fix: Overhaul #55
Merged
fix: Overhaul #55
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cassandrabailey293
requested changes
Apr 7, 2025
|
|
||
| * As a Zip file with extension of `.tdf`. For example, if you are trying to protect a file named `demo.jpeg`, the file will be stored as `demo.jpeg.tdf` after encryption. | ||
| * As a HTML file with extension of `.html`. For example, if you are trying to protect a file named `demo.jpeg`, the file will be stored as `demo.jpeg.html` after encryption. An example HTML file is (here)[https://github.com/opentdf/spec/blob/master/schema/HtmlProtocolExample.html]. | ||
| OpenTDF represents a modernization of data-centric security concepts originally established in the **IC-TDF** (Intelligence Community Trusted Data Format) specification. While IC-TDF utilized an XML-based structure, OpenTDF adopts a more contemporary approach using JSON for its manifest, enhancing flexibility and ease of integration with modern web technologies. |
There was a problem hiding this comment.
probably not necessary (or wanted?) but you could link to the ICTDF spec here
| 1. **`manifest.json`:** The metadata manifest described in the Key Concepts section. It holds instructions for decryption and access control. | ||
| 2. **`payload`:** The encrypted data payload itself. | ||
|
|
||
| However, a TDF can be encoded in other ways. For example, as an HTML document: |
There was a problem hiding this comment.
is this "true"? like technically someone could hand roll it but do we want to mention html at all, since i dont think opentdf supports ti directly?
|
|
||
| ## Contact | ||
|
|
||
| For questions regarding OpenTDF, interoperability, or the specification, please reach out to [[email protected]](mailto:[email protected]). |
There was a problem hiding this comment.
who is on this mailing list?
There was a problem hiding this comment.
AFAIK no one yet. We need to set it up.
|
|
||
| 1. **Request Initiation:** The client presents the relevant [Key Access Object(s)](../schema/OpenTDF/key_access_object.md) from the TDF manifest to the appropriate KAS, along with the client's credentials and asserted **Entity Entitlements** (Subject Attributes). | ||
| 2. **PEP Evaluation:** The KAS performs the following checks based on the TDF's embedded [Policy Object](../schema/OpenTDF/policy.md) (extracted from the `policy` field): | ||
| * **Dissemination Check (if applicable):** If the policy's `dissem` list is present and non-empty, the PEP verifies if the requesting entity's identifier is in the list. If not, access is **denied**. |
There was a problem hiding this comment.
more mentions of dissem here, maybe we do want to include it but double checking
There was a problem hiding this comment.
I believe we want to mention it, but we can run it by @willackerly
schema/OpenTDF/attributes.md
Outdated
| @@ -0,0 +1,18 @@ | |||
| # Attribute Object (Structure) | |||
|
|
|||
| This document describes the JSON structure representing an Attribute Instance when embedded within a [Policy Object](./policy.md). For a conceptual overview of attributes, and their role in access control, see [Access Control Concepts](../../concepts/access_control.md.md). | |||
There was a problem hiding this comment.
typo here - double .md in the access control link
biscoe916
commented
Apr 7, 2025
strantalis
approved these changes
Apr 8, 2025
cassandrabailey293
approved these changes
Apr 8, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Proposed Changes
Checklist
draft-<change>git tag -s 4.1.0 -m "Spec version 4.1.0 - did a thing")