RAWEBs Remote Attestation for WEB services - Common Knowledge Scout

# RA-WEBs Secure Web Services with Remote Attestation > [! note]- > The content of this page is generated by audio/video transcription and text transformation from the content and links of this source. Source: [https://fosdem.org/2025/schedule/event/fosdem-2025-4529-ra-webs-remote-attestation-for-web-services/](https://fosdem.org/2025/schedule/event/fosdem-2025-4529-ra-webs-remote-attestation-for-web-services/) <video src="https://video.fosdem.org/2025/k4401/fosdem-2025-4529-ra-webs-remote-attestation-for-web-services.av1.webm" controls></video> ## Summary & Highlights: **Introduction to RA-WEBs** RA-WEBs is a novel protocol designed to address the challenges of integrating remote attestation in web services. Remote attestation is crucial for verifying the integrity of Trusted Execution Environments (TEEs), which protect sensitive data and code. However, compatibility issues with browsers have made it difficult to implement. RA-WEBs leverages existing web mechanisms for seamless integration, allowing for the verification of TEEs without additional software installations. **Challenges and Solutions** The session highlights the challenges faced in implementing remote attestation, such as the need for client-side software and the lack of browser support. RA-WEBs overcomes these by using established web standards like WebPKI and Certificate Transparency. This approach ensures that users can verify attestation proofs directly through their browsers, enhancing security without compromising usability. **Applications and Implications** RA-WEBs is particularly relevant for applications requiring high security and privacy, such as privacy-preserving machine learning and secure data logging. The protocol's compatibility with existing web infrastructure makes it an attractive solution for developers looking to enhance the security of their services without imposing additional burdens on users. **Future Directions and Open Challenges** While RA-WEBs offers a promising solution, there are still open challenges, such as ensuring verifier trustworthiness and addressing potential security vulnerabilities. The session encourages further research and collaboration to refine the protocol and expand its applicability across various web services. ## Importance for an eco-social transformation RA-WEBs contributes to eco-social transformation by enhancing data security and privacy in web services, which is essential for protecting user rights and fostering trust in digital ecosystems. For eco-social designers, RA-WEBs offers a tool to implement secure, privacy-compliant applications without requiring users to install additional software. This aligns with sustainable development goals by promoting ethical data practices and reducing barriers to technology adoption. Challenges include ensuring verifier trustworthiness and navigating the complexities of integrating new protocols into existing systems. Addressing these requires collaboration across technical, social, and policy domains to establish standards and practices that prioritize user privacy and data protection. ## Slides: | | | | --- | --- | | ![[FOSDEM 2025/assets/RAWEBs-Remote-Attestation-for-WEB-services/preview_001.jpg\|300]] | The first slide introduces RA-WEBs, a protocol for remote attestation designed to integrate seamlessly with web services. It highlights the importance of protecting user data through secure environments. | ![[FOSDEM 2025/assets/RAWEBs-Remote-Attestation-for-WEB-services/preview_002.jpg\|300]] | This slide outlines the challenges of implementing remote attestation in web services, focusing on compatibility issues with current browsers and the cumbersome nature of existing solutions. | ![[FOSDEM 2025/assets/RAWEBs-Remote-Attestation-for-WEB-services/preview_003.jpg\|300]] | RA-WEBs is presented as a solution to these challenges, leveraging established web mechanisms for high compatibility and ease of deployment, enabling RA verification on existing browsers. | ![[FOSDEM 2025/assets/RAWEBs-Remote-Attestation-for-WEB-services/preview_004.jpg\|300]] | The slide details the technical approach of RA-WEBs, including its use of WebPKI and Certificate Transparency to facilitate seamless integration into the web ecosystem. | ![[FOSDEM 2025/assets/RAWEBs-Remote-Attestation-for-WEB-services/preview_005.jpg\|300]] | Preliminary evaluation results of RA-WEBs are shown, demonstrating its effectiveness in enabling remote attestation without additional software installations or user friction. | ![[FOSDEM 2025/assets/RAWEBs-Remote-Attestation-for-WEB-services/preview_006.jpg\|300]] | Open challenges and future directions for RA-WEBs are discussed, including potential security vulnerabilities and the need for further research and collaboration. | ![[FOSDEM 2025/assets/RAWEBs-Remote-Attestation-for-WEB-services/preview_007.jpg\|300]] | The slide provides examples of applications that can benefit from RA-WEBs, such as privacy-preserving machine learning and secure data logging, highlighting its relevance to modern web services. | ![[FOSDEM 2025/assets/RAWEBs-Remote-Attestation-for-WEB-services/preview_008.jpg\|300]] | RA-WEBs' potential impact on user privacy and data protection is explored, emphasizing its role in fostering trust in digital ecosystems and aligning with ethical data practices. | ![[FOSDEM 2025/assets/RAWEBs-Remote-Attestation-for-WEB-services/preview_009.jpg\|300]] | The slide discusses the importance of verifier trustworthiness in the RA-WEBs protocol and the measures taken to address potential security concerns. | ![[FOSDEM 2025/assets/RAWEBs-Remote-Attestation-for-WEB-services/preview_010.jpg\|300]] | Technical details of the RA-WEBs implementation are provided, including the architecture of the system and the interaction between users, services, and verifiers. | ![[FOSDEM 2025/assets/RAWEBs-Remote-Attestation-for-WEB-services/preview_011.jpg\|300]] | This slide explores the role of untrusted third-party verifiers in RA-WEBs and the challenges of ensuring their reliability and integrity. | ![[FOSDEM 2025/assets/RAWEBs-Remote-Attestation-for-WEB-services/preview_012.jpg\|300]] | The slide highlights the importance of user awareness and education in the successful deployment of RA-WEBs, encouraging informed participation in secure web interactions. | ![[FOSDEM 2025/assets/RAWEBs-Remote-Attestation-for-WEB-services/preview_013.jpg\|300]] | RA-WEBs' contribution to the broader field of confidential computing is discussed, positioning it as a key development in the protection of sensitive data and code. | ![[FOSDEM 2025/assets/RAWEBs-Remote-Attestation-for-WEB-services/preview_014.jpg\|300]] | The slide examines the potential for RA-WEBs to influence industry standards and practices, advocating for its adoption as a model for secure web service development. | ![[FOSDEM 2025/assets/RAWEBs-Remote-Attestation-for-WEB-services/preview_015.jpg\|300]] | A case study is presented to illustrate the practical application of RA-WEBs in a real-world scenario, demonstrating its benefits and challenges. | ![[FOSDEM 2025/assets/RAWEBs-Remote-Attestation-for-WEB-services/preview_016.jpg\|300]] | The slide provides a comparative analysis of RA-WEBs with other remote attestation solutions, highlighting its unique advantages and potential limitations. | ![[FOSDEM 2025/assets/RAWEBs-Remote-Attestation-for-WEB-services/preview_017.jpg\|300]] | RA-WEBs' alignment with regulatory frameworks such as GDPR is explored, emphasizing its role in promoting compliance and ethical data handling. | ![[FOSDEM 2025/assets/RAWEBs-Remote-Attestation-for-WEB-services/preview_018.jpg\|300]] | The slide discusses the scalability of RA-WEBs and its potential to accommodate future advancements in web technologies and confidential computing. | ![[FOSDEM 2025/assets/RAWEBs-Remote-Attestation-for-WEB-services/preview_019.jpg\|300]] | Feedback from initial deployments of RA-WEBs is shared, offering insights into user experiences and areas for improvement. | ![[FOSDEM 2025/assets/RAWEBs-Remote-Attestation-for-WEB-services/preview_020.jpg\|300]] | The final slide summarizes the key takeaways from the session, reinforcing the importance of RA-WEBs in advancing secure and privacy-compliant web services. ## Links [Slides](https://fosdem.org/2025/events/attachments/fosdem-2025-4529-ra-webs-remote-attestation-for-web-services/slides/237984/RA-WEBs_F_0YRPyN5.pdf) [Preprint](https://fosdem.org/2025/events/attachments/fosdem-2025-4529-ra-webs-remote-attestation-for-web-services/preprint/) [Repository](https://fosdem.org/2025/events/attachments/fosdem-2025-4529-ra-webs-remote-attestation-for-web-services/repository/) [Video recording (AV1/WebM)](https://video.fosdem.org/2025/k4401/fosdem-2025-4529-ra-webs-remote-attestation-for-web-services.av1.webm) [Video recording (MP4)](https://video.fosdem.org/2025/k4401/fosdem-2025-4529-ra-webs-remote-attestation-for-web-services.av1.mp4) [Video recording subtitle file (VTT)](https://fosdem.org/2025/events/attachments/fosdem-2025-4529-ra-webs-remote-attestation-for-web-services/subtitles/)