<-Architecture Go to ToC Data Conventions ->
1. Identity Requirements
| Requirement | Description |
|---|---|
| Identity Uniqueness | A Process Instance shall have a unique Cryptographic Instance Identity (CII). |
| Identity Verifiability | The CII shall be verifiable using public‑key cryptography. |
| Identity Binding | The CII shall be bound to an Instance Credential issued by a trusted Trust Anchor. |
| Identity Freshness | A Process Instance shall present identity information that is valid at the time of trust establishment. |
| Identity Non‑Repudiation | A Process Instance shall be able to prove possession of the private key corresponding to its CII. |
2. Credential Requirements
| Requirement | Description |
|---|---|
| Credential Authenticity | Instance Credentials shall be signed by a Trust Anchor or an authorised Credential Issuer. |
| Credential Integrity | Instance Credentials shall be protected against modification. |
| Credential Validity | Instance Credentials shall include validity periods and shall be rejected if expired. |
| Credential Revocation | A Process Instance shall support mechanisms to detect revoked credentials. |
| Credential Attribute Trust | Attributes included in Instance Credentials shall be verifiable and relevant to trust evaluation. |
3. Evidence Requirements
| Requirement | Description |
|---|---|
| Evidence Typing | Attestation Evidence shall consist of Evidence Items typed according to the Security Evidence Taxonomy. |
| Evidence Authenticity | Evidence shall be signed or otherwise verifiable when required by the Policy Binding. |
| Evidence Freshness | Evidence shall include timestamps or equivalent freshness indicators. |
| Evidence Completeness | A Process Instance shall provide all Evidence Items required by the Policy Binding. |
| Evidence Non‑Equivocation | A Process Instance shall not provide contradictory evidence within a single trust establishment session. |
4. Policy Requirements
| Requirement | Description |
|---|---|
| Policy Transparency | A Process Instance shall make available the Policy Binding it applies to incoming TrustRequests. |
| Policy Consistency | A Process Instance shall apply the same Policy Binding to all TrustRequests within a defined context. |
| Policy Expressiveness | Policy Bindings shall be able to specify required Trust Anchors, algorithms, evidence types, and validity constraints. |
| Policy Integrity | Policy Bindings shall be protected against unauthorised modification. |
| Policy Independence | A Process Instance shall not rely on implicit trust; all trust conditions shall be explicitly defined in the Policy Binding. |
5. Verification Requirements
| Requirement | Description |
|---|---|
| Verification Pipeline Execution | A Process Instance shall apply the Verification Pipeline to every TrustRequest or TrustResponse. |
| Schema Validation | All received identity, credential, and evidence structures shall be validated against their schemas. |
| Cryptographic Verification | Signatures on credentials and evidence shall be verified using approved algorithms. |
| Policy Evaluation | A Process Instance shall evaluate all received information against its Policy Binding. |
| Deterministic Trust Decision | The Verification Pipeline shall produce a deterministic Trust Decision (accept, reject, conditional). |
