Improve Documentation #287
Conversation
README.md
Outdated
|
|
||
| [Reference Value Provider Service](attestation-service/rvps) | ||
| The RVPS manages reference values used to verify TEE evidence. | ||
| This is [mentioned](https://www.ietf.org/archive/id/draft-ietf-rats-architecture-22.html#name-endorser-reference-value-pr) |
There was a problem hiding this comment.
I am still not sure whether it is accurate here. The document just mentioned the Verifier would need to be trusted Reference Value Provider and Endorsor in some scenarios.
However, RVPS is neither Reference Value Provider nor Endorsor. it is actually a consumer of Reference Value Provider's reference value and Endorsor's Endorsement. It serves AS with formated reference values.
The purpose of RVPS is to shield the formats of different reference value release carriers and then provide an indexable query service. This is more like adding a layer of abstraction in an engineering sense.
I don't have any better suggestions at the moment because I didn't find a suitable description in this RATS document, so I am ok with letting it as the PR now.
There was a problem hiding this comment.
Ok, I'll change this to say that it is related to that section of the doc.
README.md
Outdated
|
|
||
|  | ||
|
|
||
| </div> |
There was a problem hiding this comment.
I'm thinking if skopeo and encrypted container image is really needed. We can just mention loading of keys in the right path to keep it simple
There was a problem hiding this comment.
Ok, I replaced the diagram with a fancy mermaid one. I am using a flowchart, which has some limitations in terms of layout. Mermaid also supports more complex C4 diagrams, but only as an experimental feature. What do you think about the flow chart? cc @Xynnn007
fitzthum
force-pushed
the
improve-docs
branch
8 times, most recently
from
eccb73e to
aafa0a8
Compare
attestation-service/README.md
Outdated
| @@ -134,16 +159,19 @@ Supported Verifier Drivers: | |||
|
|
|||
| The AS supports modular policy engine, which can be specified through the AS configuration. The currently supported policy engines are: | |||
There was a problem hiding this comment.
Should there be a mention that the policy is universal and no support for multiple policies?
There was a problem hiding this comment.
There is support for multiple policies. I am going to change this sentence around though. I don't think the modularity of the policy engine (i.e. the possibility to implement something other than OPA) is very significant.
|
|
||
| # Usage | ||
| ## Library | ||
|
|
||
| The AS can be built and imported as a Rust crate into any project providing attestation services. |
There was a problem hiding this comment.
Should there be any mention of CoCo AS and Amber/IntelTrustAuthority AS?
There was a problem hiding this comment.
ITA is supported in the KBS as an alternative to the AS. The AS itself doesn't have any support for it. We do have some support for veraison in the AS, but it's just part of the CCA verifier.
fitzthum
force-pushed
the
improve-docs
branch
4 times, most recently
from
44e4681 to
6a56d61
Compare
README.md
Outdated
| Attestation Service (AS for short) is a general function set that can verify TEE evidence. | ||
| - [Key Broker Service](kbs) | ||
| The KBS is a server that facilitates remote attestation and secret delivery. | ||
| It's role is similar to that of the [Relying Party](https://www.ietf.org/archive/id/draft-ietf-rats-architecture-22.html#name-relying-party) |
There was a problem hiding this comment.
| It's role is similar to that of the [Relying Party](https://www.ietf.org/archive/id/draft-ietf-rats-architecture-22.html#name-relying-party) | |
| Its role is similar to that of the [Relying Party](https://www.ietf.org/archive/id/draft-ietf-rats-architecture-22.html#name-relying-party) |
Make the README a little more descriptive and point to the cluster guide to help new users. Signed-off-by: Tobin Feldman-Fitzthum <[email protected]>
Clarify a few things in the AS README Signed-off-by: Tobin Feldman-Fitzthum <[email protected]>
fitzthum
force-pushed
the
improve-docs
branch
from
6a56d61 to
a61f6dd
Compare
General improvements to KBS documentation
WIP for now.@bpradipt @tylerfanelli lmk if there is anything you'd like me to add