<-Threat Model       Go to ToC    Trust Establishment Protocol ->

1 Definition

The Verification Pipeline defines the ordered set of operations performed by a Trust Anchor to determine whether a Process Instance (PI) can be trusted within the MPAI‑PTF Trust Framework.
Based on the trust‑related data types defined in PTF (CII, credentials, evidence, policies, trust messages) it produces a Trust Response indicating whether the received messaged should be trusted.

The pipeline is deterministic, policy‑driven, and produces verifiable Trust Operations for auditability.

2 Objectives

The Verification Pipeline shall:

  • Ascertain the trustability of the Requester by which the trust response has been solicited. This involved use of information that has been exchanged by the two parties “out of band”.
  • Ensure the validity of the network identity of the Process Instance from which the message has been received.
  • Validate the authentication credentials associated with the Process Instance from which the message has been received.
  • Validate attestation evidence supporting the Process Instance’s claim of authorisation pertinence.
  • Evaluate the evidence and policies governing trust decisions relating to the Requester.
  • Produce a Trust Response indicating success or failure.
  • Record Trust Operations for audit and traceability.

3 Inputs

The pipeline takes into consideration the following types of information:

  • Cryptographic Instance Identity (CII)
  • InstanceCredential
  • ProcessLifecycleCredential
  • AttestationEvidence
  • PolicyBinding
  • VerificationProfile (from Profile)
  • TrustRequest (from Trust Message)
  • Network Locality

4 Outputs

The pipeline produces:

  • TrustResponse message
  • TrustOperation records
  • Optional logs for audit and compliance

5 Functional Requirements

The Verification Pipeline shall:

  1. Ingest the Trust Request
    • Identify the requester.
    • Validate the provenance and temporality of the trust message.
    • Identify the requested trust operation.
    • Load the applicable VerificationProfile.
  2. Verify the Cryptographic Instance Identity (CII)
    • Validate structure and required fields.
    • Verify signature using SAT algorithms.
    • Check key validity and role consistency.
  3. Verify Credentials
    • Validate InstanceCredential.
    • Validate ProcessLifecycleCredential.
    • Check validity intervals.
    • Verify issuer signatures.
    • Check credential chains if applicable.
  4. Verify Attestation Evidence
    • Validate evidence type (SET).
    • Verify hashes and signatures (SAT).
    • Check freshness requirements.
    • Check evidence completeness.
  5. Evaluate Policies
    • Load PolicyBinding.
    • Evaluate policy rules defined in the VerificationProfile.
    • Check constraints, required attributes, and trust anchors.
  6. Aggregate Results
    • Combine identity, credential, evidence, and policy outcomes.
    • Apply VerificationProfile decision logic.
  7. Produce Trust Response
    • Status: Success or Failure.
    • Optional failure reason.
    • Optional result payload.
  8. Record Trust Operations
    • Log each verification step as a TrustOperation.
    • Sign the Trust Response.

6 Processing Steps

The pipeline executes the following ordered steps:

  1. Request Intake
  2. Identity Verification
  3. Credential Verification
  4. Evidence Verification
  5. Policy Evaluation
  6. Decision Logic
  7. Response Generation
  8. Operation Logging

Each step may produce intermediate Trust Operations for auditability.

7 Error Handling

The pipeline shall:

  • Fail fast on malformed or unverifiable objects.
  • Provide a clear failure reason in the Trust Response.
  • Log all failures as TrustOperations.
  • Never partially establish trust.

8 Security Considerations

The pipeline shall:

  • Verify provenance
  • Use SAT algorithms for all cryptographic verification.
  • Reject weak or deprecated algorithms.
  • Validate timestamps and freshness.
  • Ensure policy evaluation cannot be bypassed.
  • Protect TrustOperations and TrustResponses with signatures.

9 Conformance

A conforming Verifier shall:

  • Implement all mandatory steps in the Verification Pipeline.
  • Support all required PTF data types.
  • Use SAT and SET taxonomies.
  • Produce TrustOperations for each verification step.
  • Produce a signed TrustResponse.

10 Cross Reference Table

Data Types Used in Each Verification Step

Verification Step Data Types Used Purpose
Request Intake TrustRequest, VerificationProfile Identify operation, target, and applicable rules
Identity Verification CryptographicInstanceIdentity (CII), SecurityAlgorithmTaxonomy Verify identity, roles, and signatures
Credential Verification InstanceCredential, ProcessLifecycleCredential, SecurityAlgorithmTaxonomy Validate credentials, issuers, validity intervals
Evidence Verification AttestationEvidence, SecurityEvidenceTaxonomy, SecurityAlgorithmTaxonomy Verify evidence type, hash, signature, freshness
Policy Evaluation PolicyBinding, VerificationProfile, TrustAnchor, CryptographicInstanceRoleTaxonomy Evaluate trust rules and constraints
Decision Logic All above Aggregate results and determine trust outcome
Trust Response TrustResponse, SecurityAlgorithmTaxonomy Produce signed trust decision
Trust Operations Log TrustOperation, TrustOperationTaxonomy Record each verification step for auditability

<-Threat Model       Go to ToC    Trust Establishment Protocol ->