Skip to main content

3. Architectural Overview

3. Architectural Overview

Figure 1 depicts the data that flows between different roles, independent of protocol or use case.

 .--------.     .---------.       .--------.       .-------------.
| Endorser |   | Reference |     | Verifier |     | Relying Party |
 '-+------'    | Value     |     | Owner    |     | Owner         |
   |           | Provider  |      '---+----'       '----+--------'
   |            '-----+---'           |                 |
   |                  |               |                 |
   | Endorsements     | Reference     | Appraisal       | Appraisal
   |                  | Values        | Policy for      | Policy for
   |                  |               | Evidence        | Attestation
    '-----------.     |               |                 | Results
                 |    |               |                 |
                 v    v               v                 |
               .-------------------------.              |
       .------>|         Verifier        +-----.        |
      |        '-------------------------'      |       |
      |                                         |       |
      | Evidence                    Attestation |       |
      |                             Results     |       |
      |                                         |       |
      |                                         v       v
.-----+----.                                .---------------.
| Attester |                                | Relying Party |
'----------'                                '---------------'

Figure 1: Conceptual Data Flow

The text below summarizes the activities conducted by the roles illustrated in Figure 1. Roles are assigned to entities. Entities are often system components [RFC4949], such as devices. As the term "device" is typically more intuitive than the term "entity" or "system component", device is often used as an illustrative synonym throughout this document.

The Attester role is assigned to entities that create Evidence that is conveyed to a Verifier.

The Verifier role is assigned to entities that use the Evidence, any Reference Values from Reference Value Providers, and any Endorsements from Endorsers by applying an Appraisal Policy for Evidence to assess the trustworthiness of the Attester. This procedure is called the "appraisal of Evidence".

Subsequently, the Verifier role generates Attestation Results for use by Relying Parties.

The Appraisal Policy for Evidence might be obtained from the Verifier Owner via some protocol mechanism, configured into the Verifier by the Verifier Owner, programmed into the Verifier, or obtained via some other mechanism.

The Relying Party role is assigned to an entity that uses Attestation Results by applying its own appraisal policy to make application-specific decisions, such as authorization decisions. This procedure is called the "appraisal of Attestation Results".

The Appraisal Policy for Attestation Results might be obtained from the Relying Party Owner via some protocol mechanism, configured into the Relying Party by the Relying Party Owner, programmed into the Relying Party, or obtained via some other mechanism.

See Section 8 for further discussion of the conceptual messages shown in Figure 1. Section 4 provides a more complete definition of all RATS roles.

Last updated on