Comments (11)
@chicco785
The Data Transfer Header by definition MUST follow the IDSA Datamodel and must be serialized in JSON-LD...
I appreciate the from Andrea to Base64-encode the complete JSON string. This should solve the problem of escaping, right? We can change the definitions in IDSA if we agree upon, currently it is only us to push the header solution.
from boost.
The same of course for the signature part... and additionally mentioning UTF-8 as character Set.
Well done, and quick :-)
from boost.
a) Just adding the IDS header part from the multipart-messages as an additional header to the original HTTP Call (the content of the header-Header is matching the example from 4.4.2 2. QueryMessage):
The additional header-HTTP-Header follows the extension-header mechanism that allows additional entity-header fields to be defined without changing the protocol (https://www.rfc-editor.org/rfc/pdfrfc/rfc2616.txt.pdf - section 7.1). The value of the header-HTTP-Header must be formatted as a quoted-string containing qdtext escaping the forbidden " VCHAR to a quoted-pair " (https://tools.ietf.org/html/rfc7230 - section 3.2.6).
from boost.
The creation of the content of the header-Header is pre-created in the ballerina script.
It contains all steps to obtain the securityToken (first create own JWT and then obtain DAT from DAPS).
Explanations to the other fields are following soon.
There are some unique IDs for reference,
some timestamps
and some data to be parameterized during creation (modelVersion with Updates ca. each year and IssuerConnector individual for each connector).
from boost.
@gboege having a header containing JSON is not really optimal and raise several encoding issues. What's the rational?
from boost.
See #13
from boost.
@gboege thanks for clarifying :-)
Base64-encode the complete JSON string
This would make our life much easier. In fact, handling HTTP header values correctly has historically been a source of headaches for many before us. In particular, even Go built-in libs seem to have trouble with quoted values, e.g. something like header: "{\"url\": \"http:\/\/golang\"}"
---see comments to #13. Also, if there's any escaping in the original JSON doc, we'd have to handle that too---which I'm not doing at the moment, just pushed my code to the dev
branch, have a look at orionadapter/sec/tokenrep.go
.
So this looks like a slippery road downhill. Any chance we can push for the IDS header value to be Base 64 encoded e.g. a header value of
{
"@type": "ids:QueryMessage",
"id": "http://industrialdataspace.org/queryMessage/1a421b8c-3407-44a8-aeb9-253f145c869a",
"issued": "2019-10-25T15:35:34.589Z",
"modelVersion": "2.1.0",
"issuerConnector": "https://companyA.com/connector/59a68243-dd96-4c8d-88a9-0f0e03e13b1b",
"securityToken": {
"@type": "ids:DynamicAttributeToken",
"tokenFormat": "https://w3id.org/idsa/code/tokenformat/JWT",
"tokenValue": "my.fat.jws"
}
}
would be sent over the wire as
header: ewoJIkB0eXBlIjogImlkczpRdWVyeU1lc3NhZ2UiLAoJImlkIjogImh0dHA6Ly9pbmR1c3RyaWFsZGF0YXNwYWNlLm9yZy9xdWVyeU1lc3NhZ2UvMWE0MjFiOGMtMzQwNy00NGE4LWFlYjktMjUzZjE0NWM4NjlhIiwKCSJpc3N1ZWQiOiAiMjAxOS0xMC0yNVQxNTozNTozNC41ODlaIiwKCSJtb2RlbFZlcnNpb24iOiAiMi4xLjAiLAoJImlzc3VlckNvbm5lY3RvciI6ICJodHRwczovL2NvbXBhbnlBLmNvbS9jb25uZWN0b3IvNTlhNjgyNDMtZGQ5Ni00YzhkLTg4YTktMGYwZTAzZTEzYjFiIiwKCSJzZWN1cml0eVRva2VuIjogewoJCSJAdHlwZSI6ICJpZHM6RHluYW1pY0F0dHJpYnV0ZVRva2VuIiwKCQkidG9rZW5Gb3JtYXQiOiAiaHR0cHM6Ly93M2lkLm9yZy9pZHNhL2NvZGUvdG9rZW5mb3JtYXQvSldUIiwKCQkidG9rZW5WYWx1ZSI6ICJteS5mYXQuandzIgoJfQp9
This should solve the problem of escaping, right?
Yes as well as double-escaping nightmares if there's any escaping in the original JSON doc.
from boost.
I will change the IDS documentation accordingly. Probably the much better way. Thanks for raising attention and making the solution better as a team.
from boost.
awe, rock on! going to reimplement using base 64 then :-)
from boost.
IDSA-Documents already changed:
from boost.
implemented by #16.
from boost.
Related Issues (20)
- Robust handling of HTTP header values HOT 3
- JWT validation false positives HOT 9
- IDSA keys storage in k8s secrets HOT 3
- Bidirectional Connector: Provider/Consumer HOT 1
- Broker and SelfDeclaration Service
- Check process with new generated token in Paw/Postman
- Create simple XACML Permission call HOT 1
- Better names for keys/certs HOT 1
- Create a HTTP Client as Consumer for Provider Connector HOT 1
- Ditch extra key settings HOT 1
- Dynamic HTTP header for outbound traffic HOT 3
- Better docs HOT 1
- Create KeyRock/AuthZForce in Rancher/k8s
- The Orion sidecar tale of woe HOT 6
- Doomsday?! HOT 1
- Round of refactoring HOT 1
- Mixer caching fun HOT 1
- Updated XACML Requests based on header Object in current version HOT 3
- Adapter config cache miss HOT 3
- AuthZ authentication
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from boost.