| 1. Definition | 2. Functional Requirements | 3. Syntax | 4. Semantics |
1 Definition
The Cryptographic Instance Role Taxonomy defines the set of typed identifiers used to describe the roles that a Cryptographic Instance Identity (CII) may perform within the MPAI‑PTF Trust Framework. These roles classify how a cryptographic instance participates in trust, security, and attestation operations.
2 Functional Requirements
The taxonomy shall:
- Provide a controlled vocabulary of cryptographic roles.
- Use stable, machine‑readable identifiers.
- Support classification of CIIs in:
- signing
- verification
- encryption
- decryption
- key agreement
- attestation
- root‑of‑trust functions
- Be referenced by other PTF data types (e.g., CII, InstanceCredential, Profiles).
- Reject undeclared values.
3 Syntax
https://schemas.mpai.community/PTF/V1.0/data/CryptographicInstanceRoleTaxonomy.json
4 Semantics
| Role Identifier | Meaning |
|---|---|
| AIF-CII-ROLE-KEY-HOLDER | Entity that securely holds a cryptographic key. |
| AIF-CII-ROLE-SIGNER | Entity authorized to generate digital signatures. |
| AIF-CII-ROLE-VERIFIER | Entity authorized to verify digital signatures. |
| AIF-CII-ROLE-ENCRYPTOR | Entity authorized to encrypt data. |
| AIF-CII-ROLE-DECRYPTOR | Entity authorized to decrypt data. |
| AIF-CII-ROLE-KEY-AGREEMENT-PARTY | Entity participating in a key agreement protocol. |
| AIF-CII-ROLE-ATTESTATION-SOURCE | Entity that produces attestation evidence. |
| AIF-CII-ROLE-ROOT-OF-TRUST | Entity serving as a foundational trust anchor. |
