| 1. Definition | 2. Functional Requirements | 3. Syntax | 4. Semantics |
1 Definition
The Security Evidence Taxonomy defines the set of identifiers used by MPAI‑PTF to classify evidence supplied by AIMs and Processes during trust establishment and verification. It provides a structured vocabulary for describing the types of evidence that may be produced, consumed, or required by PTF components, including attestation evidence, identity‑binding evidence, freshness evidence, behavioural evidence, and policy‑related evidence.
The taxonomy ensures that all PTF components refer to evidence types using stable, interoperable identifiers rather than implementation‑specific labels, enabling consistent validation, policy enforcement, and cross‑component interoperability.
2 Functional Requirements
The Security Evidence Taxonomy shall:
- Provide unique, stable identifiers for each type of security evidence used within PTF.
- Classify evidence into categories such as:
- Identity evidence (e.g., binding logical and cryptographic identities)
- Attestation evidence (e.g., platform or runtime attestation)
- Freshness evidence (e.g., nonces, timestamps, challenge responses)
- Behavioural evidence (e.g., operational or performance characteristics)
- Policy evidence (e.g., compliance with declared policies)
- Custom evidence (deployment‑specific or proprietary)
- Support evidence agility, allowing new evidence types to be added without breaking existing implementations.
- Provide identifiers that are:
- Human‑readable
- Machine‑processable
- Version‑stable
- Enable PTF components to:
- Declare which evidence they produce (e.g., in AttestationEvidence)
- Declare which evidence they require (e.g., in PolicyBinding, Profile)
- Declare which evidence they validate (e.g., in VerificationProfile)
- Support referencing of attestation frameworks, freshness mechanisms, and policy‑driven evidence.
- Allow deployments to define custom evidence identifiers when needed.
- Ensure that the taxonomy forms a single authoritative namespace for all PTF evidence types.
3 Syntax
https://schemas.mpai.community/PTF/V1.0/data/SecurityEvidenceTaxonomy.json
4 Semantics
| Label | Description |
|---|---|
| Identity | Identifies allowed types of identity credentials. |
| – AIF-SEC-ID-X509 | X.509 certificate–based identity credential. |
| – AIF-SEC-ID-DID | W3C DID–based identity credential. |
| – AIF-SEC-ID-PSK | Pre‑shared key–based identity credential. |
| – AIF-SEC-ID-CUSTOM | Implementation‑specific identity credential type. |
| Authentication | Identifies allowed forms of authentication evidence. |
| – AIF-SEC-AUTH-JWS | JWS‑based authentication evidence. |
| – AIF-SEC-AUTH-JWT | JWT‑based authentication evidence. |
| – AIF-SEC-AUTH-CWT | CWT‑based authentication evidence. |
| – AIF-SEC-AUTH-SIGNED-NONCE | Authentication via a signed nonce. |
| – AIF-SEC-AUTH-MTLS | Authentication via mutual TLS. |
| – AIF-SEC-AUTH-CUSTOM | Implementation‑specific authentication method. |
| Authorization | Identifies allowed types of authorization evidence. |
| – AIF-SEC-AUTHZ-OPA | Authorization based on an OPA (Open Policy Agent) decision. |
| – AIF-SEC-AUTHZ-XACML | Authorization based on an XACML decision. |
| – AIF-SEC-AUTHZ-CUSTOM | Implementation‑specific authorization mechanism. |
| Integrity | Identifies allowed forms of integrity evidence. |
| – AIF-SEC-HASH-SHA256 | Hash integrity using SHA‑256. |
| – AIF-SEC-HASH-SHA384 | Hash integrity using SHA‑384. |
| – AIF-SEC-HASH-SHA512 | Hash integrity using SHA‑512. |
| – AIF-SEC-HASH-BLAKE3 | Hash integrity using BLAKE3. |
| – AIF-SEC-SIG-ED25519 | Integrity via Ed25519 digital signature. |
| – AIF-SEC-SIG-RSA-PSS-SHA256 | Integrity via RSA‑PSS with SHA‑256. |
| – AIF-SEC-SIG-ECDSA-P256-SHA256 | Integrity via ECDSA P‑256 with SHA‑256. |
| – AIF-SEC-INTEGRITY-CUSTOM | Implementation‑specific integrity method. |
| Confidentiality | Identifies allowed confidentiality protection methods. |
| – AIF-SEC-ENC-AES-GCM | Confidentiality via AES‑GCM encryption. |
| – AIF-SEC-ENC-CHACHA20-POLY1305 | Confidentiality via ChaCha20‑Poly1305. |
| – AIF-SEC-ENC-RSA-OAEP | Confidentiality via RSA‑OAEP encryption. |
| – AIF-SEC-ENC-CUSTOM | Implementation‑specific confidentiality method. |
| Freshness | Identifies allowed freshness and anti‑replay mechanisms. |
| – AIF-SEC-FRESH-NONCE | Freshness via nonces. |
| – AIF-SEC-FRESH-SEQUENCE | Freshness via sequence numbers. |
| – AIF-SEC-FRESH-SIGNED-TIME | Freshness via signed timestamps. |
| – AIF-SEC-FRESH-CUSTOM | Implementation‑specific freshness mechanism. |
| Attestation | Identifies allowed attestation mechanisms. |
| – AIF-SEC-ATTEST-TPM | TPM‑based attestation. |
| – AIF-SEC-ATTEST-SGX | Intel SGX attestation. |
| – AIF-SEC-ATTEST-SEV | AMD SEV attestation. |
| – AIF-SEC-ATTEST-TEE | Generic TEE attestation. |
| – AIF-SEC-ATTEST-CUSTOM | Implementation‑specific attestation mechanism. |
| Audit | Identifies allowed auditability‑related evidence types. |
| – AIF-SEC-AUDIT-MERKLE | Merkle‑tree‑based audit evidence. |
| – AIF-SEC-AUDIT-CHAIN | Hash‑chain‑based audit evidence. |
| – AIF-SEC-AUDIT-TAMPER-EVIDENT | Tamper‑evident audit evidence. |
| – AIF-SEC-AUDIT-CUSTOM | Implementation‑specific audit evidence. |
