Skip to main content

The Entity Attestation Token (EAT)
draft-ietf-rats-eat-25

Approval announcement
Draft of message to be sent after approval:

Announcement

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: The IESG <iesg@ietf.org>, draft-ietf-rats-eat@ietf.org, ned.smith@intel.com, rats-chairs@ietf.org, rats@ietf.org, rdd@cert.org, rfc-editor@rfc-editor.org
Subject: Protocol Action: 'The Entity Attestation Token (EAT)' to Proposed Standard (draft-ietf-rats-eat-24.txt)

The IESG has approved the following document:
- 'The Entity Attestation Token (EAT)'
  (draft-ietf-rats-eat-24.txt) as Proposed Standard

This document is the product of the Remote ATtestation ProcedureS Working
Group.

The IESG contact persons are Paul Wouters and Roman Danyliw.

A URL of this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-rats-eat/


Ballot Text

Technical Summary

   An Entity Attestation Token (EAT) provides an attested claims set
   that describes state and characteristics of an entity, a device like
   a smartphone, IoT device, network equipment or such.  This claims set
   is used by a relying party, server or service to determine how much
   it wishes to trust the entity.

   An EAT is either a CBOR Web Token (CWT) or JSON Web Token (JWT) with
   attestation-oriented claims.

Working Group Summary

In additional to the history noted in the shepherd report, the WG held significant discussions on which claims should be sought for early allocation.

Document Quality

   EAT Libraries:
        - CBOR Formats - open source project
                o Rust:  https://github.com/carl-wallace/cbor_formats
        - EAT library - open source project
                o C: https://github.com/laurencelundblade/ctoken
        - A command line utility based on EAT library - open source project
                o C: https://github.com/laurencelundblade/xclaim
   EAT Profiles:
        - PSA
                o Golang: https://github.com/veraison/psatoken
                o C: https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/secure_fw/partitions/initial_attestation
                o Python: https://git.trustedfirmware.org/TF-M/tf-m-tools.git/tree/iat-verifier
        - CCA
                o Golang: https://github.com/veraison/ccatoken
                o C: https://git.trustedfirmware.org/TF-RMM/tf-rmm.git/tree/lib/attestation
        - FIDO FDO - open source project
                o Java: https://github.com/secure-device-onboard/pri-fidoiot/blob/master/protocol/src/main/java/org/fidoalliance/fdo/protocol/message/EatPayloadBase.java.
        - Global Platform - very early code of an EAT profile, may evolve into
        open source
                o https://github.com/GlobalPlatform/TPS-API-Reference-Implementations.
        - Microsoft Azure Attestation - proprietary
                o https://github.com/CCC-Attestation/meetings/blob/main/materials/GregKostal_EAT_in_MAA.pdf

Personnel

   The Document Shepherd for this document is Ned Smith. The Responsible
   Area Director is Roman Danyliw.

RFC Editor Note