ar4si CDDL definition

[nedmsmith]

Currently there isn't a CDDL description of an ar4si structure even though the prose seems fairly specific about a structure. Based on careful reading of the I-D, I have the following suggested CDDL:

ar-augmented-bundle = [ + $ar-augmented-type-choice ]
$ar-augmented-type-choice /= ar-augmented-map
ar-augmented-map = {
     &(signed-ar: 0) => signed-ar-map ; presumably ar-augmented-bundle is a COSE payload?
     &(rp-pof: 1) => $pof-type-choice ; aka nonce
     &(v-pof: 2) => $pof-type-choice ; time since appraisal
     * $$ar-augmented-map-extension
}
signed-ar-map = { 
     &(identity-ev: 0) => $identity-claim-type-choice 
     ? &(trust-vector: 1) => [ + trustworthiness-claim-map ] ; results claims
     * $$signed-ar-map-extension
}
$identity-claim-type-choice /= stateful-environment-map ; for example a CoRIM defined triple
trustworthiness-claim-map = {
     &(trust-tier: 0) => trustworthiness-tier ; is associated with each trust claim
     &(trust-quanta: 1) => $trustworthiness-quanta-type-choice
     ? &(trust-policy: 2) => $policy-type-choice
     * $$trustworthiness-claim-map-extension
}
trustworthiness-tier = &(none: 0, affirmed: 1, contraindicated: 2, warning: 3 )
$trustworthiness-quanta-type-choice /= bytes ; assigned by verifier based on appraisal policy
$policy-type-choice /= text ; could be a policy ID?

However, such a structure might not be fully warranted given other work related to the definition of an attestation results message. Nevertheless, having CDDL definitions makes it easier to clarify the author's intended meaning.

[ericvoit]

Hi Ned,

I like where you are going with this. What would you think of containing something like this within a new appendix?

Eric

From: Ned Smith @.> Sent: Monday, April 10, 2023 3:12 PM To: ietf-rats-wg/draft-ietf-rats-ar4si @.> Cc: Subscribed @.***> Subject: [ietf-rats-wg/draft-ietf-rats-ar4si] ar4si CDDL definition (Issue #23)

Currently there isn't a CDDL description of an ar4si structure even though the prose seems fairly specific about a structure. Based on careful reading of the I-D, I have the following suggested CDDL:

ar-augmented-bundle = [ + $ar-augmented-type-choice ] $ar-augmented-type-choice /= ar-augmented-map ar-augmented-map = { &(signed-ar: 0) => signed-ar-map ; presumably ar-augmented-bundle is a COSE payload? &(rp-pof: 1) => $pof-type-choice ; aka nonce &(v-pof: 2) => $pof-type-choice ; time since appraisal

• $$ar-augmented-map-extension } �signed-ar-map = { &(identity-ev: 0) => $identity-claim-type-choice ? &(trust-vector: 1) => [ + trustworthiness-claim-map ] ; results claims
• $$signed-ar-map-extension } $identity-claim-type-choice /= stateful-environment-map ; contains identity triple trustworthiness-claim-map = { &(trust-tier: 0) => trustworthiness-tier ; is associated with each trust claim &(trust-quanta: 1) => $trustworthiness-quanta-type-choice ? &(trust-policy: 2) => $policy-type-choice
• $$trustworthiness-claim-map-extension } trustworthiness-tier = &(none: 0, affirmed: 1, contraindicated: 2, warning: 3 ) $trustworthiness-quanta-type-choice /= bytes ; assigned by verifier based on appraisal policy $policy-type-choice /= text ; could be a policy ID?

However, such a structure might not be fully warranted given other work related to the definition of an attestation results message. Nevertheless, having CDDL definitions makes it easier to clarify the author's intended meaning.

— Reply to this email directly, view it on GitHub https://github.com/ietf-rats-wg/draft-ietf-rats-ar4si/issues/23 , or unsubscribe https://github.com/notifications/unsubscribe-auth/ADPW7IF7VCVLUBJYCTGKCT3XARLQDANCNFSM6AAAAAAWZJ44UQ . You are receiving this because you are subscribed to this thread. https://github.com/notifications/beacon/ADPW7IG4RLJGAOYNMW4BXD3XARLQDA5CNFSM6AAAAAAWZJ44USWGG33NNVSW45C7OR4XAZNFJFZXG5LFVJRW63LNMVXHIX3JMTHGGBB4CY.gif Message ID: @. @.> >