diff options
author | Martin Schanzenbach <mschanzenbach@posteo.de> | 2021-05-05 12:30:38 +0200 |
---|---|---|
committer | Martin Schanzenbach <mschanzenbach@posteo.de> | 2021-05-05 12:30:38 +0200 |
commit | e83d2df802258a91d5891554afa7b2df27de4aba (patch) | |
tree | 801c1a444d4a5eff215cb6c91e005742a848e0a8 | |
parent | 28bc636e4c54d513f904c37dffeaac7156971090 (diff) | |
download | lsd0002-e83d2df802258a91d5891554afa7b2df27de4aba.tar.gz lsd0002-e83d2df802258a91d5891554afa7b2df27de4aba.zip |
update objects
-rw-r--r-- | draft-schanzen-reclaimid.xml | 137 |
1 files changed, 127 insertions, 10 deletions
diff --git a/draft-schanzen-reclaimid.xml b/draft-schanzen-reclaimid.xml index cfc2130..fa9ad15 100644 --- a/draft-schanzen-reclaimid.xml +++ b/draft-schanzen-reclaimid.xml | |||
@@ -122,8 +122,14 @@ | |||
122 | | TYPE | FLAG | | 122 | | TYPE | FLAG | |
123 | +-----+-----+-----+-----+-----+-----+-----+-----+ | 123 | +-----+-----+-----+-----+-----+-----+-----+-----+ |
124 | | ID | | 124 | | ID | |
125 | | | | ||
126 | | | | ||
127 | | | | ||
125 | +-----+-----+-----+-----+-----+-----+-----+-----+ | 128 | +-----+-----+-----+-----+-----+-----+-----+-----+ |
126 | | ATTESTATION | | 129 | | ATTESTATION | |
130 | | | | ||
131 | | | | ||
132 | | | | ||
127 | +-----+-----+-----+-----+-----+-----+-----+-----+ | 133 | +-----+-----+-----+-----+-----+-----+-----+-----+ |
128 | | NSIZE | DSIZE | | 134 | | NSIZE | DSIZE | |
129 | +-----+-----+-----+-----+-----+-----+-----+-----+ | 135 | +-----+-----+-----+-----+-----+-----+-----+-----+ |
@@ -147,11 +153,11 @@ | |||
147 | </dd> | 153 | </dd> |
148 | <dt>ID</dt> | 154 | <dt>ID</dt> |
149 | <dd> | 155 | <dd> |
150 | Is a 64 bit attribute identifier. | 156 | Is a 256 bit attribute identifier. |
151 | </dd> | 157 | </dd> |
152 | <dt>ATTESTATION</dt> | 158 | <dt>ATTESTATION</dt> |
153 | <dd> | 159 | <dd> |
154 | Is the 64 bit credential identifier which asserts this attribute. | 160 | Is the 256 bit credential identifier which asserts this attribute. |
155 | 0 means no attestation. | 161 | 0 means no attestation. |
156 | </dd> | 162 | </dd> |
157 | <dt>NSIZE</dt> | 163 | <dt>NSIZE</dt> |
@@ -164,7 +170,7 @@ | |||
164 | </dd> | 170 | </dd> |
165 | <dt>NAME</dt> | 171 | <dt>NAME</dt> |
166 | <dd> | 172 | <dd> |
167 | The attribute name. A UTF-8 string. | 173 | The attribute name. A UTF-8 string with NULL byte at the end. |
168 | </dd> | 174 | </dd> |
169 | <dt>DATA</dt> | 175 | <dt>DATA</dt> |
170 | <dd> | 176 | <dd> |
@@ -187,6 +193,9 @@ | |||
187 | | TYPE | FLAG | | 193 | | TYPE | FLAG | |
188 | +-----+-----+-----+-----+-----+-----+-----+-----+ | 194 | +-----+-----+-----+-----+-----+-----+-----+-----+ |
189 | | ID | | 195 | | ID | |
196 | | | | ||
197 | | | | ||
198 | | | | ||
190 | +-----+-----+-----+-----+-----+-----+-----+-----+ | 199 | +-----+-----+-----+-----+-----+-----+-----+-----+ |
191 | | NSIZE | DSIZE | | 200 | | NSIZE | DSIZE | |
192 | +-----+-----+-----+-----+-----+-----+-----+-----+ | 201 | +-----+-----+-----+-----+-----+-----+-----+-----+ |
@@ -210,7 +219,7 @@ | |||
210 | </dd> | 219 | </dd> |
211 | <dt>ID</dt> | 220 | <dt>ID</dt> |
212 | <dd> | 221 | <dd> |
213 | Is a 64 bit credential identifier. | 222 | Is a 256 bit credential identifier. |
214 | </dd> | 223 | </dd> |
215 | <dt>NSIZE</dt> | 224 | <dt>NSIZE</dt> |
216 | <dd> | 225 | <dd> |
@@ -222,7 +231,7 @@ | |||
222 | </dd> | 231 | </dd> |
223 | <dt>NAME</dt> | 232 | <dt>NAME</dt> |
224 | <dd> | 233 | <dd> |
225 | The credential name. A UTF-8 string. | 234 | The credential name. A UTF-8 string with NULL byte at the end. |
226 | </dd> | 235 | </dd> |
227 | <dt>DATA</dt> | 236 | <dt>DATA</dt> |
228 | <dd> | 237 | <dd> |
@@ -244,10 +253,10 @@ | |||
244 | <artwork name="" type="" align="left" alt=""><![CDATA[ | 253 | <artwork name="" type="" align="left" alt=""><![CDATA[ |
245 | 0 8 16 24 32 40 48 56 | 254 | 0 8 16 24 32 40 48 56 |
246 | +-----+-----+-----+-----+-----+-----+-----+-----+ | 255 | +-----+-----+-----+-----+-----+-----+-----+-----+ |
247 | | IDENTITY | | 256 | | IDENTITY TYPE | IDENTITY | |
248 | | | | 257 | +-----------------------+ | |
249 | | | | 258 | | +-----------------------| |
250 | | | | 259 | | | AUDIENCE TYPE | |
251 | +-----+-----+-----+-----+-----+-----+-----+-----+ | 260 | +-----+-----+-----+-----+-----+-----+-----+-----+ |
252 | | AUDIENCE | | 261 | | AUDIENCE | |
253 | | | | 262 | | | |
@@ -255,6 +264,9 @@ | |||
255 | | | | 264 | | | |
256 | +-----+-----+-----+-----+-----+-----+-----+-----+ | 265 | +-----+-----+-----+-----+-----+-----+-----+-----+ |
257 | | TID | | 266 | | TID | |
267 | | | | ||
268 | | | | ||
269 | | | | ||
258 | +-----+-----+-----+-----+-----+-----+-----+-----+ | 270 | +-----+-----+-----+-----+-----+-----+-----+-----+ |
259 | ]]></artwork> | 271 | ]]></artwork> |
260 | <!-- <postamble>which is a very simple example.</postamble>--> | 272 | <!-- <postamble>which is a very simple example.</postamble>--> |
@@ -263,17 +275,27 @@ | |||
263 | where: | 275 | where: |
264 | </t> | 276 | </t> |
265 | <dl> | 277 | <dl> |
278 | <dt>IDENTITY TYPE</dt> | ||
279 | <dd> | ||
280 | Is the 32 bit identity type as defined in GANA for GNS | ||
281 | identity zone types (e.g. PKEY). | ||
282 | </dd> | ||
266 | <dt>IDENTITY</dt> | 283 | <dt>IDENTITY</dt> |
267 | <dd> | 284 | <dd> |
268 | Is the 256 bit identity public zone key of the user. | 285 | Is the 256 bit identity public zone key of the user. |
269 | </dd> | 286 | </dd> |
287 | <dt>AUDIENCE TYPE</dt> | ||
288 | <dd> | ||
289 | Is the 32 bit audience type as defined in GANA for GNS | ||
290 | identity zone types (e.g. PKEY). | ||
291 | </dd> | ||
270 | <dt>AUDIENCE</dt> | 292 | <dt>AUDIENCE</dt> |
271 | <dd> | 293 | <dd> |
272 | Is the 256 bit audience public zone key of the relying party. | 294 | Is the 256 bit audience public zone key of the relying party. |
273 | </dd> | 295 | </dd> |
274 | <dt>TID</dt> | 296 | <dt>TID</dt> |
275 | <dd> | 297 | <dd> |
276 | Is a 64 bit ticket identifier. | 298 | Is a 256 bit ticket identifier. |
277 | </dd> | 299 | </dd> |
278 | </dl> | 300 | </dl> |
279 | <t> | 301 | <t> |
@@ -287,9 +309,104 @@ | |||
287 | </t> | 309 | </t> |
288 | <section anchor="attrrefs" numbered="true" toc="default"> | 310 | <section anchor="attrrefs" numbered="true" toc="default"> |
289 | <name>Attribute References</name> | 311 | <name>Attribute References</name> |
312 | <t> | ||
313 | An attribute reference is stored in GNS under records | ||
314 | of type "RECLAIM_ATTRIBUTE_REF". An attribute reference | ||
315 | is stored in GNS under a label derived from a ticket ID. | ||
316 | The reference points to an actual attribute ID. | ||
317 | The record format of a RECLAIM_ATTRIBUTE_REF is as follows: | ||
318 | </t> | ||
319 | <figure anchor="figure_gnsattrref"> | ||
320 | <artwork name="" type="" align="left" alt=""><![CDATA[ | ||
321 | 0 8 16 24 32 40 48 56 | ||
322 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
323 | | ATTRIBUTE ID | | ||
324 | | | | ||
325 | | | | ||
326 | | | | ||
327 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
328 | | NSIZE | DSIZE | | ||
329 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
330 | / NAME + DATA / | ||
331 | / / | ||
332 | +-----------------------------------------------+ | ||
333 | ]]></artwork> | ||
334 | <!-- <postamble>which is a very simple example.</postamble>--> | ||
335 | </figure> | ||
336 | <t> | ||
337 | where: | ||
338 | </t> | ||
339 | <dl> | ||
340 | <dt>ATTRIBUTE ID</dt> | ||
341 | <dd> | ||
342 | Is the 256 bit attribute ID of an existing attribute. | ||
343 | </dd> | ||
344 | </dl> | ||
290 | </section> | 345 | </section> |
291 | <section anchor="credpres" numbered="true" toc="default"> | 346 | <section anchor="credpres" numbered="true" toc="default"> |
292 | <name>Credential Presentations</name> | 347 | <name>Credential Presentations</name> |
348 | <t> | ||
349 | A re:claimID presentation is stored in GNS under records | ||
350 | of type "RECLAIM_PRESENTATION". A presentation is derived from a | ||
351 | credential and may contain only a subset of the attestations. | ||
352 | The presentation construct is used to support selective disclosure | ||
353 | of third party issued credentials. It consists of | ||
354 | a type, a flag, a name and data. | ||
355 | The record format of a RECLAIM_PRESENTATION is as follows: | ||
356 | </t> | ||
357 | <figure anchor="figure_gnspres"> | ||
358 | <artwork name="" type="" align="left" alt=""><![CDATA[ | ||
359 | 0 8 16 24 32 40 48 56 | ||
360 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
361 | | TYPE | FLAG | | ||
362 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
363 | | ID | | ||
364 | | | | ||
365 | | | | ||
366 | | | | ||
367 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
368 | | NSIZE | DSIZE | | ||
369 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
370 | / NAME + DATA / | ||
371 | / / | ||
372 | +-----------------------------------------------+ | ||
373 | ]]></artwork> | ||
374 | <!-- <postamble>which is a very simple example.</postamble>--> | ||
375 | </figure> | ||
376 | <t> | ||
377 | where: | ||
378 | </t> | ||
379 | <dl> | ||
380 | <dt>TYPE</dt> | ||
381 | <dd> | ||
382 | Is the 32 bit presentation type as defined in the GANA registry. | ||
383 | </dd> | ||
384 | <dt>FLAG</dt> | ||
385 | <dd> | ||
386 | Is a 32 bit presentation flag combination as defined in the GANA registry | ||
387 | </dd> | ||
388 | <dt>ID</dt> | ||
389 | <dd> | ||
390 | Is a 256 bit credential identifier. | ||
391 | </dd> | ||
392 | <dt>NSIZE</dt> | ||
393 | <dd> | ||
394 | 32 bit length of the presentation name in bytes. | ||
395 | </dd> | ||
396 | <dt>DSIZE</dt> | ||
397 | <dd> | ||
398 | 32 bit length of the credential data. | ||
399 | </dd> | ||
400 | <dt>NAME</dt> | ||
401 | <dd> | ||
402 | The credential name. A UTF-8 string with NULL byte at the end. | ||
403 | </dd> | ||
404 | <dt>DATA</dt> | ||
405 | <dd> | ||
406 | The credential data. | ||
407 | </dd> | ||
408 | </dl> | ||
409 | |||
293 | </section> | 410 | </section> |
294 | </section> | 411 | </section> |
295 | </section> | 412 | </section> |