nedmsmith
commented
3 years ago Proposal is to use instance-claim-map for all instance data. Additionally, it was observed that the current instance-claim-map has a mix of reference and endorsed claims where the intent is unclear. The proposal addresses this by creating two instance-claim-map structures, one for reference and the other for endorsed claims. The cases where evidence expressed as DICE tcb-info contain instance claims is addressed by including element-value-map in both of the instance-claim maps.
CDDL might look like:
claims-map = non-empty<{
? comid.reference-claims => one-or-more<reference-claim-map>
? comid.endorsements => one-or-more<endorsed-claim-map>
? comid.identity-claims => one-or-more<identity-claim-map>
? comid.ref-instance-claims => one-or-more<ref-instance-claim-map>
? comid.end-instance-claims => one-or-more<end-instance-claim-map>
* $$claims-map-extension
}>
comid.ref-instance-claims = 3
comid.end-instance-claims = 4
ref-instance-claim-map = non-empty<{
? comid.element-name => element-name-map
? comid.element-value => element-value-map
? $$instance-value-group-choice
* $$ref-instance-claim-map-extension
}>
end-instance-claim-map = non-empty<{
? comid.element-name => element-name-map
? comid.element-value => element-value-map
? $$instance-value-group-choice
* $$end-instance-claim-map-extension
}>
Although we have a schema for
instance-claimsandidentity-claimsit is possible that instance data could be measured into a DICE tcb-info structure. If so the reference-claims structure (akaelement-value-map) should signal to verifier, as well the creator should make conscious use of instance data in the reference claims.A possible solution is to extend
flagsinelement-value-map; this would be a non-intrusive change that would allow a similar change to DICE tcb-info. Though it possible isn't characterized as a "mode of operation".