Composite Attester/Device Description

[yogeshbdeshpande]

As per RATS Architecture, Composite Device comprises of multiple sub-attester and a lead attester.

A more deeper discussion is required in CCC as to how different member organisation would want to see the Composite Attester Modelling and how the Format of the Attestation Token would span out meeting all the necessary security objectives

[muhammad-usama-sardar]

how different member organisation would want to see the Composite Attester Modelling
how the Format of the Attestation Token would span out meeting all the necessary security objectives

This sounds very interesting. Can you elaborate a bit more, e.g.,

• what kind of modeling are you thinking about?
• how is the format of attestation token related to security objectives?

[thomas-fossati]

how different member organisation would want to see the Composite Attester Modelling
how the Format of the Attestation Token would span out meeting all the necessary security objectives

This sounds very interesting. Can you elaborate a bit more, e.g.,

• what kind of modeling are you thinking about?
• how is the format of attestation token related to security objectives?

I think it'd be good to clearly state here what the expected outcome of the discussion would be. A position paper? Some form of input for the RATS / TCG / ${RELEVANT_SDO}? Other?

(CC: @TheBankster who put forward the need for a "composite attesters" track in the SIG.)

[yogeshbdeshpande]

Agree that a whitepaper or a guidance document on the CCC's position on composite attester modelling (token format) and also how the Verification should happen for the overall composite device, would benefit the community.

[thomas-fossati]

@deeglaze on 27th Feb 2024 call:

A few separate/separable dimensions to consider:

• How to bind evidence's topology together
• How to express topology from the lead attester
• How to express the accepted topology in attestation results