| 1. Definition | 2. Functional Requirements | 3. Syntax | 4. Semantics |
1 Definition
.
2 Functional Requirements
3 Syntax
https://schemas.mpai.community/AIF/V3.0/data/Security.json
4 Semantics
| Label | Description |
|---|---|
| Identity | Identifies allowed types of identity credentials. |
| – AIF-SEC-ID-X509 | X.509 certificate–based identity credential. |
| – AIF-SEC-ID-DID | W3C DID–based identity credential. |
| – AIF-SEC-ID-PSK | Pre‑shared key–based identity credential. |
| – AIF-SEC-ID-CUSTOM | Implementation‑specific identity credential type. |
| Authentication | Identifies allowed forms of authentication evidence. |
| – AIF-SEC-AUTH-JWS | JWS‑based authentication evidence. |
| – AIF-SEC-AUTH-JWT | JWT‑based authentication evidence. |
| – AIF-SEC-AUTH-CWT | CWT‑based authentication evidence. |
| – AIF-SEC-AUTH-SIGNED-NONCE | Authentication via a signed nonce. |
| – AIF-SEC-AUTH-MTLS | Authentication via mutual TLS. |
| – AIF-SEC-AUTH-CUSTOM | Implementation‑specific authentication method. |
| Authorization | Identifies allowed types of authorization evidence. |
| – AIF-SEC-AUTHZ-OPA | Authorization based on an OPA (Open Policy Agent) decision. |
| – AIF-SEC-AUTHZ-XACML | Authorization based on an XACML decision. |
| – AIF-SEC-AUTHZ-CUSTOM | Implementation‑specific authorization mechanism. |
| Integrity | Identifies allowed forms of integrity evidence. |
| – AIF-SEC-HASH-SHA256 | Hash integrity using SHA‑256. |
| – AIF-SEC-HASH-SHA384 | Hash integrity using SHA‑384. |
| – AIF-SEC-HASH-SHA512 | Hash integrity using SHA‑512. |
| – AIF-SEC-HASH-BLAKE3 | Hash integrity using BLAKE3. |
| – AIF-SEC-SIG-ED25519 | Integrity via Ed25519 digital signature. |
| – AIF-SEC-SIG-RSA-PSS-SHA256 | Integrity via RSA‑PSS with SHA‑256. |
| – AIF-SEC-SIG-ECDSA-P256-SHA256 | Integrity via ECDSA P‑256 with SHA‑256. |
| – AIF-SEC-INTEGRITY-CUSTOM | Implementation‑specific integrity method. |
| Confidentiality | Identifies allowed confidentiality protection methods. |
| – AIF-SEC-ENC-AES-GCM | Confidentiality via AES‑GCM encryption. |
| – AIF-SEC-ENC-CHACHA20-POLY1305 | Confidentiality via ChaCha20‑Poly1305. |
| – AIF-SEC-ENC-RSA-OAEP | Confidentiality via RSA‑OAEP encryption. |
| – AIF-SEC-ENC-CUSTOM | Implementation‑specific confidentiality method. |
| Freshness | Identifies allowed freshness and anti‑replay mechanisms. |
| – AIF-SEC-FRESH-NONCE | Freshness via nonces. |
| – AIF-SEC-FRESH-SEQUENCE | Freshness via sequence numbers. |
| – AIF-SEC-FRESH-SIGNED-TIME | Freshness via signed timestamps. |
| – AIF-SEC-FRESH-CUSTOM | Implementation‑specific freshness mechanism. |
| Attestation | Identifies allowed attestation mechanisms. |
| – AIF-SEC-ATTEST-TPM | TPM‑based attestation. |
| – AIF-SEC-ATTEST-SGX | Intel SGX attestation. |
| – AIF-SEC-ATTEST-SEV | AMD SEV attestation. |
| – AIF-SEC-ATTEST-TEE | Generic TEE attestation. |
| – AIF-SEC-ATTEST-CUSTOM | Implementation‑specific attestation mechanism. |
| Audit | Identifies allowed auditability‑related evidence types. |
| – AIF-SEC-AUDIT-MERKLE | Merkle‑tree‑based audit evidence. |
| – AIF-SEC-AUDIT-CHAIN | Hash‑chain‑based audit evidence. |
| – AIF-SEC-AUDIT-TAMPER-EVIDENT | Tamper‑evident audit evidence. |
| – AIF-SEC-AUDIT-CUSTOM | Implementation‑specific audit evidence. |
