Nested enclave identity

What is claimed: 1. An enclave platform method, comprising: instantiating an enclave with a nested identity at a software interface to an enclave platform, wherein the nested identity includes a plurality of identity types, each identity type associated with a respective plurality of possible enclave instantiations that share a common identity value, each plurality of possible enclave instantiations including the instantiated enclave; and performing an operation related to the instantiated enclave using the nested identity based on a specified identity type from the plurality of identity types, wherein performing the operation comprises: verifying integrity of the instantiated enclave, using an attestation report that is associated with the specified identity type, based at least in part on the attestation report providing attestation report equivalence with regard to the plurality of possible enclave instantiations with which the specified identity type is associated and further based at least in part on the instantiated enclave being included in the plurality of possible enclave instantiations with which the specified identity type is associated. 2. The method of claim 1 , wherein the plurality of identity types are nested such that a lower level identity type corresponds to a subset of the possible enclave instantiations that a higher level identity type corresponds to. 3. The method of claim 1 , wherein the enclave is identified by returning the nested identity as an output parameter from the software interface. 4. The method of claim 1 , wherein the specified identity type is one of: an enclave author identifier, which is unique to a group of families of enclave binary files that are authored by a same author; an enclave family identifier, which is unique to a family of binary files that are authored by the same author; an enclave image identifier, which is unique to a designated enclave binary file of the instantiated enclave; an enclave instance hash identifier, which is based on a primary image of the instantiated enclave and which is not based on dependent images of the instantiated enclave, wherein each dependent image of the instantiated enclave is dependent on the primary image of the instantiated enclave; or an enclave exact hash identifier, which is based on the primary image of the instantiated enclave and which is based on each dependent image of the instantiated enclave that is not part of a platform that is associated with the instantiated enclave. 5. The method of claim 1 , wherein the operation related to the instantiated enclave further comprises a trusted time measurement. 6. The method of claim 1 , wherein the nested identity is usable to identify first and second versions of a same enclave, and wherein the first version is different from the second version. 7. The method of claim 1 , wherein each identity type has identification data that is usable to identify the respective plurality of possible enclave instantiations with which the identity type is associated; and wherein identification data that is usable to identify enclave instances in lower level identity types includes identification data that is usable to identify enclave instances in higher level identity types. 8. The method of claim 1 , wherein the operation related to the instantiated enclave includes a monotonic counter. 9. A system comprising: memory; and one or more processors coupled to the memory, the one or more processors configured to: identify an enclave generated with a nested identity at a software interface to an enclave platform, wherein the nested identity includes a plurality of identity types, each identity type associated with a respective plurality of possible enclave instantiations that share a common identity value, each plurality of possible enclave instantiations including an instantiated enclave; and perform an operation related to the instantiated enclave using the nested identity, based on a specified identity type from the plurality of identity types, by verifying integrity of the instantiated enclave, using an attestation report that is associated with the specified identity type, based at least in part on the attestation report providing attestation report equivalence with regard to the plurality of possible enclave instantiations with which the specified identity type is associated and further based at least in part on the instantiated enclave being included in the plurality of possible enclave instantiations with which the specified identity type is associated. 10. The system of claim 9 , wherein the plurality of identity types are nested such that a lower level identity type corresponds to a subset of the possible enclave instantiations that a higher level identity type corresponds to. 11. The system of claim 9 , wherein the one or more processors are configured to identify the enclave based on the nested identity being received as an input parameter to the software interface. 12. The system of claim 9 , wherein the plurality of identity types includes at least one of the following: an enclave author identifier, which is unique to a group of families of enclave binary files that are authored by a same author; an enclave family identifier, which is unique to a family of binary files that are authored by the same author; an enclave image identifier, which is unique to a designated enclave binary file of the instantiated enclave; an enclave instance hash identifier, which is based on a primary image of the instantiated enclave and which is not based on dependent images of the instantiated enclave, wherein each dependent image of the instantiated enclave is dependent on the primary image of the instantiated enclave; or an enclave exact hash identifier, which is based on the primary image of the instantiated enclave and which is based on each dependent image of the instantiated enclave that is not part of a platform that is associated with the instantiated enclave. 13. The system of claim 9 , wherein the operation related to the instantiated enclave includes at least one of: a monotonic counter or a trusted time measurement. 14. The system of claim 9 , wherein the nested identity is usable to identify first and second versions of a same enclave, and wherein the first version is different from the second version. 15. The system of claim 9 , wherein each identity type has identification data that is usable to identify the respective plurality of possible enclave instantiations with which the identity type is associated; and wherein identification data that is usable to identify enclave instances in lower level identity types includes identification data that is usable to identify enclave instances in higher level identity types. 16. The system of claim 9 , wherein the attestation report equivalence indicates that the attestation report associated with the specified identity type is equivalent to attestation reports associated with the respective possible enclave instantiations with which the specified identity type is associated. 17. A computer readable storage device comprising computer readable instructions that, when executed by a computing system, cause at least: generating an enclave with a nested identity at a software interface to an enclave platform, wherein the nested identity includes a plurality of identity types, each identity type associated with a respective plurality of possible enclave instantiations that share a common identity value, wherein the plurality of possible enclave instantiations associated with each identity type includes a