editorial: Clarify language in VSA spec

[kpk47]

1. Explain the VSA's core assertion.
2. Update the introduction to be consistent with (1).
3. Update language to differentiate "users" between "VSA producers" and "VSA consumers".

[netlify]

✅ Deploy Preview for slsa ready!

Name	Link
🔨 Latest commit	ead4e1c
🔍 Latest deploy log	https://app.netlify.com/sites/slsa/deploys/64f8ff113067ce0008a34788
😎 Deploy Preview	https://deploy-preview-882--slsa.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[joshuagl]

This is a great start, thanks!

I compared the PR here to the suggested actions in #878 and noticed that the intro still includes bundle. I'm not entirely certain we need to remove bundle, perhaps we could spend a few more words describing that a VSA may be attesting to a single attestation OR a bundle of attestations?

[TomHennen]

Thanks!

[MarkLodato]

Looks good to me. The examples really help! A few more suggestions.

[TomHennen]

Instead of slsaResult this should be verificationResult, right?

[MarkLodato]

I think the confusion results from overlap in verificationResult and verifiedLevels. The latter also has a FAILED entry, and the name implies that it's only for PASSED. Should we deprecate verificationResult and just say verifiedLevels are only for things that passed?

I'm assuming the original intention was to support saying "I checked at L2 and it failed". If so, is that a foot gun?

[TomHennen]

So, if verificationResult != 'PASSED' then verifiedLevels must be empty? If so, SGTM

[TomHennen]

As above, verificationResult

[TomHennen]

verificationResult

[TomHennen]

Should this div go down near line 352? Should there be a different div id for 'how to verify'?

[MarkLodato]

I actually think SlsaResult should move up here.

[TomHennen]

That's fine too, as long as they go together. :)

[laurentsimon]

verifier -> consumer?

[MarkLodato]

Sorry for so many comments.

[MarkLodato]

Suggested change

	artifact's verification, allowing consumers to delegate verification decisions
	artifact's verification, allowing consumers to delegate verification decisions

[MarkLodato]

Personally I would go into more detail, particularly to explain the reason for the change. Something like:

• Clarify that VSA can be used to express verification of things other than the SLSA Level. Previously this was technically possible, but it was only mentioned in one sentence (under SlsaResult). Now the purpose, model, and field documentation make this explicit.
• Make fields policy and timeVerified optional because [...]
• Add new "How to verify" section, including examples. Previously it was unclear to many readers exactly how VSAs were intended to be used, leading to possible mistakes. Now we make this explicit. This also brings the VSA spec up to parity with Provenance, which already has such a section.
• Add a SLSA_BUILD_LEVEL_UNEVALUATED entry because [...]
• Explain why resourceUri is required.
• Other edits for clarity.

Hmm, this PR is getting a bit big. Might make sense to split...

[MarkLodato]

I actually think SlsaResult should move up here.

[MarkLodato]

Line 175 says required but here it says it's optional. Which is it?

If required, what does that mean? Is one of the SLSA_ values required? When we have more than one track, is it required to have exactly one entry for each track?

[MarkLodato]

We seem to have lost this level of detail, e.g. checking vsa.resourceUri against provenance.resolvedDependencies.uri. Should this go somewhere as well? Perhaps a new "How to produce" section?

Alternatively should this detail go in the SLSA Provenance "How to verify" section, since it's more about provenance?

/cc @TomHennen

[AdamZWu]

I vote not to mention those here.

The check of vsa.resourceUri and provenance.resolvedDependencies.uri really belongs to the topic of policy and verification, and the URI matching is an opinionated way to check whether the short-circuit is permitted.

In order for that to work, there are some implicit assumptions, namely 1) the policy being evaluated is completely determined by the URIs; 2) there is a 1:1 mapping between the URIs and policies; 3) both vsa.resourceUri and provenance.resolvedDependencies.uri follow the same specs.

We could either spend a lot of energy fully flesh out all these, and in the end we just described one way it can work; Meanwhile, there are other ways short-circuiting could work, for example the policy.uri and policy.digest also contain information that may be used for making decision.

Alternatively, I think it is better just leave a high-level description here that "the verifier can use VSA to short-circuit policy verification when appropriate" and leave the details in SLSA Provenance "How to verify".

[MarkLodato]

This piece probably needs more fleshing out, perhaps in a separate PR. There have been many questions about what the resource URI is, e.g. #891.

[MarkLodato]

I think the confusion results from overlap in verificationResult and verifiedLevels. The latter also has a FAILED entry, and the name implies that it's only for PASSED. Should we deprecate verificationResult and just say verifiedLevels are only for things that passed?

I'm assuming the original intention was to support saying "I checked at L2 and it failed". If so, is that a foot gun?

[MarkLodato]

I don't understand this piece. Why does someone check that the build level was unevaluated? If they don't care, shouldn't they just ignore it?

[MarkLodato]

What is the purpose of this new field? That's not clear to me.

[MarkLodato]

Q: Should this enum name be changed to something not slsa specific?

[MarkLodato]

The v1.1 directory now exists as of #942. Should this change move there? or alternatively split out the editorial from content changes, and apply the former to v1.0 and the latter to v1.1?

[kpk47]

I've split this PR into two changes. This one contains the original's editorial changes, moved to the v1.1 directory. I moved the content changes to #964.

[laurentsimon]

verifier's expectations == policy? In the rest of the text we say policy. Shall we use the same term throughout the doc? It's a bit confusing otherwise, at least for me.

[laurentsimon]

to be more general and follow earlier wording, we could say pair met the details about the verification process.

[AdamZWu]

I think including both may be more helpful, i.e. "... met the indicated SLSA level and other criteria in the policy".

We are implementing a producer/consumer of VSA v1.0 and realized that there are two different scenarios:

1. We consume VSA produced by ourselves: in this case we could leverage the extension attributes to fully convey all the information that we are interested in, such as additional verification beyond what is defined in the SLSA BUILD levels;
2. We consume VSA produced by others (and similarly, others consume VSA produced by us): in this case, since the consumers and producers may not have mutual definitions on extended checks, to make the VSA useful, we must all resort to the standard language, i.e. SLSA defined levels.

So, if we are producing a VSA without foreknowledge of who will consume it, we should put in both SLSA levels and the extension attributes in the VSA.

[laurentsimon]

may add another example that the VSA works in cases where the repository is not public. That's why we can't verify SLSA provenance directly for closed-source software.

[laurentsimon]

same comment as before: if we're saying that levels and other verified metadata is optional, we could be more generic tracking details about the verification process for the subject's transitive dependencies.

[laurentsimon]

If a verifier can verify provenance and generate VSA, why does it need to verify them independently? Is this for security or is it a caching (optimization) mechanism? Is there an assumption in the sentence that maybe there are multiple verifiers, one that verified dependencies (say, RedHat) while another consumers it (say, Google) to validate a Google binary? Maybe the sentence can be expanded to motivate both cases...?

[AdamZWu]

I think this part refers to the "divide-and-conquer" strategy the VSA enables.

For a naive example, if a system image has 20 software packages, and each package has 50 dependency libraries. A complete transitive dependency verification would involve checking 1+20+20*50 = 1021 artifacts during a single verification, which may consume too much time and violate the verifier's latency SLO.

However, with VSA, what can happen is that, when the 20 software packages get staged in an artifact repo, the repo invokes transitive verification for each, so each verification only checks 1+50 artifacts; and the verification produces VSAs, which propagate to the system image's attestation bundle. Then, when we verify the system image, the verifier will only need to perform at 1+20 checks, because the presence of VSAs of the packages eliminates the need to check the dependency libraries (since VSA is a proof that they are already checked).

Effectively, VSA functions as a "distributed dynamic programming table" and facilitates efficient transitive dependency verification.

[laurentsimon]

same comment: do we want to be generic about "verified metadata" or mention verified levels? If the former, we could have a dedicated section with examples for different types of metadata, starting with a verified level. Just an idea...

[laurentsimon]

what does higher-level goal mean?
Not clear what "chained" means. Do VSAs reference each other like in a block chain, ie do they link to a prior VSA in their output format?

[AdamZWu]

I think "chained" refers to the following:

• VSA summarizes verification results; and
• VSA can short-circuit verification.

These two properties feed each other, so that a VSA is able to summarize the verification results on all transitive dependencies. A VSA represents cumulative verification along the dependency chains of an artifact.

Maybe it is more accurate to describe VSAs subsumes from one another.

For a native example, a system image with 20 packages, each with 50 dependency libraries.

Without VSA, the attestation bundle of the system image will look like:

[system image build provenance]
[package 1 build provenance]
...
[package 20 build provenance]
[package 1 library 1 build provenance]
...
[package 1 library 50 build provenance]
[package 2 library 1 build provenance]
...
...
[package 20 library 50 build provenance]

With VSA and staging repo verification, the attestation bundle of the system image will look like:

[system image build provenance]
[package 1 VSA]
...
[package 20 VSA]

After the system image get verified, the attestation bundle of the system image can be reduced to just:

[system image VSA]