cyberphone/saturn

Extended hosting support

cyberphone opened this issue · 1 comments

cyberphone commented

It might be useful having yet another indirection option, where PayeeAuthority either contains providerAuthorityUrl or an hostingProviderUrl pointing to a new object HostingAuthority.

If the latter is defined a public key suffice for Signature since the vouching is anyway provided by the ProviderAuthority object.

A HostingAuthority object would consists of:

  • authorityUrl
  • providerAuthorityUrl
  • commonName
  • id
  • publicKey
  • timeStamp
  • expires

and be signed by the provider (PKI).

The purpose of this is enabling hosting services support multiple merchant with very little fuzz.

.

cyberphone commented

It turned out that there was an even simpler solution.

Published by a hosting provider:

{
    "@context": "http://webpki.org/saturn/v3",
    "@qualifier": "PayeeAuthority",
    "authorityUrl": "https://secure.hosting.com/payees/86344",
    "providerAuthorityUrl": "https://payments.bigbank.com/authority",
    "homePage": "https://demomerchant.com",
    "commonName": "Demo Merchant",
    "id": "86344",
    "signatureParameters": [{
        "algorithm": "ES256",
        "publicKey": {
            "kty": "EC",
            "crv": "P-256",
            "x": "rZ344aiTaOATmLBOdfYThvnQu_zyB1aJZrbbbks2P9I",
            "y": "lKOvfJdgN8WqEbXMDYPRSMsPicm0Tk10pmer9LxvxLg"
        }
    }],
    "timeStamp": "2017-09-09T17:43:51Z",
    "expires": "2017-09-09T18:43:52Z",
    "signature": {
        "algorithm": "ES256",
        "publicKey": {
            "kty": "EC",
            "crv": "P-256",
            "x": "hFLd8rpEZkYnKG18812GbQB8awX8mPgrLouEISsqWhc",
            "y": "3uBZ3uZd_RDEDklA8ZUK0_mgY2gA64_QQLqV3D8pvPM"
        },
        "value": "_XIWR_TFeA9tZ6tP-45VYFJDKioP5 ... JRxm8TRr_m8slCJQwR3zxw"
    }
}

Published by a payment provider(bank):

{
    "@context": "http://webpki.org/saturn/v3",
    "@qualifier": "ProviderAuthority",
    "httpVersion": "HTTP/1.1",
    "authorityUrl": "https://payments.bigbank.com/authority",
    "homePage": "https://bigbank.com",
    "serviceUrl": "https://payments.bigbank.com/service",
    "paymentMethods": ["https://swift.com","https://ultragiro.se"],
    "signatureProfiles": ["http://webpki.org/saturn/v3/signatures#P-256.ES256"],
    "encryptionParameters": [{
        "dataEncryptionAlgorithm": "A128CBC-HS256",
        "keyEncryptionAlgorithm": "ECDH-ES",
        "publicKey": {
            "kty": "EC",
            "crv": "P-256",
            "x": "DOOwVwUyNdgu4dZ9Ej7pg9j4SDLfGlrzoWso2DIz6ts",
            "y": "WF7ZApRPkbigS4iNoz5-SgPYU-_4891TwHJr-fU4d1w"
        }
    }],
    "hostingProvider": {
        "homePage": "https://hosting.com",
        "publicKey": {
            "kty": "EC",
            "crv": "P-256",
            "x": "hFLd8rpEZkYnKG18812GbQB8awX8mPgrLouEISsqWhc",
            "y": "3uBZ3uZd_RDEDklA8ZUK0_mgY2gA64_QQLqV3D8pvPM"
        }
    },
    "timeStamp": "2017-09-09T17:39:35Z",
    "expires": "2017-09-09T18:39:36Z",
    "signature": {
        "algorithm": "ES256",
        "signerCertificate": {
            "issuer": "CN=Payment Network Sub CA3,C=EU",
            "serialNumber": "1461174554959",
            "subject": "CN=Big Bank,2.5.4.5=#1306383936363430,C=DE"
        },
        "certificatePath": [
            "MIIBtTCCAVmgA ... 2r67iG_MsApiD3jFnqaJhxCZ",
            "MIIDcjCCAVqgAwIB ... 5ZxVhvpP_We_-5TddhlTUMNPvw"
        ],
        "value": "jMk7tXndqg1diWO4jcgEbNO_RiB ... jBD5sVU5wMU6A0Uwl27vW33A"
    }
}

The new optional element hostingProvider offers one extra level of indirection to support an external entity hosting multiple merchants.