-
Notifications
You must be signed in to change notification settings - Fork 63
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WIP: TD Signatures #1151
WIP: TD Signatures #1151
Conversation
I've been thinking about our discussion around signing, canonicalization, and named objects (security schemes, data schemas) and round-tripping and have the following comments:
As a short-term fix, I'm thinking of adding an "expansion" step to the signing process. In the new process, a signer/validator would first canonicalize the TD (resulting in a "compact" form as currently defined), then "expand" it (resulting in a JSON-LD document that would not technically be a TD... but it would only appear internally in the signing process), then do queries and the rest of the current signature generation process. I will proceed with updating the PR in this fashion. Later on, if we do allow inlined objects, we can define the "Expanded Canonical TD" (in addition to the current "Canonical TD", which I think we should keep, as it would be more "compact") and use it for signing directly. |
hmmm... for the purpose of signatures, "Expanded Form" may also want to remove relative URLs and express everything using absolute URLs, and remove "base". Is there any reason we should not do this? On the one hand, it would make it easier to prevent changes to URLS by signing just the interactions. On the other hand, we may WANT to be able to separately sign the base and the relative endpoint URLs (e.g. if the base is an IP address assigned by a DHCP server and is subject to change). I think for now I will NOT expand URLs. |
New problems noted:
|
Recent updates:
|
Next up, I wanted to figure out how to do keys. Rather than reinvent the wheel, my basic plan is to include JWS header values in the Signature object, then update the spec to generate the "sig" value using JWS, including steps like base64url encoding the header and payload. This sounds more complicated than it is, because the goal is to reuse tested JWS libraries, so the input text to be signed would just be the JCS form of the signedInfo object (with digests filled in) and we could lean on the JWS spec for details of signing and validation. JWS specifies various header parameters for specifying keys. These parameters can either embed keys directly or refer to external keys or key sets using URLs. Keys can be represented using X.509 certs or a JWK or a JWK set (then using an id to select a key from that JWK set). A JWK basically includes the same parameters as the JWS, plus a few more for allowable usages. There is also support for encrypted keys. Anyway, I want to avoid specifying my own ontology for this, so went to see if one is available. There IS one, being developed by the same guys doing DID, but it is unfortunately only a CG draft at this point: https://w3c-ccg.github.io/security-vocab/ Since JWK embeds the same parameters as JWS I think the simplest solution is just to support the (very small) subset of JWS that references an element of an external JWK set and NOT embed keys in Signature objects. It would also be possible in theory to embed a JWK set in a TD but the occasional need for encrypted keys and the immaturity of the ontology is giving me pause. So I won't suggest doing that either. Therefore my plan is to JUST add the "jku" and "kid" fields for JWS to the Signature object, and require reference therefore to EXTERNAL keys in a JWK Set. The jku field would have to be a secure external absolute URL (https://...) and the kid would be a string indexing into the KWS set. I can specify the types for these directly in the wotsec ontology, avoiding the need for a complex external ontology for JWK or the risks associated with encoding keys directly in a TD. |
Added jku and kid as discussed. Since JWS includes the header, I may be able to simplify other steps like inserting the template Signature into the TD prior to running the query. I'll review the JWS spec and confirm that the header is included in the Signature, and if it is I will remove this requirement, the validation exception, etc. |
Signing procedure can be simplified since the JWS includes the header information as part of its definition. Current version works, it is just (slightly) more complicated than it needs to be. |
Open question: currently only external keys can be referenced. Do we have any use cases that NEED (public) keys/certs to be included IN the TD? Basically, doing only a subset of JWS, since doing the whole thing will require a much more complex vocabulary. So I want to confirm that the subset we are doing is appropriate. |
Review comments for https://pr-preview.s3.amazonaws.com/w3c/wot-thing-description/1151/075fcc6...mmccool:3daee68.html#sec-security-vocabulary-definition:
But I have difficulties in mapping other critical items esp. reference (String) and SignedInfo. Since xs:Reference and xs:SignedInfo are keys to the functional premium of XML Signature over JWS their conceptual mapping in TD Signature would be important to describe
|
I like to discuss this PR in today's TD call. It would be great also to see some TD examples that uses the TD signature approach. This should be also included in the TD spec for better understanding. |
@OliverPfaff thanks for your review! Regarding the names of various things, those can certainly be changed if better alternatives can be found. As noted above “Signature” also conflicts with its use for a different purpose elsewhere in the spec. Rather than “Signature Object” however, I was considering “Proofs” to align with LD-Proofs. I’ll have to think more about the other terminology points noted… Re “should this be a separate spec”: well, I expect there WILL eventually be a spec for JSON-LD documents more generally that we may also want yo support in the future. But that will require RDF processing to compute/validate. So the gap here is an “enveloped” signature for JSON which we indeed might want to bring to the JOSE community. Implementations are of course needed. My understanding is canonicalization is being implemented and after that computing signatures can be done using a TD Directory to collect the appropriate fragments (resolving JSON queries) and exist JWS libraries… Anyway, hopefully you can attend Monday’s meeting and we can discuss concrete improvements and/or alternatives then. |
Discussion in Security call:
Actions:
Update: moved these actions to an issue, see w3c/wot-ejs#10, to make their completion easier to track. |
See w3c/wot-security-best-practices#14 - there might be use cases for EJS in data returned by WoT Things, not just TDs (although TDs are data returned by a TDD and a TDD is a Thing so...) |
from today's TD call:
|
@mmccool and @sebastiankb I've just created a dedicated repo named wot-ejs for that purpose :) |
To clarify though: there is NOT currently a version of this being developed at IETF. But that's where it should be developed, and we want to avoid a potential future conflict. So we're spinning this off with the intention of developing it further elsewhere, possibly at IETF. |
Initial definition of TD Signatures
TO DO:
Canonicalization needs to be defined over Partial TDs (easy) but ideally TD Fragments (maybe; harder)Do canonicalization (and expansion) first.Preview | Diff