The Entity Attestation Token (EAT)
draft-ietf-rats-eat-25
Approval announcement
Draft of message to be sent after approval:
Announcement
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: The IESG <iesg@ietf.org>, draft-ietf-rats-eat@ietf.org, ned.smith@intel.com, rats-chairs@ietf.org, rats@ietf.org, rdd@cert.org, rfc-editor@rfc-editor.org
Subject: Protocol Action: 'The Entity Attestation Token (EAT)' to Proposed Standard (draft-ietf-rats-eat-24.txt)
The IESG has approved the following document:
- 'The Entity Attestation Token (EAT)'
(draft-ietf-rats-eat-24.txt) as Proposed Standard
This document is the product of the Remote ATtestation ProcedureS Working
Group.
The IESG contact persons are Paul Wouters and Roman Danyliw.
A URL of this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-rats-eat/
Ballot Text
Technical Summary
An Entity Attestation Token (EAT) provides an attested claims set
that describes state and characteristics of an entity, a device like
a smartphone, IoT device, network equipment or such. This claims set
is used by a relying party, server or service to determine how much
it wishes to trust the entity.
An EAT is either a CBOR Web Token (CWT) or JSON Web Token (JWT) with
attestation-oriented claims.
Working Group Summary
In additional to the history noted in the shepherd report, the WG held significant discussions on which claims should be sought for early allocation.
Document Quality
EAT Libraries:
- CBOR Formats - open source project
o Rust: https://github.com/carl-wallace/cbor_formats
- EAT library - open source project
o C: https://github.com/laurencelundblade/ctoken
- A command line utility based on EAT library - open source project
o C: https://github.com/laurencelundblade/xclaim
EAT Profiles:
- PSA
o Golang: https://github.com/veraison/psatoken
o C: https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/secure_fw/partitions/initial_attestation
o Python: https://git.trustedfirmware.org/TF-M/tf-m-tools.git/tree/iat-verifier
- CCA
o Golang: https://github.com/veraison/ccatoken
o C: https://git.trustedfirmware.org/TF-RMM/tf-rmm.git/tree/lib/attestation
- FIDO FDO - open source project
o Java: https://github.com/secure-device-onboard/pri-fidoiot/blob/master/protocol/src/main/java/org/fidoalliance/fdo/protocol/message/EatPayloadBase.java.
- Global Platform - very early code of an EAT profile, may evolve into
open source
o https://github.com/GlobalPlatform/TPS-API-Reference-Implementations.
- Microsoft Azure Attestation - proprietary
o https://github.com/CCC-Attestation/meetings/blob/main/materials/GregKostal_EAT_in_MAA.pdf
Personnel
The Document Shepherd for this document is Ned Smith. The Responsible
Area Director is Roman Danyliw.
RFC Editor Note