# How it works? Remote attestation is a security mechanism that allows a remote entity (the "verifier" or "relying party") to cryptographically verify the integrity and authenticity of a system or application running on another machine (the "attester" or "prover"). This is crucial for establishing trust in distributed systems, especially in cloud, edge and AI computing, where you need to be sure that sensitive data is being processed in a secure and uncompromised environment. ## Putting it all together Remote attestation protocol generally works, involving three main parties: * **Workload**: The system or application (e.g. VM, k8s pod) whose integrity needs to be verified. * **Relying Workload**: Application or service the attested workload should have access to. * **Workload Identity Management Provider**: The entity that wants to verify the attester's integrity and decide what access a workload has. * **Trusted Third Party:** This could be a Certificate Authority (CA) of a hardware manufacturer (like Intel or AMD). The party forms a public key infrastructure and is the root of trust. Nitride attesation workflow The General Workflow is 1. the attestor measures the identity of the workload and issues the workload certificate. The attestor's identity itself is certified and rooted down to the CPU's manufacturer Intel, AMD, ARM or NVIDIA. Optionally, the cloud service provider's identity may be included. 2. Upon reception of the workload certificate, the workload identity management provider verifies the claims/measurements in the certificates, compares the values with reference values, and enforces a policy to grant the workload access to a relying workload. 3. The workload identity management provider issues a time and resource bound auth token, such that attested workload can authenticate to relying workloads. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.enclaive.cloud/nitride/documentation/how-it-works.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.