-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MEC Endorsements #174
MEC Endorsements #174
Changes from 3 commits
78df184
7e15630
1ddc942
b01b05f
7dfefbc
f553dd3
c261262
12d4d91
ce64489
6d01bbc
afcdc90
1fdbe84
df72b52
e79f855
c3fd39d
122e917
6424545
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
condition-triple-record = [ | ||
environment-map | ||
measurement-map | ||
] | ||
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
multi-env-conditional-endorsement-triple-record = [ | ||
henkbirkholz marked this conversation as resolved.
Show resolved
Hide resolved
|
||
conds: [ + condition-triple-record ] | ||
actions: [ + stateful-environment-record ] | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. IIRC we agreed this would be the other way round, i.e.: the condition expressed in terms of a bunch of stateful-environments, the "actions" as EMTs. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Maybe. Let's fix that nit in the next call. |
||
] |
Original file line number | Diff line number | Diff line change | ||||
---|---|---|---|---|---|---|
|
@@ -1137,6 +1137,14 @@ the object relates to the subject. | |||||
{::include cddl/endorsed-triple-record.cddl} | ||||||
~~~ | ||||||
|
||||||
#### Condition Values Triple | ||||||
|
||||||
A Condition Values Triple defines a set of operational state of an environment. If the corresponding values defined in its `measurement-map` are found in an Accepted Claims Set, corresponding endorsed values defined in a `multi-env-conditional-endorsement-triple-record` can be added to that Accepted Claims Set. | ||||||
|
||||||
~~~ cddl | ||||||
{::include cddl/condition-triple-record.cddl} | ||||||
~~~ | ||||||
|
||||||
#### Device Identity Triple {#sec-comid-triple-identity} | ||||||
|
||||||
A Device Identity triple relates one or more cryptographic keys to a device. | ||||||
|
@@ -1186,6 +1194,39 @@ Evidence. | |||||
{::include cddl/domain-membership-triple-record.cddl} | ||||||
~~~ | ||||||
|
||||||
|
||||||
|
||||||
#### Multi-Environment Conditional (MEC) Endorsements Triple {#sec-comid-triple-mec-endorsements} | ||||||
thomas-fossati marked this conversation as resolved.
Show resolved
Hide resolved
|
||||||
|
||||||
The semantics of the Multi-Environment Conditional (MEC) Endorsements Triple is as follows: | ||||||
|
||||||
> "IF accepted state matches the `cond` value, THEN `env` is associated with the endorsed value(s) `ends`." | ||||||
yogeshbdeshpande marked this conversation as resolved.
Show resolved
Hide resolved
thomas-fossati marked this conversation as resolved.
Show resolved
Hide resolved
|
||||||
|
||||||
~~~ cddl | ||||||
{::include cddl/mec-endorsement-triple-record.cddl} | ||||||
~~~ | ||||||
|
||||||
A `multi-env-conditional-endorsement-triple-record` has the following parameters: | ||||||
|
||||||
* `conds`: all target environments, along with a specific state, that need to match in order for the endorsement(s) to apply | ||||||
* `actions`: TODO | ||||||
* `env`: the environment to which the endorsed value (conditionally) applies | ||||||
* `ends`: the endorsed value(s) associated with `env` | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. these two should be dropped There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. addressed in f553dd3 |
||||||
|
||||||
All the entries in `cond` MUST match. | ||||||
|
||||||
The order in which MEC Endorsement triples are evaluated is important: different sorting may produce different end-results in the computed ACS. | ||||||
|
||||||
Therefore, the set of applicable MEC Endorsement triple MUST be topologically sorted based on the criterion that a MEC Endorsement triple is evaluated before another if its Target Environment and Endorsement pair is found in any of the stateful environments of the second triple. | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I have a feeling that there might be some edge cases where a verifier needs the ability to use a more complex algorithm than topological sorting. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. there must be no ambiguity in the processing rules. |
||||||
|
||||||
Notes: | ||||||
|
||||||
* In order to give the expected result, the condition must describe the expected context completely. | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This note makes me think about a lot of different questions:
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
hmm, what kind of implicit matching are you thinking of?
You'd get false positives.
This is a superset of conditional-endorsement-triple-record. As such, it makes the other redundant, at a small increase in the serialisation cost. The "series" one is a bit of a different beast: it does some sort of short-circuited OR, so in terms of condition-matching rules it's substantially different. |
||||||
* The scope of a single MEC triple encompasses an arbitrary amount of environments across all layers in an Attester. | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The implication of a scope that covers all grouping / appraisal contexts is the EMT expressions must have some aspect that is globally unique (at least within the expected scope). EMT scope should be described as part of the EMT construction and not as a footnote to a particular triple construction. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
See Issue #176 There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
|
||||||
|
||||||
|
||||||
|
||||||
|
||||||
#### CoMID-CoSWID Linking Triple {#sec-comid-triple-coswid} | ||||||
|
||||||
A CoSWID triple relates reference measurements contained in one or more CoSWIDs | ||||||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this needs to be explicitly added to the CDDL fragments' list to be visible
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Until we resolve the discussion on grouping / appraisal context, the scope of the condition-triple-record is (possibly) ambiguous as the condition scope could, in principal, refer to EMTs from a different appraisal context from the context in which the action is to be applied.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed in b01b05f
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
so I thought.... actually fixed in c261262