| 1. Definition | 2. Functional Requirements | 3. Syntax | 4. Semantics |
1 Definition
.
2 Functional Requirements
3 Syntax
https://schemas.mpai.community/AIF/V3.0/data/Security.json
4 Semantics
| Label | Description |
|---|---|
| IdentityTechnologies | Technologies used to establish or verify identity. |
| – PKI-X509 | X.509 Public Key Infrastructure identity. |
| – DID-W3C | W3C Decentralized Identifier identity. |
| – VerifiableCredentials | W3C Verifiable Credentials for identity claims. |
| – SPIFFE | SPIFFE identity framework. |
| – TPM-Identity | TPM-backed hardware identity. |
| – SecureEnclave-Identity | Identity derived from hardware secure enclave. |
| – WebAuthn-FIDO2 | WebAuthn/FIDO2 identity authentication. |
| – PSK-Identity | Pre-shared key identity method. |
| – Custom | Implementation-specific identity technology. |
| AuthenticationTechnologies | Technologies used to authenticate an entity. |
| – mTLS | Mutual TLS authentication. |
| – OAuth2 | OAuth 2.0 authentication. |
| – OpenID-Connect | OpenID Connect authentication. |
| – JWT-JWS | Authentication via signed JWT/JWS tokens. |
| – Kerberos | Kerberos ticket-based authentication. |
| – SASL | SASL authentication mechanisms. |
| – HardwareSecurityKeys | Hardware key–based authentication (e.g., FIDO/U2F keys). |
| – TPM-Attestation | TPM-based authentication via attestation. |
| – TEE-Attestation | Trusted Execution Environment attestation authentication. |
| – Custom | Implementation-specific authentication technology. |
| AuthorizationTechnologies | Technologies used to express or enforce authorization. |
| – OAuth2-Scopes | OAuth 2.0 scope-based authorization. |
| – OPA-Rego | Authorization policies defined in OPA Rego. |
| – XACML | XACML authorization framework. |
| – RBAC | Role-Based Access Control. |
| – ABAC | Attribute-Based Access Control. |
| – PBAC | Policy-Based Access Control. |
| – Microsegmentation | Authorization via microsegmented network boundaries. |
| – ServiceMesh-Authorization | Service mesh–enforced authorization. |
| – Custom | Implementation-specific authorization technology. |
| IntegrityTechnologies | Technologies providing data or message integrity. |
| – SHA-256 | SHA‑256 hashing for integrity. |
| – SHA-384 | SHA‑384 hashing for integrity. |
| – SHA-512 | SHA‑512 hashing for integrity. |
| – BLAKE3 | BLAKE3 hashing for integrity. |
| – HMAC | Hash-based Message Authentication Code. |
| – RSA-PSS | RSA-PSS signature for integrity. |
| – ECDSA-P256 | ECDSA P‑256 signature for integrity. |
| – Ed25519 | Ed25519 signature for integrity. |
| – MerkleTree | Merkle tree–based integrity checking. |
| – AEAD-Integrity | Integrity from AEAD authenticated encryption. |
| – Custom | Implementation-specific integrity method. |
| ConfidentialityTechnologies | Technologies providing confidentiality protection. |
| – TLS-1.3 | TLS 1.3 protocol for confidentiality. |
| – mTLS | Mutual TLS with confidentiality. |
| – AES-256-GCM | AES‑256‑GCM authenticated encryption. |
| – ChaCha20-Poly1305 | ChaCha20‑Poly1305 authenticated encryption. |
| – RSA-OAEP | RSA‑OAEP encryption. |
| – EndToEndEncryption | End‑to‑end encrypted communication. |
| – TEE-ConfidentialCompute | Confidential computing inside a TEE. |
| – HomomorphicEncryption | Confidential computation via homomorphic encryption. |
| – SMPC | Secure multiparty computation. |
| – Custom | Implementation-specific confidentiality mechanism. |
| FreshnessReplayProtectionTech | Technologies preventing replay attacks and ensuring freshness. |
| – Nonces | Replay protection via nonces. |
| – Timestamps | Replay protection via timestamps. |
| – MonotonicCounters | Replay protection with monotonic counters. |
| – SequenceNumbers | Replay protection via sequence numbers. |
| – AntiReplayWindows | Replay protection via sliding windows. |
| – ChannelBinding | Replay protection via binding data to the channel. |
| – Custom | Implementation-specific replay protection technology. |
| AttestationTechnologies | Technologies providing attestation of execution environment or system state. |
| – TPM-RemoteAttestation | TPM remote attestation. |
| – TEE-SGX-Attestation | Intel SGX attestation. |
| – TEE-SEV-Attestation | AMD SEV attestation. |
| – TEE-TrustZone-Attestation | ARM TrustZone attestation. |
| – RuntimeIntegrityChecks | Runtime integrity verification mechanisms. |
| – RemoteMeasurementProtocols | Remote measurement–based integrity and attestation protocols. |
| – Custom | Implementation-specific attestation technology. |
| AuditabilityTechnologies | Technologies supporting tamper-evident auditability. |
| – TamperEvidentLogs | Logs designed to show tampering. |
| – WORM-Storage | Write‑Once‑Read‑Many immutable storage. |
| – SignedLogging-RFC5848 | Signed syslog messages (RFC 5848). |
| – BlockchainLogging | Audit logging anchored in blockchains. |
| – HashChainedLogs | Audit logs linked by cryptographic hashes. |
| – SIEM | Security Information and Event Management systems. |
| – ForensicTimestamping | Trusted forensic timestamping. |
| – Custom | Implementation-specific auditability technology. |
| InfrastructureAbstractionTech | Technologies abstracting or isolating infrastructure environments. |
| – VM-Isolation | Virtual machine isolation. |
| – ContainerIsolation | Container-level isolation. |
| – ServiceMesh | Service mesh network abstraction. |
| – MicroVM | Lightweight micro‑virtual machines. |
| – TEE | Trusted Execution Environments. |
| – HypervisorIsolation | Hypervisor‑based system isolation. |
| – Custom | Implementation-specific infrastructure abstraction technology. |
