Address comments from last meeting

* rename "group membership" to "environment bundle" * allow multiple endorsed values in the MEC triple Signed-off-by: Thomas Fossati <thomas.fossati@linaro.org> Co-authored-by: Thomas Fossati <thomas.fossati@linaro.org> Co-authored-by: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
ietf-rats-wg · Nov 24, 2023 · 69a494b · 69a494b
1 parent 695cace
commit 69a494b
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 17 deletions.
diff --git a/cddl/group-membership-triple-record.cddl b/cddl/group-membership-triple-record.cddl
@@ -1,4 +1,4 @@
-group-membership-triple-record = [
+environment-bundle-triple-record = [
   lead: environment-map
   subs: [ + environment-map ]
 ]
diff --git a/cddl/mec-endorsement-triple-record.cddl b/cddl/mec-endorsement-triple-record.cddl
@@ -1,5 +1,5 @@
 multi-env-conditional-endorsement-triple-record = [
   env: environment-map
-  val: measurement-values-map
+  ends: [ + measurement-values-map ]
   cond: [ + stateful-environment-record ]
 ]
diff --git a/cddl/triples-map.cddl b/cddl/triples-map.cddl
@@ -10,7 +10,7 @@ triples-map = non-empty<{
   ? &(dependency-triples: 4) =>
     [ + domain-dependency-triple-record ]
   ? &(membership-triples: 5) =>
-    [ + group-membership-triple-record ]
+    [ + environment-bundle-triple-record ]
   ? &(coswid-triples: 6) =>
     [ + coswid-triple-record ]
   ? &(conditional-endorsement-series-triples: 8) =>

diff --git a/draft-ietf-rats-corim.md b/draft-ietf-rats-corim.md
@@ -569,7 +569,7 @@ The following triples are currently defined:
 * Device Identity triples: containing cryptographic credentials - for example, an IDevID - uniquely identifying a device ({{sec-comid-triple-identity}}).
 * Attestation Key triples: containing cryptographic keys that are used to verify the integrity protection on the Evidence received from the Attester ({{sec-comid-triple-attest-key}}).
 * Domain dependency triples: describing trust relationships between domains, i.e., collection of related environments and their measurements ({{sec-comid-triple-domain-dependency}}).
-* Group membership triples: describing topological relationships between (sub-)modules. For example, in a composite Attester comprising multiple sub-Attesters (sub-modules), this triple can be used to define the topological relationship between lead- and sub- Attester environments ({{sec-comid-triple-group-membership}}).
+* Environment bundle triples: describing topological relationships between (sub-)modules. For example, in a composite Attester comprising multiple sub-Attesters (sub-modules), this triple can be used to define the topological relationship between lead- and sub- Attester environments ({{sec-comid-triple-environment-bundle}}).
 * CoMID-CoSWID linking triples: associating a Target Environment with existing CoSWID tags ({{sec-comid-triple-coswid}}).
 
 ## Structure
@@ -736,7 +736,7 @@ The following describes each member of the `triples-map`:
   between domains.  Described in {{sec-comid-triple-domain-dependency}}.
 
 * `membership-triples` (index 5): Triples describing topological relationships
-  between (sub-)modules.  Described in {{sec-comid-triple-group-membership}}.
+  between (sub-)modules.  Described in {{sec-comid-triple-environment-bundle}}.
 
 * `coswid-triples` (index 6): Triples associating modules with existing CoSWID
   tags. Described in {{sec-comid-triple-coswid}}.
@@ -1173,18 +1173,18 @@ trustworthiness properties of the subject domain exists.
 {::include cddl/domain-dependency-triple-record.cddl}
 ~~~
 
-#### Group Membership Triple {#sec-comid-triple-group-membership}
+#### Environmnent Bundle Triple {#sec-comid-triple-environment-bundle}
 
 In order to model hierarchical device composition, CoRIM authors need to identify all components in the composite device (see {{Section 3.3 of -rats-arch}}).
-A group describes all target environments that a certain attesting environment is generating evidence about.
-The parent-child relationship between the attesting environment and all target environments in question is expressed via the group-membership-triple:
+An environment bundle describes all target environments that a certain attesting environment is generating evidence about.
+The parent-child relationship between the attesting environment and all target environments in question is expressed via the environment bundle triple:
 
 ~~~ cddl
 {::include cddl/group-membership-triple-record.cddl}
 ~~~
 
 In the example composite device in {{composite}}, `env-1` is the Attesting Environment for `env-2` and `env-3`, while `env-2` is the Attesting Environment for `env-4`.
-Appraisal starts from the top of the device hierarchy (`env-1`) and descends through all the subtrees until all Target Environments have been visited.
+Appraisal starts from the top of the device hierarchy (`env-1`) and descends through all the sub-trees until all Target Environments have been visited.
 
 ~~~ aasvg
 .-------.
@@ -1207,7 +1207,7 @@ The two following group triples model the device hierarchy:
 * The top-level with `env-1` as lead attester:
 
 ~~~
-group-membership-triple-record = [
+environment-bundle-triple-record = [
   lead: env-1
   subs: [ env-2, env-3 ]
 ]
@@ -1216,22 +1216,22 @@ group-membership-triple-record = [
 * The sub-attester rooted at `env-2`:
 
 ~~~
-group-membership-triple-record = [
+environment-bundle-triple-record = [
   lead: env-2
   subs: [ env-4 ]
 ]
 ~~~
 
-The `lead` environment is the group name.
-Since it is expressed as an `environment-map`, it can itself appear as one of the `subs` elements of other `group-membership-triple-record`, thus allowing recursive composition.
+The `lead` environment is the environment bundle name.
+Since it is expressed as an `environment-map`, it can itself appear as one of the `subs` elements of other `environment-bundle-triple-record`, thus allowing recursive composition.
 
-The scope of a single `group-membership-triple-record` encompasses exactly two adjacent layers in a layered Attester.
+The scope of a single `environment-bundle-triple-record` encompasses exactly two adjacent layers in a layered Attester.
 
 #### Multi-Environment Conditional (MEC) Endorsements Triple {#sec-comid-triple-mec-endorsements}
 
 The semantics of the Multi-Environment Conditional (MEC) Endorsements Triple is as follows:
 
-> "IF accepted state matches the `cond` value, THEN the `env` is associated with the endorsed value `val`."
+> "IF accepted state matches the `cond` value, THEN `env` is associated with the endorsed value(s) `ends`."
 
 ~~~ cddl
 {::include cddl/mec-endorsement-triple-record.cddl}
@@ -1240,8 +1240,8 @@ The semantics of the Multi-Environment Conditional (MEC) Endorsements Triple is
 A `multi-env-conditional-endorsement-triple-record` has the following parameters:
 
 * `env`: the environment to which the endorsed value (conditionally) applies
-* `val`: the endorsed value
-* `cond`: all target environments, along with a specific state, that need to match in order for the endorsement to apply
+* `ends`: the endorsed value(s) associated with `env`
+* `cond`: all target environments, along with a specific state, that need to match in order for the endorsement(s) to apply
 
 All the entries in `cond` MUST match.