Attested

From MgmtWiki

Revision as of 17:49, 30 August 2018 by Tom (talk | contribs) (→‎Solution)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

Contents

1 Full Title or Meme
2 Context
3 Problem
4 Solution
5 References

Full Title or Meme

A statement is Attested if some Trusted Third Party can create a Validated Claim about a User Device used during either Authentication or Authorization.

Context

The Context in which an Attestation of Identity applies is typically during the testing of the security of protection offered to User secrets, such as Credentials. in a User Agent.

Problem

When a secure operation is performed at a user location, the packet returned from that User Device needs to be trusted by the Site that receives it.
The signing key for that packet will have a certificate that binds that signing key to a particular device.

Solution

The certificate for the signing key from the User Device, and potentially the configuration information from the device, will need to be Attested by some Trusted Third Party.
Attestation can be complex for programmable computers, or simple for one function User Devices like Security Tokens.
An example of a single attestation program is described in the [FIDO web site.

References

Synonyms include: Assurance Corroborated Validated.

Retrieved from "http://tcwiki.azurewebsites.net/index.php?title=Attested&oldid=2920"

Glossary