opentdf · pflynn-virtru · Sep 26, 2024 · Jul 29, 2024 · Jul 29, 2024 · Jul 30, 2024
@@ -110,7 +110,10 @@ consequently, is `TDFM` (think TDF mini/micro/etc) when base64 encoded.
 
 This section contains a Resource Locator type that allows describing access to a
 resource. In the case of the KAS, the Resource Locator defines how to access a
-KAS. Refer to the Resource Locator object's definition in [Section 3.4.1].
+KAS and its key. The Key Identifier (KID) uses the Protocol Enum w/Identifier.
+Protocol Enum w/Identifier is required.
+
+Refer to the Resource Locator object's definition in [Section 3.4.1].
 
 ##### 3.3.1.3 ECC And Binding Mode
 
@@ -303,29 +306,39 @@ This section describes embedded types that are used in multiple places in a
 The Resource Locator is a way for the nanotdf to represent references to
 external resources in as succinct a format as possible. 
 
-| Section       | Minimum Length (B)  | Maximum Length (B)  |
-|---------------|---------------------|---------------------|
-| Protocol Enum | 1                   | 1                   |
-| Body Length   | 1                   | 1                   |
-| Body          | 1                   | 255                 |
+| Section               | Minimum Length (B)  | Maximum Length (B)  |
+|-----------------------|---------------------|---------------------|
+| Protocol Enum         | 1                   | 1                   |
+| Body Length           | 1                   | 1                   |
+| Body                  | 1                   | 255                 |
+| Identifier (optional) | 0                   | 32                  |
 
-##### 3.4.1.1 Protocol Enum
+##### 3.4.1.1 Protocol Header
 
 [Section 3.4.1.1]: #3411-protocol-enum
 [Protocol Enum]: #3411-protocol-enum
 
 This is a single byte used to describe the protocol used to locate a resource. 
 The following are the available values:
 
-| Value   | Protocol                  |
-|---------|---------------------------|
-| `0x00`  | `http`                    |
-| `0x01`  | `https`                   |
-| `0x02`  | unreserved                |
-| `0xff`  | Shared Resource Directory |
+| Value      | Protocol                    |
+|------------|-----------------------------|
+| Bits 3-0   | Protocol Enum Value         |
+| `0x0`      | `http`                      |
+| `0x1`      | `https`                     |
+| `0x2`      | unreserved                  |
+| `0xf`      | Shared Resource Directory   |
+
+| Value      | Identifier                                               |
+|------------|----------------------------------------------------------|
+| Bits 7-4   | Used for lookups of KAS key, Remote Policy, Policy key   |
+| `0x0`      | None                                                     |
+| `0x1`      | 2 Byte                                                   |
+| `0x2`      | 8 Byte                                                   |
+| `0x3`      | 32 Byte                                                  |
 
 _Note: Any unlisted values are unreserved. Clients should consider their use
-an errorneous condition._
+an erroneous condition._
 
 ###### 3.4.1.1.1 The Shared Resource Directory
 
@@ -335,6 +348,8 @@ of their nanotdf. The shared resource directory at this time is still an
 experimental part of the nanotdf and is included in the documentation to support
 a minor update to the nanotdf in a subsequent specification. 
 
+Note is this specification version ( > `opentdf/spec` 4.3.0) the "Shared Resource Directory" flag has moved.
+
 ##### 3.4.1.2 Body Length
 
 The length of the Body that describes how to retrieve the Resource referenced by
@@ -419,7 +434,6 @@ The structure of this section is as follows:
 | Section                | Minimum Length (B) | Maximum Length (B)  |
 |------------------------|--------------------|---------------------|
 | Resource Locator       | 3                  | 257                 |
-| Ephemeral Public Key   | 33                 | 133                 |
 
 ###### 3.4.2.3.2.3.1 Resource Locator
 
@@ -879,4 +893,4 @@ fa ab 69 18 52 26 1b 2d 63 60 83 1a cb d5 f2 03 fb ef 17 f9
 
 ###### 6.2.6.1.8 Signature
 
-There is no signature in this example
+There is no signature in this example