Ideas/TODOs
THS-on opened this issue · 3 comments
- Allow a rule to take multiple claims
- An example would be a tpm2_quote and a list of PCR values to check if they are consistent
- Expose in the API if a rule needs parameters and which
- Allow to set a EV on a rule invocation basis not per policy
- Rename policies to intents
Proper conditional compilation...not possible in Go.... hashicorp's stuff?
Also, proper PKI interface for signing and make this part of the system generic.
If we rename Policies to Intents, then the intent property needs to become something else..... function? operation?
Proper conditional compilation...not possible in Go.... hashicorp's stuff?
We could use go-plugin to separate schemes and rules into plugins. This would make building NAE without the SGX toolchain easier.
If we rename Policies to Intents, then the intent property needs to become something else..... function? operation?
What do you think about endpoint? Maybe type would also fit, because generally the type does not change e.g. a TPM quote is still a quote with a different PCR selection.
For mapping RATS terminology:
- Element -> general information about the Attester + Endorsements
- Expected Value -> Reference Value
GA10 implements a Verifier, Reference Value Provider and takes the role of the Endorser.