Add ITE-10 adding policy definitions in layouts for in-toto attestations #38
Conversation
|
Some tangential thoughts:
|
Signed-off-by: Aditya Sirish <aditya@saky.in>
adityasaky
force-pushed
the
attestation-layouts-ite
branch
from
76445fc to
83a0263
Compare
Signed-off-by: Aditya Sirish <aditya@saky.in>
|
I would like a way to write policy over a attestation bundle. This would also let us create a policy linter. @mikhailswift has some thoughts here as well. |
|
Also, we can probably remove "run" and have in-toto generate an SLSA attestation. You can then use the policy language to evaluate if the "run" command meets policy. |
This comment was marked as duplicate.
This comment was marked as duplicate.
2 similar comments
This comment was marked as duplicate.
This comment was marked as duplicate.
|
My main question here is one of motivation. I agree fully that Rego/CUE against attestations is a useful primitive. But why does it need first-class support from in-toto? You could always run an external program, so this doesn't add any theoretical capabilities, right? I almost wonder if you could achieve the same thing with a small wrapper program that you could stick in (I might be missing something obvious here.) |
|
1: in-toto policy is signed, embedding the rego/cue within the policy lets the system assert that the entire policy came from a trusted source. 2: We want to improve the UX around in-toto policy evaluation. Forcing the user to build custom workflows and tools will lower adoption rates. 3: Policy distribution is difficult enough, having a single source of truth for what is allowed/disallowed will help simplify the process. If you want to see an example of what this looks like in practice please take a look at my talk here: https://www.youtube.com/watch?v=zCznRGlsYvo and my blog article here: https://www.testifysec.com/blog/attestations-with-witness/ |
Agreed that we should inline the policy into the in-toto document. But I was imagining something like: {
[...],
"run": "cue --policy '<cue policy here>' input.json",
}Which is ugly/unergonomic but should work.
I agree: ergonomics alone is a compelling enough reason to do this. I'm just trying to understand whether this proposal is mostly sugar.
Agreed, but I think something like what I mentioned above takes care of this (though I agree sugar for better ergonomics is worthwhile.)
Nice! |
ITE/10/README.adoc
Outdated
|
|
||
| === Validating Policies | ||
|
|
||
| The in-toto verification workflow is updated to support different types of |
There was a problem hiding this comment.
How should a verifier call out to these policy languages? Seems completely unspecified to me, especially error handling.
There was a problem hiding this comment.
I was hoping for some input here actually. Witness supports rego policies via the official library, and they don't shell out to a binary, for example. As Zack pointed out, shelling out is already possible. Should the ITE explicitly disallow shelling out to handle these policies? I am a little wary of overspecifying here. cc @colek42
There was a problem hiding this comment.
I think underspecifying is bad too. How will the attestations be made available to the policy environment? That needs to be documented. If the ITE doesn't do that, we should at least say where it will happen
Adds support for multiple policy langauges for specifying step and inspection constraints, adds expectedAttributes alongside materials and products, allows for chaining claim predicates. Signed-off-by: Aditya Sirish <aditya@saky.in>
|
Pushed a third draft that revisits several ideas. With this one, we support chaining predicates that don't fit the link-esque model but are more claims / attributes oriented (eg: test run results, reviews etc). It still opens up support for embedding other DSLs throughout so attributes can be verified without relying on external scripts. It also supports the previous draft's notions about inspecting all claims (from all applicable attestations presented for verification) for one or more subjects. |
|
Just to note that I gave my feedback to Aditya over an online meeting last week. Please let me know if you need another review, thanks! |
There was a problem hiding this comment.
Thanks @adityasaky ! A few comments on clarity and terminology.
ITE/10/README.adoc
Outdated
| After verifying the layout and attestation signatures (including thresholds | ||
| where applicable), attestations must be parsed to identify the materials and | ||
| products of the step they represent. In link type predicates, the materials are | ||
| found within the predicate and products are recorded as the attestation's | ||
| subject. Note that alongside these artifacts, other predicate fields excluding | ||
| the materials must also be parsed in as part of the products to enable policies | ||
| on their contents. For attribute type predicates, the materials are the | ||
| attestation's subject and products are exclusively the attributes recorded | ||
| within the predicate. |
There was a problem hiding this comment.
I feel like something is missing here. A couple questions: How do verifiers map predicate types in the predicates field to whether they are link class or attribute class? Also, how is the expectedAttributes used? This description only talks about how materials and product rules may be applied in the attribute class case.
There was a problem hiding this comment.
I've clarified the expectedAttributes field inline, thanks for pointing that out.
How do verifiers map predicate types in the predicates field to whether they are link class or attribute class?
I'm still working this out. I suspect we'll need to add some of those notions as predicates are vetted. IMO if a predicate can cleanly be mapped to having both a materials and products field, we can bucket it as part of the link class.
There was a problem hiding this comment.
Also added some details to the verification workflow though I think it's not going to yet answer everything.
There was a problem hiding this comment.
As with the current in-toto specification, the verification workflow is
presented with a root layout, public keys to verify the layout's signatures, and
a bundle of in-toto attestations. As the verifier expects a certain set of
predicate types, it is also expected to be aware of the class of each predicate.
Is this a reasonable expectation?
Signed-off-by: Aditya Sirish <aditya@saky.in>
Signed-off-by: Aditya Sirish <aditya@saky.in>
adityasaky
force-pushed
the
attestation-layouts-ite
branch
from
e1ffa0d to
05b30a4
Compare
* Add verification workflow pseudocode * Support multiple predicates per step * Break out subjects from inspections * Add proto definition of layout Signed-off-by: Aditya Sirish <aditya@saky.in>
adityasaky
force-pushed
the
attestation-layouts-ite
branch
from
05b30a4 to
828dfce
Compare
Signed-off-by: Aditya Sirish <aditya@saky.in>
This commit presents the attestation classifications and support for predicate types in steps and inspections. So, existing in-toto capabilities wrt steps and inspections + artifact rules can be used with predicate types. Signed-off-by: Aditya Sirish <aditya@saky.in>
Signed-off-by: Aditya Sirish <aditya@saky.in>
adityasaky
force-pushed
the
attestation-layouts-ite
branch
from
b635dbe to
4a54f26
Compare
ITE-6 introduced the in-toto attestation framework. Since then, we've seen a number of attestation types be proposed and used such as SLSA provenance, runtime trace attestations, SCAI, and more. However, ITE-6 did not update in-toto layouts with mechanisms to verify the contents of new attestation types.
The latest draft of the ITE allows for verifying attribute claims at each step using lightweight DSLs built for such validations via
expectedAttributesalongside the standardexpectedMaterialsandexpectedProducts. It also adds similar support to current inspections. Finally, it adds a variation of a standard inspection that collects all claims pertaining to one or more subjects and applies specified constraints against those claims.