Skip to main content

5.2. Background-Check Model

5.2. Background-Check Model

The Background-Check Model is so named because of the resemblance of how employers and volunteer organizations perform background checks. When a prospective employee provides Claims about education or previous experience, the employer will contact the respective institutions or former employers to validate the Claim. Volunteer organizations often perform police background checks on volunteers in order to determine the volunteer's trustworthiness. Thus, in this analogy, a prospective volunteer is an Attester, the organization is the Relying Party, and the organization that issues a report is a Verifier.

In this model, an Attester conveys Evidence to a Relying Party, which treats it as opaque and simply forwards it on to a Verifier. The Verifier compares the Evidence against its appraisal policy and returns an Attestation Result to the Relying Party. The Relying Party then compares the Attestation Result against its own appraisal policy.

The resource access protocol between the Attester and Relying Party includes Evidence rather than an Attestation Result, but that Evidence is not processed by the Relying Party.

Since the Evidence is merely forwarded on to a trusted Verifier, any serialization format can be used for Evidence because the Relying Party does not need a parser for it. The only requirement is that the Evidence can be encapsulated in the format required by the resource access protocol between the Attester and Relying Party.

However, as seen in the Passport Model, an Attestation Result is still consumed by the Relying Party. Code footprint and attack surface area can be minimized by using a serialization format for which the Relying Party already needs a parser to support the protocol between the Attester and Relying Party, which may be an existing standard or widely deployed resource access protocol. Such minimization is especially important if the Relying Party is a constrained node.

                               .-------------.
                               |             | Compare Evidence
                               |   Verifier  | against appraisal
                               |             | policy
                               '--------+----'
                                    ^   |
                           Evidence |   | Attestation
                                    |   | Result
                                    |   v
  .------------.               .----|--------.
  |            +-------------->|---'         | Compare Attestation
  |  Attester  |   Evidence    |     Relying | Result against
  |            |               |      Party  | appraisal policy
  '------------'               '-------------'

                 Figure 6: Background-Check Model
Last updated on