Skip to content

TDF KAS field can have different paths and scheme for a single KAS #873

New issue
New issue
Closed as not planned
Closed as not planned
TDF KAS field can have different paths and scheme for a single KAS#873
Labels
StalebugSomething isn't workingcomp:sdkA software development kit, including library, for client applications and inter-service communicati
@pflynn-virtru

Description

@pflynn-virtru
pflynn-virtru
opened on May 24, 2024

Currently, we support gRPC and RESTful endpoints for rewrap. If a TDF is created with one SDK that uses a gRPC endpoint, the KAS field in TDF is gRPC, then if an SDK that uses RESTful it will fail decrypt.

In nanotdf, the KAS field is endpoint specific https://github.com/opentdf/spec/tree/main/schema/nanotdf#331-header

In TDF3, the url field in Key Access Object, https://github.com/opentdf/spec/blob/main/schema/tdf/KeyAccessObject.md#keyaccess

One solution, the .well-known have the supported KAS endpoints and the TDF KAS field only specifies the path where .well-known can be found.

For flexibility, possible KAS endpoints in the .well-known should support different schemes: https://, wss://. and different paths

Metadata

Metadata

Assignees

No one assigned

    Labels

    StalebugSomething isn't workingcomp:sdkA software development kit, including library, for client applications and inter-service communicati

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions