Add input schema for api sources

starlinglab / integrity-schema

Schemas for authenticated metadata used in the Starling Integrity framework.

MIT License

0 stars 2 forks source link

Add input schema for api sources #5

Closed benhylau closed 2 years ago

benhylau commented 2 years ago

This is for "api sources":

Starling Capture
ProofMode zip via Signal

For Starling Capture, @makeworld-the-better-one I wonder if we can base64-encode the meta so the decoded part will verify. The alternative is to escape the " so the content is treated as string, not JSON, however I feel it's still not very robust. It's better if the result of base64-decode verifies the sig. Thoughts?

For ProofMode, I am assuming the POST handler unzips the delivered file, and archives the image after pulling out metadata from the ProofMode sections, transforming them into our metadata dict.

makew0rld commented 2 years ago

For Starling Capture, @makeworld-the-better-one I wonder if we can base64-encode the meta so the decoded part will verify. The alternative is to escape the " so the content is treated as string, not JSON, however I feel it's still not very robust. It's better if the result of base64-decode verifies the sig. Thoughts?

Either makes sense to me. I've only even seen the escaping method done, but I don't think it matters, and I see how base64 is more robust from a human perspective. The only downside is the extra size, 33% inflated as compared to ~13%. But I don't think the size difference really matters for us.

benhylau commented 2 years ago

@YurkoWasHere our proofmode schema changed so much. I think we should take a prod schema, and replace the two proofmode files here with the prod ones, then tag v0.0.1 and scmp_ce-election-2022.

What do you think?