Skip to content

Update to attestedsvc map #326

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Oct 2, 2025
Merged

Update to attestedsvc map #326

merged 9 commits into from
Oct 2, 2025

Conversation

achamayou
Copy link
Member

@achamayou achamayou commented Sep 25, 2025
edited
Loading

This PR contains the following changes:

  1. did:attestedsvc: issuer payloads go from:
{
   1: -35,                ; alg: ES384
   2: [ "msft-css-dev" ],  ; crit
   4: bstr,               ; kid: SHA256 hash of canonical COSE_Key
  15: { ... },            ; CWT-Claims including issuer/subject
  "msft-css-dev": { ... } ; attestation map 
}

To:

{
   1: -35,                ; alg: ES384
   2: [ "attestedsvc" ], ; crit
   4: bstr,               ; kid: SHA256 hash of canonical COSE_Key
  15: { ... },            ; CWT-Claims including issuer/subject
  "attestedsvc": { "svc_id": "msft-css-dev", ... } ; attestation map as before
}
  1. Authentication enforces that iss starts with did:attestedsvc:{svc_id}:
  2. Authentication enforces that crit contains and only contains "attestedsvc"

@briankr-ms this is svc_id rather than svc-id for consistency with the other fields in the map (uvm_endorsement etc).

Closes #321

@achamayou achamayou requested a review from a team as a code owner September 25, 2025 13:38
@achamayou achamayou marked this pull request as draft September 25, 2025 13:38
@achamayou achamayou marked this pull request as ready for review September 25, 2025 15:47
@achamayou achamayou changed the title Draft re-shape of the attestedsvc map Update to attestedsvc map Sep 26, 2025
ivarprudnikov
ivarprudnikov reviewed Sep 30, 2025
View reviewed changes
@ivarprudnikov
Copy link
Member

/azp run

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@achamayou achamayou mentioned this pull request Oct 1, 2025
Closed
@ivarprudnikov ivarprudnikov merged commit f0c1a7e into microsoft:main Oct 2, 2025
9 checks passed
@ivarprudnikov ivarprudnikov deleted the attestedsvc_v2 branch October 2, 2025 11:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ivarprudnikov ivarprudnikov ivarprudnikov approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Change msft-css-dev header to attestedsvc
2 participants
@achamayou @ivarprudnikov