The terminology in section 3 should be changed #161
Description
The current terminology is as follows:
Client Attestation JWT: A JSON Web Token (JWT) generated by the
Client Attester which is bound to a key managed by a Client
Instance which can then be used by the instance for client
authentication.Client Attestation Proof of Possession (PoP) JWT: A Proof of
Possession generated by the Client Instance using the key that the
Client Attestation JWT is bound to.Client Instance: A deployed instance of a piece of client software.
Client Instance Key: A cryptographic asymmetric key pair that is
generated by the Client Instance where the public key of the key
pair is provided to the Client Attester. This public key is then
encapsulated within the Client Attestation JWT and is utilized to
sign the Client Attestation Proof of Possession.Client Attester: An entity that authenticates a Client Instance and
attests it by issuing a Client Attestation JWT.Challenge: A String that is the input to a cryptographic challenge-
response pattern. This is traditionally called a nonce within
OAuth.
I propose the following rewording:
Client Attestation JWT: A JSON Web Token (JWT) generated by the
Client Attester which is bound to a key managed by a Client
Instance which can then be used by the instance to support either
an authentication service or a data origin authentication service.Client Attestation Proof of Knowledge (PoK) JWT: A Proof of
Knowledge of the private key of a Client Instance Key generated
by the Client Instance using that private key.Client Instance: A deployed instance of a piece of client software
running on a type of device.Client Instance Key: A cryptographic asymmetric key pair where the
public key of the key pair is contained in a Client Attestation JWT
and thus certified by the Client Attester.Client Attester: An entity that certifies a Client Instance and
attests that certification by issuing a Client Attestation JWT.Challenge (Opt): A String that is the input to a cryptographic
challenge-response pattern.