8.4. Attestation Results
8.4. Attestation Results
Attestation Results are the input used by the Relying Party to decide the extent to which it will trust a particular Attester and allow it to access some data or perform some operation.
Attestation Results may carry a boolean value indicating compliance or non-compliance with a Verifier's appraisal policy or may carry a richer set of Claims about the Attester, against which the Relying Party applies its Appraisal Policy for Attestation Results.
The quality of the Attestation Results depends upon the ability of the Verifier to evaluate the Attester. Different Attesters have a different Strength of Function, which results in the Attestation Results being qualitatively different in strength.
An Attestation Result that indicates non-compliance can be used by an Attester (in the Passport Model) or a Relying Party (in the Background-Check Model) to indicate that the Attester should not be treated as authorized and may be in need of remediation. In some cases, it may even indicate that the Evidence itself cannot be authenticated as being correct.
By default, the Relying Party does not believe the Attester to be compliant. Upon receipt of an authentic Attestation Result and given the Appraisal Policy for Attestation Results is satisfied, the Attester is allowed to perform the prescribed actions or access. The simplest such appraisal policy might authorize granting the Attester full access or control over the resources guarded by the Relying Party. A more complex appraisal policy might involve using the information provided in the Attestation Result to compare against expected values or to apply complex analysis of other information contained in the Attestation Result.
Thus, Attestation Results can contain detailed information about an Attester, which can include privacy sensitive information as discussed in Section 11. Unlike Evidence, which is often very device- and vendor-specific, Attestation Results can be vendor-neutral, if the Verifier has a way to generate vendor-agnostic information based on the appraisal of vendor-specific information in Evidence. This allows a Relying Party's appraisal policy to be simpler, potentially based on standard ways of expressing the information, while still allowing interoperability with heterogeneous devices.
Finally, whereas Evidence is signed by the device (or indirectly by a manufacturer if Endorsements are used), Attestation Results are signed by a Verifier, allowing a Relying Party to only need a trust relationship with one entity rather than a larger set of entities for purposes of its appraisal policy.