►
From YouTube: RATS Architecture Design Team, 2019-12-10
Description
RATS Architecture Design Team, 2019-12-10
A
A
A
A
A
A
A
E
A
C
D
A
A
A
Typically,
everybody
first
took
the
whole
procedure
as
attestation
and
it
causes
confusion,
but
maybe
somewhere
in
this
room
here
would
like
to
convict
me
and
say:
no,
no,
no
agitation
is
good
term,
but
I
think
it's
very
overused
and
without
any
I
think,
let's
say
call
it
and
prefixing
or
post
fixing
turns
which
only
asks
for
confusion.
Typically
mm-hmm.
B
B
B
F
By
the
way,
if
we're
gonna,
if
we're
gonna,
define
it
what's
in
the
text
right
now
is
not
it
because
right,
my
dad
last
right,
which
then
accepted
its
trustworthiness.
We
clearly
don't
use
that
in
phyto.
In
fact,
we
can
and
we
allow
for
something
called
the
non
attestation,
so
that
yeah,
you
really
were
lying
part
of
you,
no
interest
in
dealing
with
the
privacy
implications
of
an
annexation
statement.
They
don't
have
to
get
it.
E
A
Me,
maybe
maybe,
if
we
work
on
this
terminology,
you
always
have
a
observing
eye
on
this,
that
we
at
least
differentiate
out
and
another
term
may
be
what
your
specific
non
hesitation
kind
of
the
static
content
is,
so
that
we
don't
never
forget
that
that
the
expressiveness
is
somehow
maybe
a
smaller
or
the
scope
might
be
bigger
and
therefore
the
expressive.
This
isn't
a
single
phone.
F
A
G
D
From
the
TCG
terms,
I
think,
though,
I
I
I
propose.
We
bring
this
this
this
term
to
the
that
we
omit
this
term
for
the
moment
and
that
we
bring
it
to
the
working
group
and
we
say
well
if
we
don't,
if
we
don't
define
attestation,
or
maybe
it's
remote
at
a
station
in
the
architecture
document,
and
where
would
we
we
define
it
and
and
if
it's
a
if
the
it-
and
it
might
be,
that
we're
better
to
simply
not
define
it,
because
we
can't
get
any
reasonable
agreement
on
what
is
a
useful
term.
D
D
A
B
D
D
D
A
D
A
We
introduced
the
presidency
initially
to
not
restrict
this
to
direct
one-to-one
compassion,
so
reference
value
had
this
unknown
good
value
reference
value.
Have
this
connotation
of
you?
Do
a
one-to-one
comparison?
It's
binary,
it's
yes
or
no,
and
sometimes
it's
like
the
geo-coordinates.
You
are
inside
that
space
or
you're
not
inside
this
space,
but
you
have
a
lot
of
coordinates.
You
cannot
just
compare
them.
You
have
to
make
a
calculation,
so
it's
more
like
a
policy.
A
A
D
D
D
B
D
B
B
D
D
D
B
A
B
B
He
may
only
have
a
trust
anchor
to
trust
the
owner,
which
case
he's
only
going
to
be
able
to
if
they
are
passed
through
the
owner
and
the
owner
essentially,
and
certainly
the
owner
could
configure
a
policy.
That
said,
must
implicitly
this
endorser
and
put
the
endorsers
trust
anchor.
But
again,
that's
a
delegation
and
it
came
by
way
of
the
owner
who's
having
provision
the
trust,
anger
still
think
I'm
going
through
the
owner.
F
So
why
another
standard
body
that
you
know
not
me
directly
involved
with,
but
other
standards
bodies
at
other
Qualcomm
people
are
elevation
when
they
talk
about
endorsements
they're,
literally
talking
about
Stinney,
so
I'm
not
sure
we're
talking
about
the
same
thing
here.
So,
for
instance,
if
I
look
at
it
is
it's
from
a
device
perspective,
it
seems
out
of
station
evidence
and
it's
signed.
It's
essentially
been
endorsed,
so
the
device
itself
back
to
accident
endorser.
Oh.
A
So
the
doors
means
the
one
one
very
important
type
of
endorsement
is
when
the
tester
cannot
create
evidence
for
it.
It's
it's
like
rock
bottom
of
it,
a
remote
attestation,
you
at
some
point
and
reach
the
function,
for
example,
that
signs
your
agitation
evidence.
It
cannot
provide
evidence
for
itself.
This
doesn't
work
show.
So
this
dysfunction,
for
example,
did
was
arise.
A
The
designs
in
a
te
space
in
this
parole
in
the
years
II
a
very
specific,
a
vetted
environment
and
is
probably
signed
function,
and
this
signature
has
a
trust
in
fire,
and
then
this
is
a
certificate,
the
certification
path.
That
is
the
endorsement
of
that
function.
That
provides
you
with
the
community
the
capability
to
trust
those
signatures
and
that
make
all
the
other
things
the
evidence,
but
cannot
provide
evidence
about
itself.
That
is
the
that's
just
biting
its
own
tail,
so
that
doesn't
work.
So
there
is
one
very
prominent
type
of
endorsement.
A
We
will
need
from
from
the
trust
anchor
from
the
outside
to
understand
that
this
component
is
inside
of
your
a
tester
is
trustworthy
or
supposed
to
be
trustworthy.
You
cannot
really
measure
that
again,
there's
no
evidence
for
this.
You
have
to
trust
the
external
endorsement
of
that,
and
that
is
a
very
prominent
person.
I
think.
B
B
E
Yeah,
you
know-
maybe
oh
yeah,
I'm,
making
attempt
yeah,
I,
think
I
think
owner
has
to
be
in
there
is
an
entity
in
order
to
make
any
sense
out
of
these
relationships
at
all.
Oh
there's
really
the
stakeholder
their
way.
Okay,
another
one
River
try
to
make
sure
that
this
thing
is
what
it
claims
to
be.
No.
E
E
E
What
is
the
entity
that
reduces
the
manifest?
Is
the
shipper
the
shipper
doesn't
make
sense
in
this
context,
when
he's
that
word
well,
I
am
kind
of
worried
about
using
the
join
the
Dorset
as
being
the
thing
that
science
simply
find
something
so
I'm.
Just
I
am
worried
about
any
confusion
by
using
the
term
endorser,
because
it
wouldn't
come
natural
to
me
of
what
that
means.
E
Yeah
I
got
to
read
the
definition
in
the
context
of
what
we're
doing
here
in
order
to
understand
what
we
mean
by
endorse
it
and
try
to
think
we
should
try
to
come
up
with
terms
and
relate
to
people
without
having
to
look
up
into
one
of
our
losses.
I
don't
have
a
better
word
I'm,
just
issuing
you
can
say
just
II
mean
we
we've.
F
So
I
mean
this
came
up
specifically
in
the
context
of
global
platform.
Right,
which
is,
you
know,
the
TDE
standardization
body.
So
our
representative,
there
came
back
to
me
and
asked
me
specifically
about
how
is
wraps
dealing
with
the
topic
about
endorse
tokens
and
what
they
were
looking
at.
A
nun
endorsed
token
was
the
conveyance
of
attestation
evidence
without
a
signature.
F
Basically,
they
were
basically
saying
we
can
put
it
in
a
code
a
envelope,
but
we
just
don't
want
to
encrypt
it
or
sign
it,
because
we
have
a
trusted
communications
link
between
whoever
is
providing
the
annotation
evidence
and
the
and
the
verifier
so
that
it
that's.
What
is
you
know?
It's
so
I
mean
that's
a
solid
example
of
people
who
are
thinking
of
endorsement.
That
means
something
very
different
than
what
it's
being
discussed
here
so.
D
E
F
E
On
the
diagram,
well
we're
using
the
term
indoors,
someone
saying
this
is
where
it
should
be
think
about
again
the
manifest
I
have
a
piece
of
paper.
It
says:
I
should
have
this
many
containers
on
this
ship
and
its
bottom
of
that.
Someone
cited
and
said:
yes,
I
approve
this
list.
Let's
make
a
distinction
between
sided
and
the
list
itself,
so.
B
We
had
a
conversation
about
some
terminology
that
we
thought
was
was
relevant
and
not
role
specific
but
relevant,
and
one
of
those
words
was
a
certain.
So
so
we
could,
we
could
say
it
was
ballot.
This
use
the
word
assertion
for
any
of
the
roles,
because
any
of
the
roles
could
assert
something
it
might
make
sense
to
say
that
endorsed
is
also
one
of
those
kinds
of
terms
where
an
assertion
and
a
certain
endorsed
assertion
you
know,
has
authenticity
and
an
unendorsed
assertion
does
not
that.
Could
all
that
all
seems
to
make
sense
to
me.
E
A
B
B
D
B
B
No
I'm,
I'm,
okay,
either
way
if
we
use
it
sort
of
synonymously
with
assertion
just
because
we
don't
want
to
have
to
say
sir.
Yes,
you
know
asserts
of
assertion
that
just
is
clunky
I'd
rather
say
they
served
a
claim
have
it
in
the
context
of
you're,
either
thirteen
claims
as
evidence
or
you're
asserting
claims,
as
in
this
case
endorsements
or
you're
certain
things
as
a
policy
or
you're
asserting
claims
as
activation
results.
You
know
that
mythology
makes
sense
in
any
context.
A
Every
should
at
least
capture
that,
because
I
think
the
asserting
a
claim
sounds
reasonable
to
me
again
claim
claim.
An
assertion
are
basically
synonyms
outside
the
ITF.
The
the
itu-t
basically
never
uses
footnotes
and
there's
one
footnote
and
the
glossary
of
itu-t
document
about
secure
identities
and
such
that
says,
claim
and
CERN
and
assertions
are
basically
synonyms.
There
is
no
relevant
distinction
here
and
ITF.
They
are
fortunately
claimed
so
to
speak.
A
B
B
B
B
D
D
A
Sorry
that
may
take
care
for
just
as
a
logistical
part.
We
do
plan
to
recharge
her
and
we
do
plan
to
have
that
in
scope.
So
do
we
we
couldn't.
We
can
address
that
by
doing
if
this
is
released
as
abyss
and
then
change
that
or
we
can
just
not
use
stars
I,
don't
know
of
scoping
in
this
level
on
this.
That
document
makes
sense,
if
you
think
it
does.
Please
do
I
just
wanted
to
highlight,
and
my
year
it
unnecessary
chart.
That
is
the
only
thing
I
want
to
say.
D
E
D
A
B
It's
a
policy,
it's
a
relying
party
policy
and
whether
we
call
it,
you
know
something
complex
or
we
just
make
it
simple.
If
we,
if
we,
if
we
call
it
if
we
use
all
these
names
that
we've
defined
terms
for
then
that
it
gives
us
the
impression
that
the
relying
that
we
have
to
specify
for
more
about
what
the
relying
party
is
we
really
want
to,
given
that
the
relying
party
is
essentially
out
of
scope,
the
attestation
result
is
in
scope.
The
relying
party
is
out
of
scope.
B
A
Yet
the
interesting
part
is
that
the
denied
party
is
the
consumer
for
office.
The
good
night
party
wants
to
know
if
it's
peer
is
trustworthy,
if
it
can
act
on
this
information
and
just
go
on
guys
to
stop
acting,
and
so
it's
so
it's
a
very
relevant
party,
but
doesn't
really
do
much
architecture
wise.
We
just
consume.
E
E
D
B
E
A
E
A
That
that
is
to
extent
very
true.
They
think
that
the
the
the
thing
here
that
was
always
said
was
that
we
do
not
want
to
be
binary
here.
There
is
not
only
a
yes
or
no,
there
can
be
a
yes
on
all
the
surveys.
Yes,
and,
and
if
it
is
less
simple,
then
it
has
revised
policies.
That's
all
this
has
actually
and
we
don't
even
define
the
source,
we
don't
define
the
format.
Actually,
this
is
all
out
of
scope.
E
I
think
in
your
example
right
the
Hawaiian
party
say
the
tester
is
version
2
and
version.
2
who's
got
the
vulnerability
in
it.
That
version
3
is
6.
For
example,
ok,
the
relying
party
like
say
well,
I'm
not
like
if
it's
person
to
I'm
going
to
want
to
do
a
subset
of
things.
I
do
everything
so
I'm
actually
gonna
want
to
turn
it
over
to
get
remediated
if
it
wants
to
second
set
right.
F
E
Is
I
don't
want
to
turn
the
relying
party
into
another
verifier
I?
Think
if
we're
gonna,
let
the
relying
party
have
some
knowledge
of
the
appraisal,
policy
and
I
think
the
appraisal
policy
that
goes
into
the
verifier,
which
is
in
so
I
think
it's
in
scope
to
this
work
to
talk
about
the
policy,
the
understanding
whatever
it
is,
we're
going
to
give
it
a
lion
party
right
to
say.
Oh,
the
verifier
did
all
this
work
for
me
and
it
came
up
with
an
answer.
I
need
to
go.
E
D
B
B
You
know
an
example
might
be
the
a
tester
has
an
identity
and
a
bunch
of
information
about
the
versions
of
software
that
it's
running.
Verifier
verifies
the
software
and
then
produces
the
claim
that
says
this.
This,
the
tester
has
this
identity
by
the
bigger
fire
party.
Just
has
a
policy
that
says:
I
trust
this.
If
it
has
this
identity,
it
still
has
to
evaluate
the
identity
claim
or
requires
the
very
part.
E
That
the
verifier
has
a
whole
bunch
of
details.
It's
got
to
deal
with
and
in
a
TPM,
for
example,
in
the
stupid
application.
It's
going
to
have
the
event
log
and
everything
else,
and
it's
going
to
come
up
with
a
decision
and
I
think
what
I
think
is.
It
seems
like
the
message
from
the
very
part
of
the
relying
party.
It
is
some
sort
of
reduction
of
all
of
that
information.
And
again
maybe
it's
two
things.
No,
don't
allow
this,
yes,
allow
it,
but
I
want
you
to
remediated
or
recommend
remediation
or
three.
E
B
Draw
this
relying
party
expand
this
diagram
a
little
bit
further.
The
relying
party
would
be
in
control
of
a
resource
and
the
position
of
being
the
enforcement
point
for
access
to
the
resource,
wouldn't
necessarily
imply
that
the
verifier
has
to
be
the
first
owner
and
have
knowledge
of
the
resource
in
order
to
with
a
decision
about
access.
B
E
So
then,
that's
actually
a
really
good
way
to
look
at
this
is
who
actually
owns
the
resource
visit
eat
lying
party?
This
is
the
decision-maker
I'm,
not
convinced
you
want
the
verifier
to
be
the
decision
makers.
Suddenly,
I
think
the
verifier
just
does
the
reduction
I'm,
not
sure.
That's
the
right
word
this
one.
That
comes
to
my
mind.
Right
now
comes
to
me
says
yes
or
no,
you
know
and
then
it's
up
to
somebody
else
to
go
see
all
of
them
in
you
know
it's
worth
well,
I!
E
Guess
it's
so
I'm
thinking
of
like
a
piece
of
safety
equipment.
If
you
read
any
of
the
regulations,
you
know
you
have
to
have
authorization
into
a
piece
of
putting
it
the
exception
of
a
safety
critical
operation,
somebody
you
know
you
might
have
an
override
switch.
That
says
hey
if
this
thing's
on
fire
I,
don't
care
about
authorizing
users,
I'm
not
going
to
hold
off,
because
you
typed
in
my
password
to
shut
down
the
system
right.
The
safety
system
have
somebody
have
to
make
a
decision.
E
E
I
better
work,
yes,
I
will
make
some
assertion
my
evaluation
right
and
then
it's
up
to
I.
Guess
even
a
better
word
is
like
an
attorney
and
a
client.
The
attorney
can
tell
the
client
I
think
he
shouldn't
do
this
against
my
legal
advice.
To
do
this
about
the
attorney
doesn't
make
a
decision.
The
client
makes
a
decision.
The
client
takes
the
risk.
Well,
maybe
that's
a
better,
and
in
this
case
the
verifier
is
a
role
of
the
attorney
saying
this
is
legal.