Skip to content

Commit 7524d4b

Browse files
glpatcernglpatcern
committed
Prescribe use of JWS for Directory Service
1 parent 7a3cf42 commit 7524d4b

File tree

1 file changed

+26
-18
lines changed

1 file changed

+26
-18
lines changed

IETF-RFC.md

Lines changed: 26 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -1197,6 +1197,9 @@ https://datatracker.ietf.org/html/rfc6749)", October 2012.
11971197
[RFC8615] Nottingham, M. "[Well-Known Uniform Resource Identifiers
11981198
(URIs)](https://datatracker.ietf.org/doc/html/rfc8615)", May 2019
11991199

1200+
[RFC7515] Jones, M., Bradley, J., Sakimura, N., "[JSON Web Signature
1201+
(JWS)](https://datatracker.ietf.org/doc/html/rfc7515), May 2015."
1202+
12001203

12011204
# Appendix A: Multi-factor Authentication
12021205

@@ -1355,8 +1358,9 @@ request.
13551358

13561359
A third-party Directory Service is a back-end service used to federate
13571360
multiple OCM Servers and facilitate the Invite flow. It is expected to
1358-
expose, via anonymous HTTP GET, a JSON document with the following
1359-
format:
1361+
expose, via anonymous HTTPS GET, a signed JWS document [RFC7515], where
1362+
the signature MUST be made available offline and the payload MUST
1363+
adhere to the following format:
13601364

13611365
* REQUIRED: `federation` - a human-readable name for the list of OCM
13621366
Servers exposed by the Directory Service
@@ -1372,25 +1376,29 @@ format:
13721376
- MUST NOT include userinfo, query, or fragment
13731377
- REQUIRED: `displayName` - a human-readable name
13741378
for the OCM Server
1375-
Example:
1379+
Example:
13761380

13771381
```json
13781382
{
1379-
"federation": "The ScienceMesh Directory",
1380-
"servers": [
1381-
{
1382-
"url": "https://ocm-server-1.example.org",
1383-
"displayName": "OCM Server 1"
1384-
},
1385-
{
1386-
"url": "https://ocm-server-2.example.org:4443",
1387-
"displayName": "OCM Server 2"
1388-
},
1389-
{
1390-
"url": "http://192.168.1.1:8080",
1391-
"displayName": "OCM Server 3"
1392-
}
1393-
]
1383+
"payload": {
1384+
"federation": "The ScienceMesh Directory",
1385+
"servers": [
1386+
{
1387+
"url": "https://ocm-server-1.example.org",
1388+
"displayName": "OCM Server 1"
1389+
},
1390+
{
1391+
"url": "https://ocm-server-2.example.org:4443",
1392+
"displayName": "OCM Server 2"
1393+
},
1394+
{
1395+
"url": "http://192.168.1.1:8080",
1396+
"displayName": "OCM Server 3"
1397+
}
1398+
]
1399+
},
1400+
"protected": {"alg": "RS256"},
1401+
"signature": "..."
13941402
}
13951403
```
13961404

0 commit comments

Comments
 (0)