Primary Roles#
This architecture is written for four roles.
Table 2: Primary Roles
Role |
What they need from this architecture |
|---|---|
Model provider |
Protect model weights, serving code, licensing logic, and release policy while allowing enterprise-side inference. Operate (or contract a delegated authority for) the attestation verifier, reference-values service, and key-release service that gate access to model artifacts. |
Enterprise data owner |
Control which data enters the service, where outputs are delivered, and what operational data may be logged or retained. |
Platform operator |
Run the Kubernetes environment, hardware, firmware, GPU mode, networking, storage, monitoring, incident response, and approved data paths. |
CC software provider |
Provide the confidential containers runtime, attestation, measurement, GPU integration, key-release layer, support matrix, and failure signals. |
Other teams still matter. Security teams review the trust boundaries, OEMs and integrators validate the stack, and application teams connect the inference service to user workflows. Those responsibilities are captured in Appendix B.