search

eiffel-community / eiffel

The Eiffel framework vocabulary, descriptions, guides and schemas along with links to relevant implementation repositories.
Apache License 2.0
121 stars 59 forks source link

Representation of public key and signature in meta.security is underspecified #375

Open magnusbaeck opened 9 months ago

magnusbaeck commented 9 months ago

Description

The documentation of the meta.security.integrityProtection{publicKey,signature} fields doesn't specify the representation/encoding of the values. Are they expected to be hex strings? Or Base64? A complete PEM file? The schema itself doesn't give any guidance; the fields are just plain strings without any restrictions.

Data like this is typically expressed in Base64 and that's probably what the original spec author intended. It's also what the .NET SDK implementation has chosen.

The documentation is the important part, but we could also amend the schemas themselves to only allow the characters permitted in Base64 encoding, plus probably horizontal whitespace.

Motivation

Clarity for people implementing support for event signing in applications and SDKs.

Exemplification

N/A

Benefits

Clarity and unambiguity.

Possible Drawbacks

None.

e-backmark-ericsson commented 4 months ago

For reference, the public key was added to the meta.security object through PR #197, and was earlier discussed in issue #185.