-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathoetp-ri-scheme.txt
36 lines (34 loc) · 3.59 KB
/
oetp-ri-scheme.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
Resource Identifier (RI) Scheme name: oetp
Status: provisional
Scheme syntax:
oetp://<hash> (Where integrity <hash> is the SHA3-512 string generated during the disclosure process)
oetp://<component>@<alias>[:<disclosure>] (Where <component> is the ID assigned via Disclosure Identity Provider under its <alias> during the first disclosure.)
oetp://<domain>[:<disclosure>] (For verified domains (DV), disclosure could be accessed using <productDomain> instead of <componentID>@<generatorAlias>.)
example: oetp://156d624b8f2dbea87128a2147f255842652475c5dc595c79f64c90c7ff486d59007c3e18c993e3163395812e26b70ea70dfc413f7ca128869d115f12e5699bf2 (accessing disclosure directly via its known integrity <hash>)
example: oetp://limejam.com:954c3f63-73ac-4261-8b77-a40cf0ea0f13 (<disclosure>=”954c3f63-73ac-4261-8b77-a40cf0ea0f13” for the product with <domain>=”limejam.com”)
example: oetp://68ff9aad-fa28-45fe-ac9b-61823385ccc0@oe:last (last disclosure for the <component>=”68ff9aad-fa28-45fe-ac9b-61823385ccc0”, generated via Disclosure Identity Provider with <alias>=”oe” )
Scheme semantics:
Load a disclosure for a product or a component.
Encoding considerations:
The scheme permits the use of non-ASCII characters and accepts IDN (Internationalized domain names) in <domain>. The other elements of the scheme should follow the ASCII encoding. When performing lookup, the domain segment of the schema is converted to ASCII. The ASCII representation starts with the prefix "xn--" and is followed by the domain name segment encoded as Punycode [4,5]. Example: for the "домен.укр" cyryllic domain, the URI "oetp://домен.укр:7df2933d-2de6-445b-b392-17bfb6d989c2" will be looked up as "oetp://xn--d1acufc.xn--j1amh:7df2933d-2de6-445b-b392-17bfb6d989c2" and for emoji domain "oetp://😉.to" will be looked up as "oetp://xn--n28h.to". In case of Right-to-Left scripts it's suggested to follow [6].
Applications/protocols that use this scheme name:
Open Ethics is currently implementing the scheme to be used with Open Ethics Transparency Protocol (OETP) [1] to access disclosures for software products and their components, as well as to access disclosures for public surveillance locations [2] to improve transparency. The working repository for the documentation is publicly available [3].
Interoperability considerations:
Unknown, use with care.
Security considerations:
- Domain validation for the use of <domain> in the scheme syntax does not assure that any particular legal entity is connected to the domain, even if the domain name may imply a particular legal entity controls the domain. Use with care.
- Introduction of the oetp scheme may help to address potential spoofing risks by providing users with the URI to check whether particular disclosure exists. See security section 4 in [1].
- Introduction of the oetp scheme may help to address potential falsification risks by decentralizing disclosure verifications. See security section 4 in [1]. Additional reflection required realize distributed verification of different disclosure elements.
Contact:
Registering party: Nikita Lukianets <[email protected]>
Scheme creator: Open Ethics Initiative
Author/Change controller:
Either the registering party or someone who is verified to represent the scheme creator. See previous answer.
References:
[1]: https://openethics.ai/oetp/
[2]: https://openethics.ai/public-surveillance-transparency/
[3]: https://github.com/OpenEthicsAI/OETP-RI-scheme
[4]: https://www.rfc-editor.org/rfc/rfc3492
[5]: https://www.rfc-editor.org/rfc/rfc5890
[6]: https://www.rfc-editor.org/rfc/rfc5893
(file created 2022-07-31)