Attested
From MgmtWiki
Full Title or Meme
A statement is Attested if some Trusted Third Party can create a Validated Claim about a User Device used during either Authentication or Authorization.
Context
- The Context in which an Attestation of Identity applies is typically during the testing of the security of protection offered to User secrets, such as Credentials. in a User Agent.
Problem
- When a secure operation is performed at a user location, the packet returned from that User Device needs to be trusted by the Site that receives it.
- The signing key for that packet will have a certificate that binds that signing key to a particular device.
Solution
- The certificate for the signing key from the User Device, and potentially the configuration information from the device, will need to be Attested by some Trusted Third Party.
- Attestation can be complex for programmable computers, or simple for one function User Devices like Security Tokens.
- An example of a single attestation program is described in the [FIDO web site.
References
- Synonyms include: Assurance Corroborated Validated.