opentdf
Inline payload manifest.payload.value
Proposed Changes
To better support web-based JSON APIs, inline payload in the TDF manifest. manifest.payload.value
zip is a heavy operation that only works to create a "container" and IMO is more email-based solution.
{
"payload": {
"type": "inline",
"url": "",
"protocol": "base64",
"isEncrypted": true,
"schemaVersion": "3.1.0",
"mimeType": "text/plain",
"value": "nF0zMXcMmkU4hmSugL2/KQz8BUUosMY0PDEioTp0lnZGM+epTZsB"
},
"encryptionInformation": {
"type": "split",
"keyAccess": [
{
"type": "wrapped",
"url": "http://localhost/api/kas",
"protocol": "kas",
"wrappedKey": "M7GGpjpTsSNclmmW9Oa94N9Qy/+QI9iTWXdUgmFT1NWClIZrKEl/Au13nVBDg+P9KympzVZgpHQv8JA1T8GckkFmGbVwc/fFW9OA90aJc0dsUo5ezewgrvd6DOWUskexoxK1o8Xag/fBoLReK3iysvEcPbwTwvhvVEpuS6CpsriQ3hW/PXmGysera/YkRyYMT395ty2MAnfvQJnEssw21l0cpDC7CDU7cR0KCFEvZKW4UBy/zC73JZZk7GoRCbkXBaoyX6snzg22eXy9pG+s+R+X7SEkUduqfxYY7EQkEoOFK7aroqmGcsDaxUQaZYiLY3cwSFCOPtkQJL6X4cB1xA==",
"encryptedMetadata": "eyJjaXBoZXJ0ZXh0IjoiRDlGM0VIeTB4dXkwQU80OFBZTXc3UkI5Y3FTeC9ZVHdwcTZtR1M1cyIsIml2IjoiRDlGM0VIeTB4dXkwQU80OCJ9",
"policyBinding": "MzA0NGFjM2ViYzliYWU1ODg4Yjg2MDM1ZWZiZTIzYjJlN2U4Y2YyZTdjOWEwMjZlZDg1YTQwYjg0YTk4NzFjZg=="
}
],
"method": {
"algorithm": "AES-256-GCM",
"isStreamable": true,
"iv": "D9F3EHy0xuy0AO48"
},
"integrityInformation": {
"rootSignature": {
"alg": "HS256",
"sig": "ZmNjOTc4Y2VkZWM3Yjg4NWQ4MTkzMzg0NTU2N2M3YWUxMGUyOWUxYWFjNWFiNDY3NzNiZmNmNjJhOTI3N2FmOA=="
},
"segmentHashAlg": "GMAC",
"segments": [],
"segmentSizeDefault": 1048576,
"encryptedSegmentSizeDefault": 1048604
},
"policy": "eyJ1dWlkIjoiYjU4ZmY0ZDQtNjc2OC00ODRlLWJjMzEtMjEwYjU0YmYxY2I4IiwiYm9keSI6eyJkYXRhQXR0cmlidXRlcyI6W10sImRpc3NlbSI6W119fQ=="
}
}
Checklist
- [ ] A clear description of the change has been included in this PR.
- [ ] A clear description of whether this change is a Major, Minor, Patch or cosmetic change as per the Versioning Guidelines has been included in this PR.
- [ ] All schema validation tests have been updated appropriately and are passing.
- [ ] MAJOR/MINOR VERSION CHANGES ONLY: This PR should be made in branches prefixed with
draft-<change> - [ ] MAJOR/MINOR VERSION CHANGES ONLY: A link to a reference implementation (PR or set of PRs) of the change has been included in this PR.
- [ ] MAJOR/MINOR VERSION CHANGES ONLY: A writeup has been included discussing the motivation and impact of this change.
- [ ] MAJOR/MINOR VERSION CHANGES ONLY: The minimum wait time has elapsed.
- [ ] DRAFT MERGE ONLY: Draft Semver has been updated in the VERSION file (optional)
- [ ] DRAFT MERGE ONLY: Tagged this branch with new semver version and an annotation describing the change (ex:
git tag -s 4.1.0 -m "Spec version 4.1.0 - did a thing") - [ ] DRAFT MERGE ONLY: Version numbers have been updated as per the Versioning Guidelines.
- [ ] This change otherwise adheres to the project Contribution Guidelines.
I like the idea here. I don't see why this couldn't be used for an email flow either potentially if there are no attachments.
@arkavo-com curious what issues you found with zip? ZIP is used with every remote operation on the web these days. Typically, it's done from the HTTP server or proxy. That said, I think a binary format makes a lot of sense so that we can choose which bytes we want to extract. This seems especially true when dealing with JSON properties that do not have a fixed position and with the need for the entire scheme to be valid to continue.
If speed is your priority, have you considered nanotdf?
