Policy and evaluated claims

[setrofim]

A Relying Party (RP) may wish to know which evidence claims were used in arriving at the Attestation Result (AR), and, therefore, which were not. There is nothing in the AR that can be used to indicate that, and, arguably, there shoudn't be, as this pertains to the underlying attestation scheme (which the RP is assumed to be famailar with*), and the verifier deployment-specific policy evaluation. Both of these elements are encoded as part of the ear.appraisal-policy-id field.

Current description of ear.appraisal-policy-id is very brief, and gives no indication as to how it might be used. It may be worth expanding its description to call out that the field can be used by RP to identify whether the AR was generated in accodance with its understanding of the attestation scheme, or whether some third-party policy may have been applied.

(*The assumption is that if RP is participating in an attestation scheme, it would be aware of how that scheme functions, and therefore how evidence would have been used in arriving at the AR. If this assumption is unreasonable, a case can be made for providing a well-defined "scheme description", either as part of AR or, more likely, a separate channel that RP can process. However, tath woud be a bigger discussion that does not pertain to this Issue.)

[thomas-fossati]

The assumption is that if RP is participating in an attestation scheme

AR4SI allows, and promotes, full decoupling between Attesters and RPs, so this assumption should not hold in general. (It could be for some deployments, though that should be the exception.)

a case can be made for providing a well-defined "scheme description", either as part of AR or, more likely, a separate channel that RP can process. However, tath woud be a bigger discussion that does not pertain to this Issue.)

Providing an in-band, verifier-signed EAR signal that conveys this kind of information seems like a valuable addition in terms of improved transparency of the operations.

We should track this, as you suggest, in a separate issue.

[setrofim]

AR4SI allows, and promotes, full decoupling between Attesters and RPs, so this assumption should not hold in general.

Note, all this is predicated on

A Relying Party (RP) may wish to know which evidence claims were used in arriving at the Attestation Result (AR)

If RP is only AR4SI-aware, and is agnositic of the underlying evidence (which is what, I assume, is meant by "decoupling" here?), then, presumably, RP would not care about how the evidence was used to arrive at the AR? So to be more explicit about what is being assumed here:

"Given a Relying Party (RP) that wishes to know how evidence was used in costructing the AR, 
  the assumption is that the RP is then familiar with the attesation scheme".

I believe this should hold in the majority (all?) cases. Either the RP doesn't care about the evidience and only about the verifier's evaluation (AR4SI), or it has an understanding of the scheme.

What I'm suggesting in the footnote is that if this is not true, then there needs to be some sort of standardised "grammar" for describing the evidence in terms of it's use, that the RP can then interpret.

Providing an in-band, verifier-signed EAR signal that conveys this kind of information seems like a valuable addition in terms of improved transparency of the operations.

Depends on what is meant by "signal" here.

If this is just taking about tagging/flagging evidence entries that were used by the verifier, then I don't see how that would add much itility? If we're assuing that RP has no a-priory understanding of the evidence, telling it which part of that evidence were used in the evaluation doesn't really add any information.

On the other hand, a formalised, machine-readable eqivalent of the table here: https://github.com/thomas-fossati/draft-psa-token/issues/71, i.e. something that encodes the semantics of the evidence iterpretation, could potentially be useful.