forwards the received Evidence to the Verfier. The Verifier, compares the received Evidence to +its appraisal policy for evidence and returns an Attestation Result to the Relying Party. The Relying Party then compares the +Attestation Result against its own appraisal policy. + +~~~~ +.----------. .----------. .----------. +| Attester | | R. P. | | Verifier | +'----------' '----------' '----------' + | | | + generateClaims(attestingEnvironment) | | + | => claims, eventLogs | | + | | | + | <-- requestAttestation(handle, authSecIDs, claimSelection) | | + | | | + collectClaims(claims, claimSelection) | | + | => collectedClaims | | + | | | + generateEvidence(handle, authSecIDs, collectedClaims) | | + | => evidence | | + | | | + | evidence, eventLogs -------------------------------------> | | + | | | + | | handle, evidence, eventLogs -------> | + | | |appraiseEvidence(evidence, eventLogs, refValues) + | | | + | | attestationResults <--------------- | + | | (evidence, results) | + | | | + | appraiseResults(evidence, results) | | + | | | +~~~~ + ## Uni-Directional Remote Attestation ~~~~ From c6ab50b0793a0117957590d4be41e6a5ff87cf68 Mon Sep 17 00:00:00 2001 From: Yogesh Deshpande Date: Tue, 25 Jan 2022 08:00:48 -0500 Subject: [PATCH 2/8] Minor tidy up for further alignment --- draft-ietf-rats-reference-interaction-models.md | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/draft-ietf-rats-reference-interaction-models.md b/draft-ietf-rats-reference-interaction-models.md index e0ce6b0..df093ae 100644 --- a/draft-ietf-rats-reference-interaction-models.md +++ b/draft-ietf-rats-reference-interaction-models.md @@ -358,18 +358,14 @@ then gives back an Attestation Result to the Attester, which simply caches it. I | | | | attestationResults <----------------------------------- | | | | | - | attestationResults(evidence, results) ----------------------------------------------------------> | - | | | - | | | appraiseResults(evidence, results) - | | | + | attestationResults(evidence, results) ----------------------------------------------------------> | | | | + | | | | | | appraiseResults() | | | ~~~~ 2. BackGround Check Model -The background-check model is so named because of the resemblance of how employers and volunteer organizations perform background checks. In this model, the -attestation sequence is initiated by a Relying Party. The Attestor conveys Evidence to the Relying Party. Upon receiving evidence the Relying Party initiates a -session with the Verifier. Once session is established, it forwards the received Evidence to the Verfier. The Verifier, compares the received Evidence to -its appraisal policy for evidence and returns an Attestation Result to the Relying Party. The Relying Party then compares the + +The background-check model is so named because of the resemblance of how employers and volunteer organizations perform background checks. In this model, the attestation sequence is initiated by a Relying Party. The Attestor conveys Evidence to the Relying Party. Upon receiving evidence the Relying Party initiates a session with the Verifier. Once session is established, it forwards the received Evidence to the Verfier. The Verifier, compares the received Evidence to its appraisal policy for evidence and returns an Attestation Result to the Relying Party. The Relying Party then compares the Attestation Result against its own appraisal policy. ~~~~ @@ -391,7 +387,7 @@ Attestation Result against its own appraisal policy. | evidence, eventLogs -------------------------------------> | | | | | | | handle, evidence, eventLogs -------> | - | | |appraiseEvidence(evidence, eventLogs, refValues) + | | |appraiseEvidence() | | | | | attestationResults <--------------- | | | (evidence, results) | From d56dbd18f24d5ca18510eda7e91bb4d344c144ea Mon Sep 17 00:00:00 2001 From: Yogesh Deshpande Date: Tue, 25 Jan 2022 10:42:52 -0500 Subject: [PATCH 3/8] Fix some indentation --- ...-ietf-rats-reference-interaction-models.md | 35 +++++++++---------- 1 file changed, 17 insertions(+), 18 deletions(-) diff --git a/draft-ietf-rats-reference-interaction-models.md b/draft-ietf-rats-reference-interaction-models.md index df093ae..46ff95c 100644 --- a/draft-ietf-rats-reference-interaction-models.md +++ b/draft-ietf-rats-reference-interaction-models.md @@ -327,8 +327,7 @@ Appraisal procedures are application-specific and can be conducted via compariso The final output of the Verifier are Attestation Results. Attestation Results constitute new Claim Sets about the properties and characteristics of an Attester, which enables Relying Parties, for example, to assess an Attester's trustworthiness. ### Models and example sequences of Challenge/Response Remote Attestation -According to RATS Architecture Document{{-RATS}}, two reference models for Challenge/Response Attestation has been proposed. This sections highlights the -information flow bewteen the Attestor, Verifier and Relying Party undergoing Remote Attestation Procedure, using these models. +According to RATS Architecture Document, two reference models for Challenge/Response Attestation has been proposed. This sections highlights the information flow bewteen the Attestor, Verifier and Relying Party undergoing Remote Attestation Procedure, using these models. 1. Passport Model @@ -348,24 +347,24 @@ then gives back an Attestation Result to the Attester, which simply caches it. I | | | collectClaims(claims, claimSelection) | | | => collectedClaims | | - | | | + | | | generateEvidence(handle, authSecIDs, collectedClaims) | | | => evidence | | | | | | evidence, eventLogs -------------------------------------> | | - | | | - | appraiseEvidence(evidence, eventLogs, refValues) | | | | - | attestationResults <----------------------------------- | | - | | | - | attestationResults(evidence, results) ----------------------------------------------------------> | | | | + | appraiseEvidence(evidence, eventLogs, refValues) | + | | | + | attestationResults <----------------------------------- | | + | | | + | attestationResults(evidence, results) ----------------------------------------------------------> | | | | | | | | | | appraiseResults() - | | | + | | | ~~~~ 2. BackGround Check Model -The background-check model is so named because of the resemblance of how employers and volunteer organizations perform background checks. In this model, the attestation sequence is initiated by a Relying Party. The Attestor conveys Evidence to the Relying Party. Upon receiving evidence the Relying Party initiates a session with the Verifier. Once session is established, it forwards the received Evidence to the Verfier. The Verifier, compares the received Evidence to its appraisal policy for evidence and returns an Attestation Result to the Relying Party. The Relying Party then compares the +The background-check model is so named because of the resemblance of how employers and volunteer organizations perform background checks. In this model, the attestation sequence is initiated by a Relying Party. The Attestor conveys Evidence to the Relying Party. Upon receiving evidence the Relying Party initiates a session with the Verifier. Once session is established, it forwards the received Evidence to the Verfier. The Verifier, compares the received Evidence to its appraisal policy for evidence and returns an Attestation Result to the Relying Party. The Relying Party then compares the Attestation Result against its own appraisal policy. ~~~~ @@ -380,20 +379,20 @@ Attestation Result against its own appraisal policy. | | | collectClaims(claims, claimSelection) | | | => collectedClaims | | - | | | + | | | generateEvidence(handle, authSecIDs, collectedClaims) | | | => evidence | | | | | | evidence, eventLogs -------------------------------------> | | - | | | + | | | | | handle, evidence, eventLogs -------> | | | |appraiseEvidence() - | | | - | | attestationResults <--------------- | - | | (evidence, results) | - | | | - | appraiseResults(evidence, results) | | - | | | + | | | + | | attestationResults <--------------- | + | | (evidence, results) | + | | | + | appraiseResults(evidence, results) | | + | | | ~~~~ ## Uni-Directional Remote Attestation From 37e5a3dddd354e8816a5580940977cc3df650b20 Mon Sep 17 00:00:00 2001 From: Yogesh Deshpande Date: Tue, 25 Jan 2022 12:20:45 -0500 Subject: [PATCH 4/8] Incorporating review comments --- draft-ietf-rats-reference-interaction-models.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/draft-ietf-rats-reference-interaction-models.md b/draft-ietf-rats-reference-interaction-models.md index 46ff95c..0a9a40b 100644 --- a/draft-ietf-rats-reference-interaction-models.md +++ b/draft-ietf-rats-reference-interaction-models.md @@ -327,7 +327,7 @@ Appraisal procedures are application-specific and can be conducted via compariso The final output of the Verifier are Attestation Results. Attestation Results constitute new Claim Sets about the properties and characteristics of an Attester, which enables Relying Parties, for example, to assess an Attester's trustworthiness. ### Models and example sequences of Challenge/Response Remote Attestation -According to RATS Architecture Document, two reference models for Challenge/Response Attestation has been proposed. This sections highlights the information flow bewteen the Attestor, Verifier and Relying Party undergoing Remote Attestation Procedure, using these models. +According to RATS Architecture, two reference models for Challenge/Response Attestation have been proposed. This sections highlights the information flow bewteen the Attestor, Verifier and Relying Party undergoing Remote Attestation Procedure, using these models. 1. Passport Model @@ -364,8 +364,7 @@ then gives back an Attestation Result to the Attester, which simply caches it. I 2. BackGround Check Model -The background-check model is so named because of the resemblance of how employers and volunteer organizations perform background checks. In this model, the attestation sequence is initiated by a Relying Party. The Attestor conveys Evidence to the Relying Party. Upon receiving evidence the Relying Party initiates a session with the Verifier. Once session is established, it forwards the received Evidence to the Verfier. The Verifier, compares the received Evidence to its appraisal policy for evidence and returns an Attestation Result to the Relying Party. The Relying Party then compares the -Attestation Result against its own appraisal policy. +The background-check model is so named because of the resemblance of how employers and volunteer organizations perform background checks. In this model, the attestation sequence is initiated by a Relying Party. The Attestor conveys Evidence to the Relying Party, which does not process its payload, but realys the message and optionally check its signature against a policed trust anchor store. Upon receiving the evidence the Relying Party initiates a session with the Verifier. Once session is established, it forwards the received Evidence to the Verfier. The Verifier, compares the received Evidence to its appraisal policy for evidence and returns an Attestation Result to the Relying Party. The Relying Party then compares the Attestation Result against its own appraisal policy. ~~~~ .----------. .----------. .----------. From cb76f64be3ae2d6e86a28609306883724361417e Mon Sep 17 00:00:00 2001 From: Yogesh Deshpande Date: Tue, 25 Jan 2022 12:29:52 -0500 Subject: [PATCH 5/8] Incorporating review comments --- draft-ietf-rats-reference-interaction-models.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/draft-ietf-rats-reference-interaction-models.md b/draft-ietf-rats-reference-interaction-models.md index 0a9a40b..b1e5fad 100644 --- a/draft-ietf-rats-reference-interaction-models.md +++ b/draft-ietf-rats-reference-interaction-models.md @@ -327,7 +327,7 @@ Appraisal procedures are application-specific and can be conducted via compariso The final output of the Verifier are Attestation Results. Attestation Results constitute new Claim Sets about the properties and characteristics of an Attester, which enables Relying Parties, for example, to assess an Attester's trustworthiness. ### Models and example sequences of Challenge/Response Remote Attestation -According to RATS Architecture, two reference models for Challenge/Response Attestation have been proposed. This sections highlights the information flow bewteen the Attestor, Verifier and Relying Party undergoing Remote Attestation Procedure, using these models. +According to the RATS Architecture, two reference models for Challenge/Response Attestation have been proposed. This sections highlights the information flows bewteen the Attestor, Verifier and Relying Party undergoing Remote Attestation Procedure, using these models. 1. Passport Model @@ -364,7 +364,7 @@ then gives back an Attestation Result to the Attester, which simply caches it. I 2. BackGround Check Model -The background-check model is so named because of the resemblance of how employers and volunteer organizations perform background checks. In this model, the attestation sequence is initiated by a Relying Party. The Attestor conveys Evidence to the Relying Party, which does not process its payload, but realys the message and optionally check its signature against a policed trust anchor store. Upon receiving the evidence the Relying Party initiates a session with the Verifier. Once session is established, it forwards the received Evidence to the Verfier. The Verifier, compares the received Evidence to its appraisal policy for evidence and returns an Attestation Result to the Relying Party. The Relying Party then compares the Attestation Result against its own appraisal policy. +The background-check model is so named because of the resemblance of how employers and volunteer organizations perform background checks. In this model, the attestation sequence is initiated by a Relying Party. The Attestor conveys Evidence to the Relying Party, which does not process its payload, but realys the message and optionally check its signature against a policed trust anchor store. Upon receiving the evidence the Relying Party initiates a session with the Verifier. Once session is established, it forwards the received Evidence to the Verfier. The Verifier, appraises the received Evidence according to its appraisal policy for evidence and returns a coresponding Attestation Result to the Relying Party. The Relying Party then checks the Attestation Result against its own appraisal policy to conlcude attestation. ~~~~ .----------. .----------. .----------. From e9182956810d5ecb55e533382002ac5a4a7a05f0 Mon Sep 17 00:00:00 2001 From: Yogesh Deshpande Date: Tue, 25 Jan 2022 12:30:22 -0500 Subject: [PATCH 6/8] Fixing minor typo --- draft-ietf-rats-reference-interaction-models.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-rats-reference-interaction-models.md b/draft-ietf-rats-reference-interaction-models.md index b1e5fad..04b560d 100644 --- a/draft-ietf-rats-reference-interaction-models.md +++ b/draft-ietf-rats-reference-interaction-models.md @@ -364,7 +364,7 @@ then gives back an Attestation Result to the Attester, which simply caches it. I 2. BackGround Check Model -The background-check model is so named because of the resemblance of how employers and volunteer organizations perform background checks. In this model, the attestation sequence is initiated by a Relying Party. The Attestor conveys Evidence to the Relying Party, which does not process its payload, but realys the message and optionally check its signature against a policed trust anchor store. Upon receiving the evidence the Relying Party initiates a session with the Verifier. Once session is established, it forwards the received Evidence to the Verfier. The Verifier, appraises the received Evidence according to its appraisal policy for evidence and returns a coresponding Attestation Result to the Relying Party. The Relying Party then checks the Attestation Result against its own appraisal policy to conlcude attestation. +The background-check model is so named because of the resemblance of how employers and volunteer organizations perform background checks. In this model, the attestation sequence is initiated by a Relying Party. The Attestor conveys Evidence to the Relying Party, which does not process its payload, but realys the message and optionally check its signature against a policed trust anchor store. Upon receiving the evidence the Relying Party initiates a session with the Verifier. Once session is established, it forwards the received Evidence to the Verfier. The Verifier, appraises the received Evidence according to its appraisal policy for evidence and returns a coresponding Attestation Result to the Relying Party. The Relying Party then checks the Attestation Result against its own appraisal policy to conclude attestation. ~~~~ .----------. .----------. .----------. From 8e2b32c7d50d952ce6ba4b375e99d9ba9f1a6f95 Mon Sep 17 00:00:00 2001 From: Yogesh Deshpande Date: Wed, 26 Jan 2022 12:51:24 -0500 Subject: [PATCH 7/8] Fix typos --- draft-ietf-rats-reference-interaction-models.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/draft-ietf-rats-reference-interaction-models.md b/draft-ietf-rats-reference-interaction-models.md index 04b560d..bc0ccff 100644 --- a/draft-ietf-rats-reference-interaction-models.md +++ b/draft-ietf-rats-reference-interaction-models.md @@ -327,7 +327,7 @@ Appraisal procedures are application-specific and can be conducted via compariso The final output of the Verifier are Attestation Results. Attestation Results constitute new Claim Sets about the properties and characteristics of an Attester, which enables Relying Parties, for example, to assess an Attester's trustworthiness. ### Models and example sequences of Challenge/Response Remote Attestation -According to the RATS Architecture, two reference models for Challenge/Response Attestation have been proposed. This sections highlights the information flows bewteen the Attestor, Verifier and Relying Party undergoing Remote Attestation Procedure, using these models. +According to the RATS Architecture, two reference models for Challenge/Response Attestation have been proposed. This section highlights the information flows bewteen the Attester, Verifier and Relying Party undergoing Remote Attestation Procedure, using these models. 1. Passport Model @@ -364,7 +364,7 @@ then gives back an Attestation Result to the Attester, which simply caches it. I 2. BackGround Check Model -The background-check model is so named because of the resemblance of how employers and volunteer organizations perform background checks. In this model, the attestation sequence is initiated by a Relying Party. The Attestor conveys Evidence to the Relying Party, which does not process its payload, but realys the message and optionally check its signature against a policed trust anchor store. Upon receiving the evidence the Relying Party initiates a session with the Verifier. Once session is established, it forwards the received Evidence to the Verfier. The Verifier, appraises the received Evidence according to its appraisal policy for evidence and returns a coresponding Attestation Result to the Relying Party. The Relying Party then checks the Attestation Result against its own appraisal policy to conclude attestation. +The background-check model is so named because of the resemblance of how employers and volunteer organizations perform background checks. In this model, the attestation sequence is initiated by a Relying Party. The Attester conveys Evidence to the Relying Party, which does not process its payload, but realys the message and optionally check its signature against a policed trust anchor store. Upon receiving the evidence the Relying Party initiates a session with the Verifier. Once session is established, it forwards the received Evidence to the Verfier. The Verifier, appraises the received Evidence according to its appraisal policy for Evidence and returns a corresponding Attestation Result to the Relying Party. The Relying Party then checks the Attestation Result against its own appraisal policy to conclude attestation. ~~~~ .----------. .----------. .----------. From 23bc4c58dc22a307d61c6cc905f97c3169b8b18e Mon Sep 17 00:00:00 2001 From: Yogesh Deshpande Date: Wed, 26 Jan 2022 12:53:08 -0500 Subject: [PATCH 8/8] Fix typo --- draft-ietf-rats-reference-interaction-models.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-ietf-rats-reference-interaction-models.md b/draft-ietf-rats-reference-interaction-models.md index bc0ccff..20ccd97 100644 --- a/draft-ietf-rats-reference-interaction-models.md +++ b/draft-ietf-rats-reference-interaction-models.md @@ -331,7 +331,7 @@ According to the RATS Architecture, two reference models for Challenge/Response 1. Passport Model -The passport modle is so named because of its resemblance to how nations issue passports to their citizens. In this Model, the attestation sequence is a +The passport model is so named because of its resemblance to how nations issue passports to their citizens. In this Model, the attestation sequence is a two step procedure. In the first step, an Attester conveys Evidence to a Verifier which compares the Evidence against its appraisal policy. The Verifier then gives back an Attestation Result to the Attester, which simply caches it. In the second step, the Attester presents the Attestation Result (and possibly additional Claims/evidence) to a Relying Party, which then compares this information against its own appraisal policy to establish the trustworthiness of the attestor.