[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: FW: [openc2-comment] OpenC2 Signature suggestion
This was received on the public comment channel. We are not required to accept input from non-members but we are allowed to if they are submitted to the public channel (this was) and any member thinks it would be useful. I (as sFractal)
think it is worthy of discussion by the language subcommittee so I am forwarding. If we have questions for Danny about this, they can be asked by replying to his email on the public channel. Duncan Sparrell sFractal Consulting LLC iPhone, iTypo, iApologize I welcome VSRE emails. Learn more at http://vsre.info/ From: <openc2-comment@lists.oasis-open.org> on behalf of "Martinez, Danny (HII-TSD)" <danny.martinez@hii-tsd.com> OpenC2 TC, This is my first time using this method, I hope it works as intended. Since my organization is temporarily no longer a member of Oasis I am using this method to make suggestions. Enclosed I have attached my "rough" suggestion for a signature scheme in OpenC2 in relation to LSC issue #363. The general suggestion involves detaching and attaching a signature field to a pre-made OpenC2 payload encompassing
headers and content as suggested by Dave Kemp in issue #353. Since the particular way in which a signature is applied is serialization dependent I suggest that we use best practices for each serialization and define what those are for OpenC2. In this case I utilized JSON
serialization as an example. The RFCs (JWS and JCS) referenced as best practice will be specific to JSON serialization only. PS: I know it needs a little something, but perhaps this will start that conversation. V/R Danny Martinez Principal Cyber Security Engineer HII Mission Driven Innovative Solutions (HII-MDIS) Technical Solutions Division 302 Sentinel Drive, Suite 300 | Annapolis Junction, MD 20701 Mobile (407) 257-0031 Confidentiality Statement: HUNTINGTON INGALLS INDUSTRIES PROPRIETARY - This e-mail contains information proprietary or private to Huntington Ingalls Industries, Inc., and is not
to be disclosed to, copied by, or used in any manner by others without the prior express, written permission. If you are not the intended recipient, please delete without copying and kindly advise the sender by e-mail of the mistake in delivery. |
Attachment:
OpenC2 Message Signature.docx
Description: OpenC2 Message Signature.docx
-- This publicly archived list offers a means to provide input to the OASIS Open Command and Control (OpenC2) TC. In order to verify user consent to the Feedback License terms and to minimize spam in the list archive, subscription is required before posting. Subscribe: openc2-comment-subscribe@lists.oasis-open.org Unsubscribe: openc2-comment-unsubscribe@lists.oasis-open.org List help: openc2-comment-help@lists.oasis-open.org List archive: http://lists.oasis-open.org/archives/openc2-comment/ Feedback License: http://www.oasis-open.org/who/ipr/feedback_license.pdf List Guidelines: http://www.oasis-open.org/maillists/guidelines.php Committee: http://www.oasis-open.org/committees/openc2/ Join OASIS: http://www.oasis-open.org/join/
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]