— abstract Trusworthy Workloads are workloads that operate in an environment that provide isolation of data in use. This document describes how Trustworthy workloads can acquire credentials containing stable identifiers, upon providing the trust in the environments in which they operate via means of Remote Attestation.
— middle
As organisations move more workloads into untrusted or shared environments, Confidential Computing is becoming increasingly important. In such a system, an application or workload (which could be an AI model, database process or financial service) is executed inside a TEE-protected virtual machine (VM). Worklaods operating in such environments need stable and trustworthy identifiers to communicate to external world over network. Often such identifiers are provided to them via Credential issuers upon ascertaining trust in the environments in which these workloads operate. The standard practice to establish required trust in the operating environment is via the means of Remote Attestation.
This draft specifies how a Workload operating in Confidential Computing Environment can obtain credentials using Remote Attestation to establish the its trustworthiness.
{::boilerplate bcp14-tagged}
TODO Security
This document has no IANA actions.
— back
TODO acknowledge.