NanoTDF Resource Locator KID (#40)

pflynn-virtru · dmihalcik-virtru · web-flow · commit f7b8dd02a697 · 2024-09-26T17:21:28.000-04:00
* NanoTDF Resource Locator KID

* KAS w/identifier

* Apply suggestions from code review

Co-authored-by: Dave Mihalcik &lt;dmihalcik@virtru.com&gt;

* Resource locator identifier

* Refactor protocol and identifier table layout

Consolidated protocol and identifier values into a cleaner format by merging redundant rows and aligning columns. Also fixed a typo in the note about unreserved values and clarified version-specific information regarding the "Shared Resource Directory" flag.

* Add Ephemeral Public Key length constraints to README

Clarified the length constraints for the Ephemeral Public Key in the nanotdf schema documentation. This ensures better understanding and consistency regarding the expected byte sizes.

---------

Co-authored-by: Dave Mihalcik &lt;dmihalcik@virtru.com&gt;
diff --git a/schema/nanotdf/README.md b/schema/nanotdf/README.md
@@ -110,7 +110,10 @@ consequently, is `TDFM` (think TDF mini/micro/etc) when base64 encoded.
 
 This section contains a Resource Locator type that allows describing access to a
 resource. In the case of the KAS, the Resource Locator defines how to access a
-KAS. Refer to the Resource Locator object's definition in [Section 3.4.1].
+KAS and its key. The Key Identifier (KID) uses the Protocol Enum w/Identifier.
+Protocol Enum w/Identifier is required.
+
+Refer to the Resource Locator object's definition in [Section 3.4.1].
 
 ##### 3.3.1.3 ECC And Binding Mode
 
@@ -303,29 +306,39 @@ This section describes embedded types that are used in multiple places in a
 The Resource Locator is a way for the nanotdf to represent references to
 external resources in as succinct a format as possible. 
 
-| Section       | Minimum Length (B)  | Maximum Length (B)  |
-|---------------|---------------------|---------------------|
-| Protocol Enum | 1                   | 1                   |
-| Body Length   | 1                   | 1                   |
-| Body          | 1                   | 255                 |
+| Section               | Minimum Length (B)  | Maximum Length (B)  |
+|-----------------------|---------------------|---------------------|
+| Protocol Enum         | 1                   | 1                   |
+| Body Length           | 1                   | 1                   |
+| Body                  | 1                   | 255                 |
+| Identifier (optional) | 0                   | 32                  |
 
-##### 3.4.1.1 Protocol Enum
+##### 3.4.1.1 Protocol Header
 
 [Section 3.4.1.1]: #3411-protocol-enum
 [Protocol Enum]: #3411-protocol-enum
 
 This is a single byte used to describe the protocol used to locate a resource. 
 The following are the available values:
 
-| Value   | Protocol                  |
-|---------|---------------------------|
-| `0x00`  | `http`                    |
-| `0x01`  | `https`                   |
-| `0x02`  | unreserved                |
-| `0xff`  | Shared Resource Directory |
+| Value      | Protocol                    |
+|------------|-----------------------------|
+| Bits 3-0   | Protocol Enum Value         |
+| `0x0`      | `http`                      |
+| `0x1`      | `https`                     |
+| `0x2`      | unreserved                  |
+| `0xf`      | Shared Resource Directory   |
+
+| Value      | Identifier                                               |
+|------------|----------------------------------------------------------|
+| Bits 7-4   | Used for lookups of KAS key, Remote Policy, Policy key   |
+| `0x0`      | None                                                     |
+| `0x1`      | 2 Byte                                                   |
+| `0x2`      | 8 Byte                                                   |
+| `0x3`      | 32 Byte                                                  |
 
 _Note: Any unlisted values are unreserved. Clients should consider their use
-an errorneous condition._
+an erroneous condition._
 
 ###### 3.4.1.1.1 The Shared Resource Directory
 
@@ -335,6 +348,8 @@ of their nanotdf. The shared resource directory at this time is still an
 experimental part of the nanotdf and is included in the documentation to support
 a minor update to the nanotdf in a subsequent specification. 
 
+Note is this specification version ( > `opentdf/spec` 4.3.0) the "Shared Resource Directory" flag has moved.
+
 ##### 3.4.1.2 Body Length
 
 The length of the Body that describes how to retrieve the Resource referenced by
@@ -879,4 +894,4 @@ fa ab 69 18 52 26 1b 2d 63 60 83 1a cb d5 f2 03 fb ef 17 f9
 
 ###### 6.2.6.1.8 Signature
 
-There is no signature in this example
+There is no signature in this example
