c/ietf-wimse-ect
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Clarify that policy evaluation mechanics are out of scope

Browse Source 
Add paragraph in Policy Claims section explicitly stating that
policy definition, distribution, and evaluation are out of scope.
The pol claim is an opaque identifier; any policy engine may be
used provided outcomes are faithfully recorded.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Christian Nennemann
2026-02-24 19:21:54 +01:00
parent de9c7719a4
commit e60035c75b
4 changed files with 578 additions and 545 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
draft-nennemann-wimse-execution-context-00.html
View File

@@ -2276,6 +2276,15 @@ was made. When present, <span class="bcp14">MUST</span> be equal to or earlier
</dd> </dd>
<dd class="break"></dd> <dd class="break"></dd>
</dl> </dl>
<p id="section-4.2.3-3">This specification intentionally defines only the recording of
policy evaluation outcomes. The mechanisms by which policies are
defined, distributed to agents, and evaluated are out of scope.
The "pol" claim is an opaque identifier referencing an external
policy; the semantics and enforcement of that policy are
determined by the deployment environment. Implementations may
use any policy engine or framework (e.g., OPA/Rego, Cedar, XACML,
or custom solutions) provided that the evaluation outcome is
faithfully recorded in the ECT claims defined above.<a href="#section-4.2.3-3" class="pilcrow"></a></p>
</section> </section>
</div> </div>
<div id="data-integrity-claims"> <div id="data-integrity-claims">

10
draft-nennemann-wimse-execution-context-00.md
View File

@@ -538,6 +538,16 @@ pol_timestamp:
was made. When present, MUST be equal to or earlier than the was made. When present, MUST be equal to or earlier than the
"iat" claim. "iat" claim.
This specification intentionally defines only the recording of
policy evaluation outcomes. The mechanisms by which policies are
defined, distributed to agents, and evaluated are out of scope.
The "pol" claim is an opaque identifier referencing an external
policy; the semantics and enforcement of that policy are
determined by the deployment environment. Implementations may
use any policy engine or framework (e.g., OPA/Rego, Cedar, XACML,
or custom solutions) provided that the evaluation outcome is
faithfully recorded in the ECT claims defined above.
### Data Integrity Claims {#data-integrity-claims} ### Data Integrity Claims {#data-integrity-claims}
The following claims provide integrity verification for task The following claims provide integrity verification for task

50
draft-nennemann-wimse-execution-context-00.txt
View File

@@ -90,7 +90,7 @@ Table of Contents
4.2.1. WIMSE-Compatible Claims . . . . . . . . . . . . . . . 10 4.2.1. WIMSE-Compatible Claims . . . . . . . . . . . . . . . 10
4.2.2. Execution Context Claims . . . . . . . . . . . . . . 11 4.2.2. Execution Context Claims . . . . . . . . . . . . . . 11
4.2.3. Policy Claims . . . . . . . . . . . . . . . . . . . . 12 4.2.3. Policy Claims . . . . . . . . . . . . . . . . . . . . 12
4.2.4. Data Integrity Claims . . . . . . . . . . . . . . . . 12 4.2.4. Data Integrity Claims . . . . . . . . . . . . . . . . 13
4.2.5. Operational Claims . . . . . . . . . . . . . . . . . 13 4.2.5. Operational Claims . . . . . . . . . . . . . . . . . 13
4.2.6. Witness Claims . . . . . . . . . . . . . . . . . . . 13 4.2.6. Witness Claims . . . . . . . . . . . . . . . . . . . 13
4.2.7. Compensation Claims . . . . . . . . . . . . . . . . . 14 4.2.7. Compensation Claims . . . . . . . . . . . . . . . . . 14
@@ -660,12 +660,12 @@ Internet-Draft WIMSE Execution Context February 2026
decision was made. When present, MUST be equal to or earlier than decision was made. When present, MUST be equal to or earlier than
the "iat" claim. the "iat" claim.
4.2.4. Data Integrity Claims This specification intentionally defines only the recording of policy
evaluation outcomes. The mechanisms by which policies are defined,
The following claims provide integrity verification for task inputs distributed to agents, and evaluated are out of scope. The "pol"
and outputs without revealing the data itself: claim is an opaque identifier referencing an external policy; the
semantics and enforcement of that policy are determined by the
inp_hash: OPTIONAL. String. A cryptographic hash of the input deployment environment. Implementations may use any policy engine or
@@ -674,6 +674,16 @@ Nennemann Expires 28 August 2026 [Page 12]
Internet-Draft WIMSE Execution Context February 2026 Internet-Draft WIMSE Execution Context February 2026
framework (e.g., OPA/Rego, Cedar, XACML, or custom solutions)
provided that the evaluation outcome is faithfully recorded in the
ECT claims defined above.
4.2.4. Data Integrity Claims
The following claims provide integrity verification for task inputs
and outputs without revealing the data itself:
inp_hash: OPTIONAL. String. A cryptographic hash of the input
data, formatted as "hash-algorithm:base64url-encoded-hash" (e.g., data, formatted as "hash-algorithm:base64url-encoded-hash" (e.g.,
"sha-256:n4bQgYhMfWWaL-qgxVrQFaO_TxsrC4Is0V1sFbDwCgg"). The hash "sha-256:n4bQgYhMfWWaL-qgxVrQFaO_TxsrC4Is0V1sFbDwCgg"). The hash
algorithm identifier MUST be a lowercase value from the IANA Named algorithm identifier MUST be a lowercase value from the IANA Named
@@ -712,6 +722,14 @@ Internet-Draft WIMSE Execution Context February 2026
third-party entities that the issuing agent claims observed or third-party entities that the issuing agent claims observed or
attested to the execution of this task. When present, each attested to the execution of this task. When present, each
element SHOULD use SPIFFE ID format. Note that this claim is element SHOULD use SPIFFE ID format. Note that this claim is
Nennemann Expires 28 August 2026 [Page 13]
Internet-Draft WIMSE Execution Context February 2026
self-asserted by the ECT issuer; witnesses listed here do not co- self-asserted by the ECT issuer; witnesses listed here do not co-
sign this ECT. For stronger assurance, witnesses SHOULD submit sign this ECT. For stronger assurance, witnesses SHOULD submit
independent signed ECTs to the ledger attesting to their independent signed ECTs to the ledger attesting to their
@@ -721,15 +739,6 @@ Internet-Draft WIMSE Execution Context February 2026
See also Section 10.2 for the security implications of self- See also Section 10.2 for the security implications of self-
asserted witness claims. asserted witness claims.
Nennemann Expires 28 August 2026 [Page 13]
Internet-Draft WIMSE Execution Context February 2026
4.2.7. Compensation Claims 4.2.7. Compensation Claims
compensation_required: OPTIONAL. Boolean. Indicates whether this compensation_required: OPTIONAL. Boolean. Indicates whether this
@@ -772,15 +781,6 @@ Internet-Draft WIMSE Execution Context February 2026
Nennemann Expires 28 August 2026 [Page 14] Nennemann Expires 28 August 2026 [Page 14]
Internet-Draft WIMSE Execution Context February 2026 Internet-Draft WIMSE Execution Context February 2026

1054
draft-nennemann-wimse-execution-context-00.xml
View File

File diff suppressed because it is too large Load Diff