commit e83d2df802258a91d5891554afa7b2df27de4aba
parent 28bc636e4c54d513f904c37dffeaac7156971090
Author: Martin Schanzenbach <mschanzenbach@posteo.de>
Date: Wed, 5 May 2021 12:30:38 +0200
update objects
Diffstat:
1 file changed, 127 insertions(+), 10 deletions(-)
diff --git a/draft-schanzen-reclaimid.xml b/draft-schanzen-reclaimid.xml
@@ -122,8 +122,14 @@
| TYPE | FLAG |
+-----+-----+-----+-----+-----+-----+-----+-----+
| ID |
+| |
+| |
+| |
+-----+-----+-----+-----+-----+-----+-----+-----+
| ATTESTATION |
+| |
+| |
+| |
+-----+-----+-----+-----+-----+-----+-----+-----+
| NSIZE | DSIZE |
+-----+-----+-----+-----+-----+-----+-----+-----+
@@ -147,11 +153,11 @@
</dd>
<dt>ID</dt>
<dd>
- Is a 64 bit attribute identifier.
+ Is a 256 bit attribute identifier.
</dd>
<dt>ATTESTATION</dt>
<dd>
- Is the 64 bit credential identifier which asserts this attribute.
+ Is the 256 bit credential identifier which asserts this attribute.
0 means no attestation.
</dd>
<dt>NSIZE</dt>
@@ -164,7 +170,7 @@
</dd>
<dt>NAME</dt>
<dd>
- The attribute name. A UTF-8 string.
+ The attribute name. A UTF-8 string with NULL byte at the end.
</dd>
<dt>DATA</dt>
<dd>
@@ -187,6 +193,9 @@
| TYPE | FLAG |
+-----+-----+-----+-----+-----+-----+-----+-----+
| ID |
+| |
+| |
+| |
+-----+-----+-----+-----+-----+-----+-----+-----+
| NSIZE | DSIZE |
+-----+-----+-----+-----+-----+-----+-----+-----+
@@ -210,7 +219,7 @@
</dd>
<dt>ID</dt>
<dd>
- Is a 64 bit credential identifier.
+ Is a 256 bit credential identifier.
</dd>
<dt>NSIZE</dt>
<dd>
@@ -222,7 +231,7 @@
</dd>
<dt>NAME</dt>
<dd>
- The credential name. A UTF-8 string.
+ The credential name. A UTF-8 string with NULL byte at the end.
</dd>
<dt>DATA</dt>
<dd>
@@ -244,10 +253,10 @@
<artwork name="" type="" align="left" alt=""><![CDATA[
0 8 16 24 32 40 48 56
+-----+-----+-----+-----+-----+-----+-----+-----+
-| IDENTITY |
-| |
-| |
-| |
+| IDENTITY TYPE | IDENTITY |
++-----------------------+ |
+| +-----------------------|
+| | AUDIENCE TYPE |
+-----+-----+-----+-----+-----+-----+-----+-----+
| AUDIENCE |
| |
@@ -255,6 +264,9 @@
| |
+-----+-----+-----+-----+-----+-----+-----+-----+
| TID |
+| |
+| |
+| |
+-----+-----+-----+-----+-----+-----+-----+-----+
]]></artwork>
<!-- <postamble>which is a very simple example.</postamble>-->
@@ -263,17 +275,27 @@
where:
</t>
<dl>
+ <dt>IDENTITY TYPE</dt>
+ <dd>
+ Is the 32 bit identity type as defined in GANA for GNS
+ identity zone types (e.g. PKEY).
+ </dd>
<dt>IDENTITY</dt>
<dd>
Is the 256 bit identity public zone key of the user.
</dd>
+ <dt>AUDIENCE TYPE</dt>
+ <dd>
+ Is the 32 bit audience type as defined in GANA for GNS
+ identity zone types (e.g. PKEY).
+ </dd>
<dt>AUDIENCE</dt>
<dd>
Is the 256 bit audience public zone key of the relying party.
</dd>
<dt>TID</dt>
<dd>
- Is a 64 bit ticket identifier.
+ Is a 256 bit ticket identifier.
</dd>
</dl>
<t>
@@ -287,9 +309,104 @@
</t>
<section anchor="attrrefs" numbered="true" toc="default">
<name>Attribute References</name>
+ <t>
+ An attribute reference is stored in GNS under records
+ of type "RECLAIM_ATTRIBUTE_REF". An attribute reference
+ is stored in GNS under a label derived from a ticket ID.
+ The reference points to an actual attribute ID.
+ The record format of a RECLAIM_ATTRIBUTE_REF is as follows:
+ </t>
+ <figure anchor="figure_gnsattrref">
+ <artwork name="" type="" align="left" alt=""><![CDATA[
+0 8 16 24 32 40 48 56
++-----+-----+-----+-----+-----+-----+-----+-----+
+| ATTRIBUTE ID |
+| |
+| |
+| |
++-----+-----+-----+-----+-----+-----+-----+-----+
+| NSIZE | DSIZE |
++-----+-----+-----+-----+-----+-----+-----+-----+
+/ NAME + DATA /
+/ /
++-----------------------------------------------+
+ ]]></artwork>
+ <!-- <postamble>which is a very simple example.</postamble>-->
+ </figure>
+ <t>
+ where:
+ </t>
+ <dl>
+ <dt>ATTRIBUTE ID</dt>
+ <dd>
+ Is the 256 bit attribute ID of an existing attribute.
+ </dd>
+ </dl>
</section>
<section anchor="credpres" numbered="true" toc="default">
<name>Credential Presentations</name>
+ <t>
+ A re:claimID presentation is stored in GNS under records
+ of type "RECLAIM_PRESENTATION". A presentation is derived from a
+ credential and may contain only a subset of the attestations.
+ The presentation construct is used to support selective disclosure
+ of third party issued credentials. It consists of
+ a type, a flag, a name and data.
+ The record format of a RECLAIM_PRESENTATION is as follows:
+ </t>
+ <figure anchor="figure_gnspres">
+ <artwork name="" type="" align="left" alt=""><![CDATA[
+0 8 16 24 32 40 48 56
++-----+-----+-----+-----+-----+-----+-----+-----+
+| TYPE | FLAG |
++-----+-----+-----+-----+-----+-----+-----+-----+
+| ID |
+| |
+| |
+| |
++-----+-----+-----+-----+-----+-----+-----+-----+
+| NSIZE | DSIZE |
++-----+-----+-----+-----+-----+-----+-----+-----+
+/ NAME + DATA /
+/ /
++-----------------------------------------------+
+ ]]></artwork>
+ <!-- <postamble>which is a very simple example.</postamble>-->
+ </figure>
+ <t>
+ where:
+ </t>
+ <dl>
+ <dt>TYPE</dt>
+ <dd>
+ Is the 32 bit presentation type as defined in the GANA registry.
+ </dd>
+ <dt>FLAG</dt>
+ <dd>
+ Is a 32 bit presentation flag combination as defined in the GANA registry
+ </dd>
+ <dt>ID</dt>
+ <dd>
+ Is a 256 bit credential identifier.
+ </dd>
+ <dt>NSIZE</dt>
+ <dd>
+ 32 bit length of the presentation name in bytes.
+ </dd>
+ <dt>DSIZE</dt>
+ <dd>
+ 32 bit length of the credential data.
+ </dd>
+ <dt>NAME</dt>
+ <dd>
+ The credential name. A UTF-8 string with NULL byte at the end.
+ </dd>
+ <dt>DATA</dt>
+ <dd>
+ The credential data.
+ </dd>
+ </dl>
+
</section>
</section>
</section>
