文件列表:

CONTRIBUTING.md (3099, 2022-04-30)
LICENSE (1075, 2022-04-30)
VERSION (6, 2022-04-30)
api (0, 2022-04-30)
api\entitlement-api.yaml (4035, 2022-04-30)
api\kas-api.yaml (7807, 2022-04-30)
diagrams (0, 2022-04-30)
diagrams\OIDC_brokered_auth.png (235185, 2022-04-30)
diagrams\OIDC_direct_auth.png (197998, 2022-04-30)
diagrams\OIDC_direct_auth_decrypt.png (198175, 2022-04-30)
diagrams\OIDC_token_exchange.png (235053, 2022-04-30)
diagrams\arch.png (24267, 2022-04-30)
diagrams\decryptWorkflow.png (74013, 2022-04-30)
diagrams\encryptWorkflow.png (77927, 2022-04-30)
diagrams\offlineDecryptWorkflow.png (87405, 2022-04-30)
diagrams\offlineEncryptWorkflow.png (48293, 2022-04-30)
protocol (0, 2022-04-30)
schema (0, 2022-04-30)
schema\AttributeObject.md (2935, 2022-04-30)
schema\ClaimsObject.md (4258, 2022-04-30)
schema\EntitlementObject.md (1899, 2022-04-30)
schema\HtmlProtocolExample.html (18685, 2022-04-30)
schema\KeyAccessObject.md (3613, 2022-04-30)
schema\PolicyObject.md (1954, 2022-04-30)
schema\manifest-json.md (8605, 2022-04-30)
schema\test (0, 2022-04-30)

# DEPRECATED Has been re-homed to https://github.com/opentdf/spec/ --- # Trusted Data Format Specification Trusted Data Format (TDF) is an Open, Interoperable, JSON encoded data format for implementing Data Centric Security for objects (such as files or emails). This repository specifies the protocols and schemas required for TDF operation. Versioning of this spec follows the [Semver standard](https://semver.org/). The latest major version of the TDF spec and corresponding protocol is TDF 3.x.x. ## Documentation * [Schema](schema/) - Schema definitions for common TDF data objects. * [Protocol](protocol/) - High-level design of the TDF architecture and process workflows. ## Contributions Please see the [contribution guidelines](CONTRIBUTING.md) for proposing changes and submitting feedback. ## Features and Capabilities ### 1. Strong Encryption TDF supports strong encryption of the data as well as strong protections for the encryption keys. ### 2. Attribute Based Access Control (ABAC) TDF protocol supports ABAC. This allows TDF protocol to implement policy driven and highly scalable access control mechanism. ### 3. Control TDF allows the data owner (or org's administrator) to revoke or expire access to data, even after it has left your org's boundaries. ### 4. End to end auditability TDF protocol and infrastructure enables logging every key request - effectively adding the most reliable auditing and tracking of access requests. ### 5. Streaming and Support for Large Files `New in TDF3` TDF supports protection (encryption and decryption) of very large files. This is done by supporting streaming. ### 6. Policy Binding `New in TDF3` TDF format provides support for cryptographic binding between payload and metadata via public key-based signatures. This guarantees that the Policy Object has not been tampered with. ### 6. Offline Create `New in TDF3` Thanks to the assurances provided by `Policy Binding` described above, TDF-enabled clients can create TDFs without actively connecting to the key server (in other words, no access to the internet). The offline created TDF can be sent to anyone via offline methods or when the device has access to internet again. ### 7. Key Server Federation `New in TDF3` Multiple KAS servers, each hosted by a different organization, can jointly control access to a TDF file. This enables organizations to jointly own, control, audit files in a zero trust manner. ## Meet TDF A TDF file at rest can be in one of the two forms: * As a Zip file with extension of `.tdf`. For example, if you are trying to protect a file named `demo.jpeg`, the file will be stored as `demo.jpeg.tdf` after encryption. * As a HTML file with extension of `.html`. For example, if you are trying to protect a file named `demo.jpeg`, the file will be stored as `demo.jpeg.html` after encryption. An example HTML file is (here)[https://github.com/virtru/tdf3-spec/blob/master/schema/HtmlProtocolExample.html]. ### Components of a TDF file Irrespective of whether the TDF file is composed as a Zip or HTML, there are always two components in a TDF file: * A `manifest.json` component. The `manifest.json` data structure has all the information anyone would need to request access to decryption key. Be sure to check out the [TDF3 Schemas](schema/) for a detailed reference on `manifest.json` * Encrypted Payload component. This is simply the encrypted version of the object (say a file or email) being protected.  _TDF composed as Zip and HTML file._ ### Principle Elements in manifest.json file There are three principle element types within a TDF's `manifest.json` component: * Encryption Information: for encrypting, signing, or integrity binding of Payloads and Assertions * Payload Reference(s): reference(s) to the encrypted payload * Assertion(s): statement(s) about payload(s); this is optional and not shown below.  _A TDF file with manifest.json component and encrypted payload component._ ## What's new in TDF3? A deeper look. TDF's newest version, TDF3 adds powerful new features on top of existing capabilities. Below is a summary of what capabilities are unlocked by each new top level element within encryption information. ### 1. Streaming and Support for Large Files" In order to support large file use cases, including streamability with high integrity, we added integrityInformation as an element to Encryption Information. Below is a look at what it looks like in TDF3 `manifest.json` file.  ### 2. Policy Binding and Offline Create With embedding cryptographically bound policy and wrapped keys, we enable a high assurance key server.  ### 3. Key Server Federation Want to protect files such that two (or more) organizations control the keys? It is now possible with TDF3. [keyAccess](schema/KeyAccessObject.md) object in particular allows for array of objects, which can allow for multiple KAS servers to participate in an object key grant.

近期下载者：

相关文件：

评论：[我要评论] [举报此文件]

收藏者：