Contract No.: 285248 Strategic Objective
Download 1.78 Mb.
|
- Navigate this page:
- 24FIWARE OpenSpecification Security Optional Security Enablers ContentBasedSecurity Open RESTful API Specification
- How to Read This Document
- 24.1.2General CBS API Information
- Authentication Users authenticate using Basic or Digest authentication prior to accessing the service. Representation Format
- Representation Transport
- Limits Limits are not yet specified for Version 1 of the Content Based Security GE. Versions
- Type: UnprotectedContainer
- Type: ProtectedContainer
- Request POST //{serverRoot}/fiware.cbs.producer.service.webapp/api/cbss/protect Request Parameters
- Example Response (Success)
- Example Response (Failure)
- Request Body A representation of the protected container from which the CBSS will remove protection. Response
24FIWARE OpenSpecification Security Optional Security Enablers ContentBasedSecurity Open RESTful API Specification24.1.1Introduction to the Content Based Security GE APIPlease check the Legal Notice to understand the rights to use FI-WARE Open Specifications. Content Based Security API CoreThe Content Based Security (CBS) API provides services that encrypt, decrypt, sign and verify data. It is a RESTful API accessed via HTTP that uses XML-based and JSON-based representations for information interchange. Note that data to be protected need not be either XML or JSON. Intended AudienceThis specification is intended for software developers and reimplementers of this API. For the former, this document provides a full specification of how to interoperate with the Content Based Security API to encrypt, sign, decrypt and/or verify data. For the latter, this specification describes the interface to be provided to allow clients to interoperate with the Content Based Security. In order to use this specification, the reader should first have a general understanding of the Content Based Security Optional Generic Enabler supporting the API. Throughout this specification it is assumed that the reader is familiar with:
API Change HistoryCurrent version is: Version 1.0.0, 15/4/2013 This version of the Content Based Security API Guide replaces and obsoletes all previous versions. The most recent changes are described in the table below:
How to Read This DocumentAll FI-WARE RESTful API specifications will follow the same list of conventions and will support certain common aspects. Please check Common aspects in FI-WARE Open Restful API Specifications. For a description of some terms used along this document, see FIWARE.ArchitectureDescription.Security.Optional Security Enablers.ContentBasedSecurity Additional ResourcesYou can download the most current version of this document from the FIWARE API specification website at FIWARE.OpenSpecification.Security.Optional Security Enablers.ContentBasedSecurity.Open RESTful API Specification. For more details about the Content Based Security Service that this API is based upon, please refer to FIWARE.ArchitectureDescription.Security.Optional Security Enablers.ContentBasedSecurity. 24.1.2General CBS API InformationResources SummaryThe mapping of CBS functionality to a resource tree is shown in the figure below. 
AuthenticationUsers authenticate using Basic or Digest authentication prior to accessing the service. Representation FormatThe Content Based Security API supports the transmission of XML and JSON documents. The request format is specified using the Content-Type header and is required for operations that have a request body. The response format can be specified in requests using the Accept header. Representation TransportResource representation is transmitted between client and server by using HTTP 1.1 protocol, as defined by IETF RFC-2616. Each time an HTTP request contains payload, a Content-Type header shall be used to specify the MIME type of the wrapped representation. In addition, both client and server may use as many HTTP headers as they consider necessary. LimitsLimits are not yet specified for Version 1 of the Content Based Security GE. VersionsQuerying the version is not supported in Version 1 of the Content Based Security GE. ExtensionsQuerying extensions is not supported in Version 1 of the Content Based Security GE. Faults
24.1.3Data TypesThis subsection describes the data structures used in the Content Based Security API. Type: UnprotectedContainerA data type representing an unprotected data container (i.e. before encryption and/or signing have been applied).
Type: ProtectedContainerA data type representing a protected container (i.e. after encrypting and/or signing).
Type: KeyValueThe KeyValue type is used in container headers and metadata to map a key to a value. The key name is used as the element name, while the value is the element content.
24.1.4API OperationsIn this section we describe each operation in depth. The operations are divided into two functions: CBS Producer and CBS Consumer. The CBS Producer functionality performs encryption and/or signs the provided data. The CBS Consumer decrypts and/or verifies the signature on the provided container. CBS ProducerRequestPOST //{serverRoot}/fiware.cbs.producer.service.webapp/api/cbss/protect Request ParametersNone. Request BodyA representation of the unprotected container to which the CBSS will apply protection. Response200 OK – The request was successful. The response body contains a representation of the protected container. 403 Forbidden - The user was not authorised to protect the data Example RequestXML request: POST /api/cbss/protect HTTP/1.1 Accept: application/xml Content-type: application/xml ...
...
TWFuIGlzIGRpc3Rpbmd1a... JSON request: POST /api/cbss/protect HTTP/1.1 Accept: application/json Content-type: application/json { "mode":"SIGN_THEN_ENCRYPT", "headers":{ "key":"value", ... },
"key":"value", ...
}, "payload":"TWFuIGlzIGRpc3Rpbmd1a..." }
HTTP/1.1 200 OK Content-Type: application/xml
dWVkIGFuZCBpbmRlZmF0aWdhY... JSON response: HTTP/1.1 200 OK Content-Type: application/json { "protectedContainer":" dWVkIGFuZCBpbmRlZmF0aWdhY..." } Example Response (Failure)If the installed rule set does not permit the client to make the request, the following response will be returned: HTTP/1.1 403 Forbidden Encrypt failed (not authorised).
CBS ConsumerRequestPOST //{serverRoot}/fiware.cbs.consumer.service.webapp/api/cbss/unprotect Request ParametersNone. Request BodyA representation of the protected container from which the CBSS will remove protection. Response200 OK – The request was successful. The response body contains a representation of the unprotected container. 400 Bad Request - The signature verification failed. 403 Forbidden - The user was not authorised to remove protection from the data.
Example RequestXML request: POST /api/cbss/unprotect Accept: application/xml Content-Type: application/xml dWVkIGFuZCBpbmRlZmF0aWdhY... JSON request: POST /api/cbss/unprotect HTTP/1.1 Accept: application/json Content-type: application/json { "protectedContainer":" dWVkIGFuZCBpbmRlZmF0aWdhY..." } Example Response (Success)XML response: HTTP/1.1 200 OK Content-Type: application/xml
...
...
TWFuIGlzIGRpc3Rpbmd1a... JSON response: HTTP/1.1 200 OK Content-Type: application/json { "mode":"SIGN_THEN_ENCRYPT", "headers":{ "key":"value", ... },
"key":"value", ...
}, "payload":"TWFuIGlzIGRpc3Rpbmd1a..." }
Example Response (Failure)If the installed rule set does not permit the client to make the request, the following response will be returned: HTTP/1.1 403 Forbidden Decrypt failed (not authorised). If the signature verification failed, the following response will be returned: HTTP/1.1 400 Bad request Signature verification failed. Download 1.78 Mb. Share with your friends:
|