►
From YouTube: RATS Architecture Design Team, 2020-04-21
Description
RATS Architecture Design Team, 2020-04-21
A
A
A
B
B
B
D
B
B
B
A
B
Things
like
you
know,
I
asked
you
a
father.
Sorry
I
can
expected
that
hard
work
version
only
make
sense
to
compare
against
for
a
clean,
that's
about
a
hardware
version
right
and
that's
what
wasn't
coming
through
right
now
and
so
I
at
least
removed
332
332,
but
it's
okay
to
use
those
as
an
example.
If
somehow
you
know,
for
example,
for
a
claim
about
a
hardware
version,
it
might
compare
it
against
a
known
good
hardware
version.
Something
like
that
would
be
fine
to
say.
I.
B
B
To
change
at
336
is
my
main
point
here.
Then.
All
this
discussion
about
good
values
is
just
a
special
case
and
I,
don't
like
it
calling
out
a
special
case
without
talking
about
the
more
general
case.
The
more
general
case
is
that
you
use
parameters
or
values
in
the
appraisal,
and
those
values
could
be
more
than
just
known
good
values.
B
They
could
be
the
values
to
be
used
in
a
range
they
values
to
be
used
as
in
a
set
to
check
membership
against
the
value
to
be
used,
as
the
exclusion
range
like
the
time
that
the
expiration
time
is
an
example
if
it
actually
is
equal
to
that,
it's
a
bad
value.
Anything
you
know
it
has
to
be
less
than
that,
as
opposed
to
less
than
or
equal
to.
And
so
the
point
is,
you
can
get
values
from
one
place
and
you
can
get
the
appraisal
policy
that
consumes
those
values
with
their
place.
B
That's
the
more
general
case
that
I
think
this
needs
to
address
some
good
values,
just
a
special
case
of
the
more
general
thing
where
you're
doing
or
you're
doing
an
equality
test
as
opposed
to
a
membership.
In
a
set
test
or
a
range
to
test
or
something
else,
and
so
the
values
to
be
used
in
those
checks
can
come
from
a
different
place,
which
is
what
this
is
talking
about.
But
no
good
values
is
just
the
special
case
where
it's
equality
and
I
wanted
to
generalize.
It.
C
Yeah,
that
sounds
fine
I
mean
you
could
even
go
so
far
as
like
machine
learning,
I
was.
B
Attempting
to
do
in
336
and
I'm,
not
sure
I'm
done,
but
that
was
my
goal
in
336
was
to
say:
oh
yeah.
That
was
just
one
example,
but
in
general
you
know
it
could
be.
Membership
in
a
certain
range
of
values.
Now
may
be
known
valid
that
values.
It's
not
the
right
term
to
use,
because
you
could
argue,
that's
actually
an
exclusion
range
or
something
like
that,
because
you
know
it's
a
less
than
as
opposed
to
less
than
or
equal
to
you.
So
it's
the
value
to
be
used
in
lessons.
F
B
If
somebody
wants
text
that
talks
about
you
know
constraints
and
values,
I
that
would
be
lovely
text
I'm
just
trying
to
abstract,
because
right
now
it
just
calls
out.
You
know
equality
and
known-good
that
I
use
and
says
nothing
about
the
more
general
case
and
so
I'm
just
trying
to
argue
that
we
need
more
general
text,
whether
it's
constraints
or
whatever,
and
so
I
took
one
shot
at
it.
But
I'm.
There
are
things
even
in
the
text
that
I
proposed
and
I'm
not
happy
about,
and
so
I
would
love
more
suggestions,
work
on
it.
C
B
Just
like
337
is
phrased
as
a
way
that
specific
and
known
good
values
and
I
didn't
have
a
wording.
Suggestion
like
337
I,
think
needs
to
be
rewritten
to
be
more
general
to
that's
the
one
that
says
you
can
get
them
from
someplace
other
than
the
appraisal
policy
and
the
things
you
can
get
are
the
you
know
things
to
be
used
in
those
constraints.
G
H
B
Mean
if
you
think,
if
you
would
still
I,
think
the
test
to
verify
that
that
term
is
accurate,
which
it
might
be,
is
but
so
you're
doing
a
test
against
a
membership
and
a
set
right.
As
long
as
you
know,
if
the
claimed
value
was
one
of
the
following
three
things
like
one
of
the
following
three
Hardware
models
or
whatever
it
was,
and
you'd
also
use
it
to
say
to
Express,
say
a
expiration
time.
B
A
A
B
B
That
phrase
probably
needs
to
be
replaced
with
something
that
explains
that
it's
you
know
a
can
like
the
thing
that
I
had
in
mind
was
like
a
time
stamp,
although
it
could
apply
to
like
a
not
equals
thing,
and
so,
rather
than
inventing
some
new
term
I
mean
I,
don't
have
an
objection
if
other
people
like
no
and
bad
values,
but
it
could
be
worded
better,
but
the
337
is
the
one
that
doesn't
have
any
I.
Don't
there's
no
suggestion
there.
Somebody
needs
to
express
thanks
for
that
right.
H
I
B
B
H
B
B
B
B
Actually,
now
that
we've
done
the
other
one
I
would
delete
good
values
or
because
reference
value
they're,
not
alternatives
right.
Nobody
I'll
use,
are
types
of
reference
values
and
so
I'll
just
a
week
and
say
two
reference
values.
I
want
to
modify
my
own
suggestion
here.
The
reference
value
discussion.
B
B
B
H
It
why
not
the
Muirfield
Village
reference
various
for
claims,
reference
values,
just
patrolling
it
like
in
combination
with
policies,
you
know
so
the
good
and
bad
things
that
you
are
highlighting
its
captured
here.
So
you
do
have
things
and
then
you
have
the
basic
D
D
should
and
then
you
have
the
is,
and
then
there
between
is
the
policy.
So
that's
a
very
generic
thing
right.
The
thing
when
I
express.
B
Known
bad,
like
I,
said
the
example
of
a
known
bad
value
would
be
the
expiration
time
once
it's
equal
to
that.
It's
bad
right,
and
so
that
was
the
a
check
for
being
an
arranged
bounded
by
reference
values,
and
so
the
upper
bound
would
be.
It
would
have
been
that
so
I
did
try
to
encompass
that
idea.
I
tried
not
to
use
the
term
known
bad
guy
use,
it's
actually
a
range
check
right.
B
Why
I
said
or
any
other
test,
hopefully
with
that
set,
you
can
extrapolate
to
you,
know
inequality
or
other
arbitrary
things
that
might
involve.
You
know
computation.
You
know,
as
you
know,
two
times
the
value
of
this
clay
and
plus
that
other
claim
less
than
something
more
complex.
I
didn't
want
to
go
into
any
more
complex
stuff,
but
it's
in
theory
possible.
G
G
B
Was
exactly
my
intent
here
because
the
stuff
what
where
it
comes
from
is
in
a
paragraph
after
this
one,
it
says
oh
and
those
reference
values
could
come
from
either
of
those
two
places.
So
yes,
that's
exactly
what
I
had
in
mind
to
capture.
So
thanks
I
mean
the
inner
paragraph
needs
some
improvements,
but
that
was
the
intent
when
I
was
writing.
This
text,
yeah
yeah.
E
B
B
B
Scroll
up
to
the
323
324
yeah
right
there
evidence
appraisal
policy,
oh
you're
right
it
doesn't
have
reference
values
in
there.
Okay,
so
we
do
need
to
connect
it.
This
one
says
the
praise:
a
policy
can
be
obtained
along
with
endorsements
or
might
be
obtained
via
some
other
mechanism.
That's
being
configured
and
the
key
point
here
then
that's
making
I
think
is
that
the
appraisal
policy
might
have
two
parts
right:
the
set
of
conditions
with
variables
and
the
value
of
those
variables
peacefully,
and
they
can
come
from
two
different
places.
B
B
So
it's
like
at
the
composition
of
two
different
places,
I
think,
is
that
when
I
don't
think
now
that
I'm
looking
at
it,
this
is
thought
that
it
was,
and
yes
I
agree
with
you
net
that
we
need
to
say
something
about
that.
Maybe
right
after
the
paragraph
that
we
were
just
looking
at
those
that
I
wrote
would
be
a
good
place
for
it.
B
B
B
B
E
B
It
still
needs
some
cleanup,
but
if
you
want
to
merge
it
and
then
I
may
do
a
cleanup
past
afterwards,
like
I
mentioned
that
I
think
it
over
indexes
on
verifier
there's
a
little
bit
of
redundancy
between
the
text
that
we
just
committed
and
the
line
336
and
so
I
can
see
something
that
there
needs
to
be
done.
But
if
you
want
to
do
that
in
two
steps,
I'm,
okay
with
that
right
means
I
got
to
remember
to
do
that.
Well,
I'm,
still
thinking
about
what
we
just
talked
about.
H
Some
things
I
addressed
some
things,
I
commented
on
so
I
think
it's
basically
so
the
the
one
line
comment.
It
is
a
very
global
from
Dave
I
addressed
all
mega
lines
and
made
them
paragraphs
with
multiple
lines,
so
that
is
fixed
but
not
committed
on
ICS.
Sorry
next
point
was
more
to
the
detail
and
when
I
thought,
maybe
not
I
made
a
bigger
comment
about
this.
Probably
the
next
one
is
yeah.
That's
the
entity
discussion
here.
H
We
have
another
discussion
that
is
basically
from
January
where
we
said
we
should
introduce
the
terms
entity
and
sub
entity
through
the
terminology,
and
nobody
was
disputing
that
there
was
only
a
refinement
of
that
statement.
Now
we
it's
under
issue
list
so
and
now
this
is
basically
the
opposite.
Also
entity
is
used
quite
a
lot
throughout
the
document.
Apparently
I
made
a
quick
search
and
it
is
basically
the
founding
stone
of
composite
device,
because
it's
an
entity
and
I'm
very
surprised
by
this
year.
H
Right
now
and
I
in
general,
think
we
already
have
decided
against
device.
We
need
a
buckets.
We
don't
have
to
further
find
it.
That
is
clear
and
the
general
consensus
I
thought
was
entity,
so
the
proposal
was
to
use
implementation.
I
would
not
support
that.
It
is
not
an
implementation
guidance.
We
are
heating
here,
for
it
is
an
architectural
concept
and
it
is
about
how
multiple
rolls,
on
the
same
same
thing
intact.
H
Basically,
it
is
important
to
understand
that
you
had
the
protocols
for
that
and
that
therefore,
sometimes,
if
you
send
something
to
a
relying
party,
you
are
also
sending
it
to
the
verifier
because
they
are
the
same
thing:
the
same
service
on
the
other
side,
so
that
is
a
convergence
of
content
and
payloads
and
therefore
protocols
and
therefore
design
of
the
complete
solution.
That
is
not
a
mere
implementation
guidance,
I,
think
it's
an
architectural
decision
and
therefore
I
would
not
go
with
the
implementation
part.
B
I
agree
with
what
you
said
about
implementation:
I
disagree
with
what
you
said
about
entities
so,
for
example,
when
we
had
the
composite
discussion,
we
said
we're
not
going
to
use
the
term
composite
entity,
we're
gonna,
use
a
word
composite
device
and
so
I
claim
we
do
not
have
any
consensus
on
using
entity
anything
other
than
that.
Maybe
English
layman's
text
in
the
middle
of
a
sentence
where
nothing
else
works,
but
not
as
any
formal
term.
In
any
sense,
and
so
the
issue
that
mentions
entity
and
sub
entity
is
still
open.
B
It
is
not
closed
or
anything
like
that,
and
so
I
claim
that
we
do
not
have
consensus
on
using
entity
except
for
an
laymen
text
where
it
is
the
legged
to
define
other
terms.
I
have
no
objection
to
that,
but
here
I,
don't
like
calling
out
entity
in
any
formal
sense
and
I.
Don't
think
it's
necessary
here.
B
I
think
roles
is
perfectly
fine
here
and,
as
I
mentioned,
we
have
cases
where
we
agreed
to
use
device
such
as
in
composite
device,
not
composite
entity,
and
so
in
some
cases
the
term
device
is
perfectly
fine
for
the
word
entity.
In
other
cases,
it's
not
a
depends
on
the
context.
That's
what
I
mean
by
about
half
of
ways
that
I
think
I.
H
It
is
the
collapse
collapsing.
Rolls
has
implication
on
architectural
design,
for
example,
I
think
highlighted
an
example
here.
So
let's
understand
how
they
are
using
internet
protocols
or
not.
It
is
later
on.
There
was
another
issue
somewhere
that
highlighted.
Maybe
we
should
make
an
example
for
all
the
arrows
between
the
boxes
like
why
suddenly,
as
evidence
sent
from
a
I,
don't
know
relying
party
to
a
tester?
Isn't
that
weird
and
yes,
because
it's
transitive
so
far
so
to
speak.
H
So
we
are
elaborate
all
these
little
examples,
when
the
actual
conceptual
message
is
not
relate
between
the
roles
they
actually
source
in
target,
so
that
this
has
an
impact
on
the
protocols
being
used
and
I
understand
that
this
is
vital
to
so,
I
was
agreeing
on
that
part
yeah.
Maybe
we
should
have
a
permutation
example
thing
yeah
that
says
yeah.
This
is
why
evidence
is
not
directly
relate
to
the
verifier,
because-
and
now
you
are
highlight
by
its
related
here-
is
one
conveyed
here.
So
coming
back
to
this,
this
also
come
happens
when
roles
collapse.
H
So
if
you
collapse
relying
party
a
verifier
role
like
an
or
if,
for
example,
then
suddenly
more
things,
then
typically
I'll
convey
to
the
same
thing:
I,
don't
know
the
better
term
now
formally
entity.
So
again,
you
might
use
the
same
protocol
to
do
this.
You
might
use
two
protocols
and
parallel
with
the
same
thing
now,
because
it
collapses
roads.
You
do
not
know
because
solution
decides
that.
So
the
important
thing
is
to
highlight
that
in
the
architecture,
but
there
are
multiple
implications
here.
H
E
B
Text
all
about
when
things
get
combined
into
the
same
device
and
I'm
still
confused
by
what
this
is
trying
to
solve,
which
is
Ned's
point,
and
so
I've
been
wondering
that
myself
as
I'm
staring
at
the
text
here.
If
this
is
all
about
what
goes
inside
of
a
particular
device,
then
the
term
implementation
might
actually
be
appropriate
implementation
guidance.
Your
implementation.
H
B
H
E
H
H
Maybe
some
I
don't
know
introduction
text
and
then
that
will
be
okay
so,
but
we
agreed
on
that
there
is
a
inconsistency
and
the
terms
use
artifact,
sure
artifacts
in
the
in
the
text.
That
is
I,
think
roll
composition.
There
were
only
a
very
few
occasions
of
that:
I
prune.
Those
is
this
concept
here,
remaining
that
there
is
a
something
that
can
take
on
multiple
roles,
I
think.
B
A
B
E
H
Is
a
very
good
point
as
an
example
I
made?
No,
that
is
not
true.
Maybe
roles
have
separate
him
because
one
role
is
residing
in
a
te
and
the
other
role
is
designing
its
residing
in
the
REE
and
therefore
they
have
different
key
material
and
are
basically
separated
still
on
the
same
device.
I
think
an.
H
E
A
E
Point
I
think
the
point
is
is
in
order
to
in
order
to
have
that
thought.
The
that's
in
this
that's
in
this
poor
request
we
we
have
to
we
have
to.
We
have
to
sorted
level
set
on
the
difference
between
a
role
and
an
entity,
and
maybe
maybe
we
don't
all
agree
but
I
think
that
that
Hanks
perspective
and
my
perspective
are
are
similar
in
that
that
we,
you
know,
we
see
that
the
the
roles
and
the
entities
are
different
things.
E
H
Which
to
circle
back
to
the
initial
issue,
which
is
rather
agree
talking
about
the
soft
I'm?
Sorry,
if
you're
not
going
to
use
device
or
entity
what
how?
How
do
we
explain
to
the
reader,
how
this
composition
thingy
works,
that
it's
just
about
the
roles,
not
more
composition?
Again,
we
also
agreed
not
to
use
that
so.
B
The
sentence
of
the
context
in
some
cases,
but
not
all
cases,
it
would
be
correct
to
say
within
a
device.
In
other
cases,
it
might
say
in
a
particular
implementation
and
in
other
cases
the
term
entity
might
be
appropriate
if
you
used
in
a
layman's
term,
not
in
any
specific
setting.
If
you're
going
to
be
as
generic
as
possible
and
so
I
think
it
depends
on
the
sentence.
A
B
I
think
intent,
although
the
original
intent
might
be
as
simple
as
two
sentences
and
I
don't
know.
If
we
have
agreement
on
anything
more
than
those
two
sentences,
that
was
at
the
top
of
what
Mike
was
highlighting
before
and
is
appearing
between
your
five
and
six.
That's
the
part
that
I
think
we
got
agreement
on
right.
E
Yeah,
so
we
agreed
that
there
was
a
that.
The
thought
that
would
that
was
in
this
pull
request
belongs
between
section
5
and
section.
6
agree
that
thirds
that
there
is
a
difference
between
something
that
we
call
roll
and
and
something
that
hosts
the
roll
or
multiple
rolls,
and
that
we
want
to
have
a
conversation
in
in
the
architecture
about
the
idea
of
something
I
won't
use.
The
word
entity
can
host
multiple
rolls
nicely.
E
H
A
B
Your
other
thing
that
you
can
do
you
can
see
it's
in
a
separate
branch,
the
role,
composition,
branch.
It
could
be
that
Ned
because
that's
a
it's,
not
a
hink
fork,
that's
a
branch
right,
and
so
thank
you.
Sorry
Ned
could
contribute
to
and
replace
that
branch
and,
if
that
happens
in
this
floor,
requests
automatically
updates
your
mission.
You
stop
making
this
pull
request
by
by
working
out
of
the
Royal
Composition
bridge.
Okay,
thanks
for
Q
couldn't
do
that,
but
in
in
the
role
composition
branch
you
can
do
that.
E
A
B
A
A
A
H
E
B
B
I,
don't
want
to
adopt
it
because
I'm
confused
about
what
it
should
say.
So
if
you
look
at
my
comment,
around
619
you'll
see
my
top-level
comment
about
what
is
it
actually
anchored
to
you
and
there's
no
text
that
actually
says
that
this
and
I'm
not
sure
how
to
write
as
that's.
Why
I'm
not
adopting
it
is
because
I
don't
know
how
to
address
my
own
comment
in
619
I,
don't
know
what
the
and
would
be
whatever.
H
Go
ahead,
I
wouldn't
been
implicit
here
because
again
I
think
there
are
implicit
trust
relationships
automatically.
Always
if
you
talk
about
the
lifetime
and
validity
of
evidence,
then
another
endorsements
may
also
have
a
specific
validity
frame.
So
then,
again,
the
evidence
and
the
translational
sites
are
implicitly
only
trusted.
I
E
E
A
B
Trying
to
accomplish
is
he's
trying
to
say
that
you
don't
need
to
like
rethink
the
key
door.
Ree
provide
information
if
you're
already
over
some
channel.
That
was
established.
That
already
had
that.
But
I
don't
know
how
to
how
that
works,
because
it
seems
like
what
you'd
have
is
something
that
would
be
the
equivalent
of
evidence,
and
so
that's
what
I'm
trying
to
get
at
that
I.
Don't
know
how
to
what
the
intent
is
exactly.
D
F
Okay
can
I
say
something
here,
I
think,
what's
complicating
the
discussion
of
the
trust
model
and
the
trust
itself
is
that
trying
to
capture
a
lot
of
specifics
about
relations?
Trust
is
really
about
a
relationship
and
dare
I,
say
entity.
You
know
between
entities
and
it's
a
question
of
point
of
view
and
we're
trying
to
make
one
description
of
something.
F
That's
capturing
all
the
different
point
of
views
of
where
the
trust
needs
to
be,
and
fundamentally
it
comes
down
to
if
you're,
the
part
that
what
the
the
entity
that
is
requiring
to
trust
of
another
entity.
You
have
some
basis
of
that
trust
and
mostly
we're
names
as
establishing
that
basement
of
basis
of
trust
and
if
I
trust
somebody
I
may
need
zero
claims
if
I
trust
them
a
little
bit.
I
may
need
claims
that
have
evidence
if
I,
don't
trust
them
at
all
or
I
have
tighter
constraints
on
what
I
really
need.
F
A
F
Thinking
about
it,
I
don't
have
a
lot
of
problem
with
the
things
the
trust
model
section
is
so
I'm
not
really
saying:
let's
replace
the
trust
model
section
with
an
abstract
discussion
on
point
of
view
of
trust
and
claims
about
claims,
I'm.
Just
saying
that
I
think
that
if
we
were
clear
about
what
we
mean
by
trust,
the
complication
of
writing.
These
other
sections
may
be
a
little
easier.
F
A
perspective
that,
as
an
example,
the
implicit
this
trust
discussion
that
could
happen
from
any
of
the
point
of
views
that
we're
talking
about
it
could
happen
at
the
verifier
or
at
the
relying
party.
It
even
happens
when
you
talk
about
up
the
ax
testers
and
and
how
do
you
rely
on
the
fact
that
a
tester
has
done
its
job
properly
and
if
you're
really
paranoid,
you
may
not
decide
to
trust
anything
unless
you
have
some
evidence
about
the
the
measure
itself.
F
E
F
F
E
F
E
F
The
core
thing
that
relates
architecture
here
is
that
there's
a
policy
for
every
entity
that
they're
doing
sometimes
that
policy
is
implicit,
they'll
just
do
whatever
they're
told,
or
they
will
not
even
consider
it
other
times.
There's
decisions
that
need
to
be
made
that
entity
about
how
they're
going
to
participate
or,
if
participate
at
all,
it's.
E
In
the
very
early
revisions
of
the
architecture
that
we
had
sections
around,
what
would
think
of
as
classic
you
know,
you
know
trust
policy,
trust,
anchor
management,
kinds
of
considerations
and
at
the
time
people
were
saying.
Well
we're
not
trying
to
kind
of
reinvent
that.
That's
sort
of
you
know,
that's
existing
everybody
understands
it.
It's
we're
not
trying
to
sort
of
reinvent
it,
but
it
does
play
a
role.
The.
F
New
part
about
that
is,
is
that
when
mechanisms
have
been
employed,
let's
talk
about
access
control
mechanisms
in
a
system,
if
you're
a
trying
to
do
an
appraisal
about
a
system.
The
fact
that
it's
a
certain
kind
of
system
that
has,
for
instance,
the
ability
to
enforce
a
mandatory
access
control
policy
might
be
an
important
thing
to
consider
about,
should
I
trust
that
machine
or
that
entity,
and
it
might
go
further
than
that
I
might
need
claims
about.
F
B
So
I
need
to
drop
off
soon,
but
I'm
willing
to
take
a
shot
at
adding
information
into
the
privacy
considerations
section
to
make
the
point
that
I
think
Peter
and
Ned
were
just
discussing
the
one
that
says
you
know
be.
A
tester
may
need
to
have
in
certain
like
mutual
attestation
stuff
so
that
it
says
I
only
want
to
give
my
evidence
to
a
verifier.
That
I
know
is
a
trusted
because
it
contains
sensitive
information,
so
I'm
fine,
taking
action
to
suggest
such
text
as
ever
up
here.
Okay,.