fix: Overhaul #55
fix: Overhaul #55
Conversation
|
|
||
| * As a Zip file with extension of `.tdf`. For example, if you are trying to protect a file named `demo.jpeg`, the file will be stored as `demo.jpeg.tdf` after encryption. | ||
| * As a HTML file with extension of `.html`. For example, if you are trying to protect a file named `demo.jpeg`, the file will be stored as `demo.jpeg.html` after encryption. An example HTML file is (here)[https://github.com/opentdf/spec/blob/master/schema/HtmlProtocolExample.html]. | ||
| OpenTDF represents a modernization of data-centric security concepts originally established in the **IC-TDF** (Intelligence Community Trusted Data Format) specification. While IC-TDF utilized an XML-based structure, OpenTDF adopts a more contemporary approach using JSON for its manifest, enhancing flexibility and ease of integration with modern web technologies. |
There was a problem hiding this comment.
probably not necessary (or wanted?) but you could link to the ICTDF spec here
| 1. **`manifest.json`:** The metadata manifest described in the Key Concepts section. It holds instructions for decryption and access control. | ||
| 2. **`payload`:** The encrypted data payload itself. | ||
|
|
||
| However, a TDF can be encoded in other ways. For example, as an HTML document: |
There was a problem hiding this comment.
is this "true"? like technically someone could hand roll it but do we want to mention html at all, since i dont think opentdf supports ti directly?
|
|
||
| While OpenTDF offers flexibility and rich metadata, NanoTDF prioritizes size efficiency for specific use cases. | ||
|
|
||
| **➡️ For details, please refer to the [NanoTDF Specification](../schema/nanotdf/README.md).** |
There was a problem hiding this comment.
getting a 404 on this link
|
|
||
| ## Contact | ||
|
|
||
| For questions regarding OpenTDF, interoperability, or the specification, please reach out to [support@opentdf.io](mailto:support@opentdf.io). |
There was a problem hiding this comment.
who is on this mailing list?
There was a problem hiding this comment.
AFAIK no one yet. We need to set it up.
| * **Resource Attributes:** Defined within the TDF's [Policy Object](../schema/OpenTDF/policy.md) in the `dataAttributes` array. These specify the attribute instances *required* to access this specific piece of data. | ||
| * **Policies:** Defined by the combination of: | ||
| * The `dataAttributes` required by the specific TDF. | ||
| * The optional `dissem` list in the TDF's [Policy Object](../schema/OpenTDF/policy.md) acting as an initial filter. |
There was a problem hiding this comment.
just checking that we want to talk about dissem, maybe people will want to use it, but wanted to make sure
|
|
||
| 1. **Request Initiation:** The client presents the relevant [Key Access Object(s)](../schema/OpenTDF/key_access_object.md) from the TDF manifest to the appropriate KAS, along with the client's credentials and asserted **Entity Entitlements** (Subject Attributes). | ||
| 2. **PEP Evaluation:** The KAS performs the following checks based on the TDF's embedded [Policy Object](../schema/OpenTDF/policy.md) (extracted from the `policy` field): | ||
| * **Dissemination Check (if applicable):** If the policy's `dissem` list is present and non-empty, the PEP verifies if the requesting entity's identifier is in the list. If not, access is **denied**. |
There was a problem hiding this comment.
more mentions of dissem here, maybe we do want to include it but double checking
There was a problem hiding this comment.
I believe we want to mention it, but we can run it by @willackerly
| 2. **Encrypt Payload:** Encrypt the original payload data using the DEK and an authenticated encryption mode (e.g., AES-256-GCM), generating an Initialization Vector (IV) and integrity tags per segment. Store the IV and segment information. | ||
| 3. **Define Policy:** Construct the [Policy Object](../schema/OpenTDF/policy.md) JSON defining the required attributes (`dataAttributes`) and optional dissemination list (`dissem`). Base64 encode this JSON string. | ||
| 4. **Generate Policy Binding:** Calculate the policy binding hash: `HMAC(DEK, Base64(policyJSON))` using a standard algorithm like HMAC-SHA256. Base64 encode the resulting hash. | ||
| 5. **Prepare Optional Metadata:** If client-specific metadata needs to be passed securely to the KAS during decryption, prepare this data. |
There was a problem hiding this comment.
do we want to have an example of what this would be? there are some things in opentdf we ALWAYS pass right? or no?
There was a problem hiding this comment.
Yea this is worded poorly. I'll update it.
Technically this is always passed to the KAS, but it's optional in the sense that a user of the SDK doesn't need to put anything in it.
| 17. **Decrypt Payload:** Use the plaintext DEK and the parameters from `encryptionInformation.method` (IV) to decrypt the TDF payload. During decryption (especially with AES-GCM or streaming), simultaneously verify the integrity of each segment using the `hash` from the [Segment Object](./opentdf/segment.md) and finally verify the `rootSignature` from [`integrityInformation`](./opentdf/integrity_information.md). If any integrity check fails, abort decryption and report an error. | ||
| 18. **Securely Discard DEK:** Once the payload is decrypted or decryption fails, securely erase the plaintext DEK and any intermediate shares from memory. | ||
|
|
||
| ## Error Handling |
There was a problem hiding this comment.
we had an adr around this a while back... not sure if we'd wanna include that here, maybe not since we havent implemented against it much . https://github.com/virtru-corp/adr/pull/102
There was a problem hiding this comment.
I might forgo linking to this ADR for a couple reasons.
- It's not public
- The error codes themselves aren't defined by the spec - we only define them for the purposes of our "reference implementation".
What do you think? Should be define the error codes formally here?
schema/OpenTDF/attributes.md
Outdated
| @@ -0,0 +1,18 @@ | |||
| # Attribute Object (Structure) | |||
|
|
|||
| This document describes the JSON structure representing an Attribute Instance when embedded within a [Policy Object](./policy.md). For a conceptual overview of attributes, and their role in access control, see [Access Control Concepts](../../concepts/access_control.md.md). | |||
There was a problem hiding this comment.
typo here - double .md in the access control link
Proposed Changes
Checklist
draft-<change>git tag -s 4.1.0 -m "Spec version 4.1.0 - did a thing")