Endorsement and Reference Value Provisioning

Concise Reference Integrity Manifest

The Concise Reference Integrity Manifest (CoRIM) is a format for representing Endorsements and Reference Values as defined by the RATS architecture. See this IETF Draft for the detailed specification.

A Go implementation exists on GitHub.

CoRIM is the format used for provisioning Endorsements and Reference Values by all attestation schemes currently supported by Veraison Services.

Concise Software Identification Tags

Concise Software Identification Tags (CoSWID) is a format for describing software components (eg. a specific release of software, a patch, or an installation bundle). The full specification is defined by RFC9393.

A Go implementation exists on GitHub.

Veraison Project

Endorsement and Reference Value Provisioning

Concise Reference Integrity Manifest

Concise Software Identification Tags