Difference between revisions of "Attested"
From MgmtWiki
(→Context) |
(→Context) |
||
Line 4: | Line 4: | ||
==Context== | ==Context== | ||
− | *The Context in which an [[Attested|Attestation]] of [[Security]] applies is typically during the [[Validated|Validation]] of the security protection provided to [[User]] secrets (such as [[Credential]]s) | + | *The Context in which an [[Attested|Attestation]] of [[Security]] applies is typically during the [[Validated|Validation]] of the security protection provided to [[User]] secrets (such as [[Credential]]s) on a [[User Device]]. |
==Problems== | ==Problems== |
Revision as of 20:50, 30 August 2018
Full Title or Meme
A statement is Attested if some Trusted Third Party can create a Validated Claim about a User Device used during either Authentication or Authorization.
Context
- The Context in which an Attestation of Security applies is typically during the Validation of the security protection provided to User secrets (such as Credentials) on a User Device.
Problems
- When a secure operation is performed at a user location, the packet returned from that User Device needs to be trusted by the Site that receives it.
- The signing key for that packet will have a certificate that binds that signing key to a particular device.
- If the device reports a serial number, or (equivalently) a public key that is unique that that device, that can be used as a tracking number for the owner of the device.
Solution
- The certificate for the signing key from the User Device, and potentially the configuration information from the device, will need to be Attested by some Trusted Third Party.
- Attestation can be complex for programmable computers, or simple for one function User Devices like Security Tokens.
- An example of a single attestation program with associated metadata is described in the FIDO web site.
- When a simple certificate is used, it typically is accompanied by a metadata statement, an example is this one at Yubico.
References
- Synonyms include: Assured Corroborated Validated.