search

ietf-rats / ietf-corim-cddl

This repository is abandoned. The adopted I-D can be found at:
https://github.com/ietf-rats-wg/draft-ietf-rats-corim/
2 stars 0 forks source link

claims triples #66

Closed nedmsmith closed 3 years ago

nedmsmith commented 3 years ago

Currently claims-map is a map of maps where each map name is a stereo-type of the intended use (e.g. reference-claims, endorsed-claims, identity-claims etc...). Migrating claims to a map of triples implies there is a structured approach for representing subject, object, predicate triple. If the map name is the predicate, then the map contents must include some attributes that are the subject and some that are the object. There may be additional attributes that qualify either the subject or object.

This issue motivates a PR that defines the various 'triple' maps that are included in the comid claims-map.

nedmsmith commented 3 years ago

Resolve Issue#67 and related PR before applying PRs related to this issue (#66).

nedmsmith commented 3 years ago

CDDL example triple

    ; map name is the predicate
        ; note: non-empty<> applies to both subject an object; both are required to be a valid triple.
    3a_REFERENCE-VALUE-map = non-empty<{
        ; subject - target_env, attesting_env
        ? comid.class-id => class-id-map,
        ? comid.instance-id => instance-id-map,
        ; object - measurements
        ? comid.measurement-values => one-or-more<measurement-value-map>,
        ? comid.instance-measurement-values => one-or-more<($$instance-value-group-choice)>
    }>

Note that an invalid triple could be formed since non-empty<> macro applies to any of the subject or object entries. The second CDDL example tries to fix that, but not sure this is valid CDDL. Second CDDL example triple

    ; map name is the predicate
    3a_REFERENCE-VALUE-map = {
        ; subject - target_env, attesting_env
        ; note: non-empty<> is applied to both subject and object; ensures this is a valid triple.
        comid.subject => non-empty<{
            ? comid.class-id => class-id-map,
            ? comid.instance-id => instance-id-map,
        }>
        ; object - measurements
        comid.object => non-empty<{
            ? comid.measurement-values => one-or-more<measurement-value-map>,
            ? comid.instance-measurement-values => one-or-more<($$instance-value-group-choice)>
        }>
    }

Triples replace existing statements in the claims-map CDDL for revised claims-map

    claims-map = non-empty<{
            …
    ? comid.3a-claims => one-or-more<3a_REFERENCE-VALUE-map>    
            …
    * $$claims-map-extension
    }>

Note: new triples can be added as needed