From bc36fcfda64861822499925535550ddf4dad21da Mon Sep 17 00:00:00 2001 From: JloveUOA Date: Wed, 2 Oct 2024 14:20:11 +1300 Subject: [PATCH] grammar changes to some specifications --- EncryptedRO-Crate.svg | 2 +- ReadingEncryptedRO-Crate.svg | 2 +- index.md | 60 ++++++++++-------------------------- 3 files changed, 18 insertions(+), 46 deletions(-) diff --git a/EncryptedRO-Crate.svg b/EncryptedRO-Crate.svg index 44419e4..72f6454 100644 --- a/EncryptedRO-Crate.svg +++ b/EncryptedRO-Crate.svg @@ -1,4 +1,4 @@ -
Recipient
Recipient
"@id": "https://orcid.org/0000-0002-1825-0097"
"@id": "https://orcid.org/0000-0002-1825-00...
"@type": "Person"
"@type": "Person"
"email": "JCarberry@psychoceramics.brown.com"
"email": "JCarberry@psychoceramics.brown.co...
"keyserver": "https://keyserver.ubuntu.com"
"keyserver": "https://keyserver.ubuntu.com"
"pubkeyFingerprints": "985E471827FEF4D193C2CDBF65322C25ED00AB00"
"pubkeyFingerprints": "985E471827FEF4D193C2...
JSON serialization
"[            "@id": "#ExampleSensitiveDataBank",
            "@type": "BankAccount",
            "accountOverdraftLimit": "$50000000",
            "name": "Carberry Research Grant Account",
            "recipients": "https://orcid.org/0000-0002-1825-0097"
        },
        {
            "@id": "#ExampleSensitiveDataMedical",
            "@type": "MedicalCondition",
            "name": "Memory Bus Factor Syndrome",
            "naturalProgression": "full psychoceramic breakdown",
            "recipients": "https://orcid.org/0000-0002-1825-0097"
        }
]"
JSON serialization"[            "@id": "#ExampleSensiti...
PGP encrypted String
"-----BEGIN PGP MESSAGE-----


hF4Dy9uOJGGmSI4SAQdApZDEDcRWXvcYy
ndH3YQJDaY3bFtoiijAaYTw+g2sEsw\neY9h46E
eGo3KIyD61wu4sTJLUFCihFoLzb3jzJuNmGzTA
IIpZjwQSnZTmIOBf9+V\n1MBFAQkCENnCJLc
OhqgchWNkv2HcyrK+QVmRyICdK3DPaIPIJgz
gI6fjGB3Ck+mn2HYbr29p1PiKvijeJ8jEa4CD0D
XchjZzyQ8m5EDlZv9pscIwmYjppz0exyZKHBYa
SdGuI1xYcov3tdJNb87XspFq7e7Hg6E1K4x7E
WoxM33CJHFP0MeyMGIjx8qg\nnXQUCEEVa
fxn8jxHrj0wU5bu22EOxCoZwFCgQmKakYUz
9BUzcKB5zeEE5xx0wlL\noOs3+qKuXdPWYoV
IpLc6q7jhIeTZfcDrXXRWQBC2r8dhLjbTFHln1Y
kqCqv+fcCw\nUN7RhtYYK84q5PyS1iE5crquXr
Zaz1gd\n=rKbY\
-----END PGP MESSAGE-----"
PGP encrypted String...
EncryptedGraphMessage
EncryptedGraphMessage
"@id": "#Encrypted_Message985E471827FEF4D193C2CDBF65322C25ED00AB00"
"@id": "#Encrypted_Message985E471827FEF4D193C2CDBF65322C2...
"@type": ["SendAction","EncryptedGraphMessage"]
"@type": ["SendAction","EncryptedGraphMessage"]
"actionStatus": "PotentialActionStatus",
"actionStatus": "PotentialActionStatus",
"deliveryMethod": "https://doi.org/10.17487/RFC4880"
"deliveryMethod": "https://doi.org/10.17487/RFC4880"
"encryptedGraph": "-----BEGIN PGP MESSAGE-----\n\nhF4Dy9uOJGGmSI4SAQdApZDEDcRWXvcYyndH3YQJDaY3bFtoii/jAaYTw+g2sEsw\neY9h46EeGo3KIyD61wu4sTJLUFCihFoLzb3jzJuNmGzTAIIpZjwQSnZTmIOBf9+V\n1MBFAQkCENnCJLcOhqgchWNkv2HcyrK+//QVmRyICdK3DPaIPIJgzgI6fjGB3Ck+\nmn2HYbr29p1PiKv/ijeJ8jEa4CD0DXchjZzyQ8m5EDlZv9pscIwmYjppz0exyZKH\n/BYaSdGuI1xYcov3tdJNb87XspFq7e7Hg6E1K4x7EWoxM33CJHFP0MeyMGIjx8qg\nnXQUCEEVafxn8jxHrj0wU5bu22EOxCoZwFCgQmKakYUzs9BUzcKB5zeEE5xx0wlL\noOs3+qKuXdPWYoVIpLc6q7jhIeTZfcDrXXRWQBC2r8dhLjbTFHln1YkqCqv+fcCw\nUN7RhtYYK84q5PyS1iE5crquXrZaz1gd\n=rKbY\n-----END PGP MESSAGE-----\n"

"encryptedGraph": "-----BEGIN PGP MESSAGE-----\n\nhF4Dy9u...
"recipients": "https://orcid.org/0000-0002-1825-0097"
"recipients": "https://orcid.org/0000-0002-1825-0097"

1.

Encrypted Context Entitles are aggregated based on common sets of shared Recipients.
1....

2.

Encrypted Context Entities are serialized to their JSON LD representation.
2....

3.

JSON is encrypted by GPG to all recipients' public keys.
3....

4.

PGP Encrypted string and a list of recipients are stored as part of an Encrypted Graph Message.
4....

GPG Crate Encryption

When an RO-Crate containing Encrypted Context Entities is written to disk.
GPG Crate Encryption...

5.

Encrypted Graph Messages and other contents of the crate are written as ro_crate_metadata.json
5....

EncryptedContextEntity
 EncryptedContextEntity
"@id": "#ExampleSensitiveDataMedical"
"@id": "#ExampleSensitiveDataMedical"
"@type": "MedicalCondition"
"@type": "MedicalCondition"
"naturalProgression": "full psychoceramic breakdown",
"naturalProgression": "full psychoceramic breakdown",
"name": "Memory Bus Factor Syndrome"
"name": "Memory Bus Factor Syndrome"
"recipients": "https://orcid.org/0000-0002-1825-0097"
"recipients": "https://orcid.org/0000-0002-1825-0097"

EncryptedContextEntity
 EncryptedContextEntity
"@id":"#ExampleSensitiveDataBank"

"@id":"#ExampleSensitiveDataBank"
"@type": "BankAccount"
"@type": "BankAccount"
"accountOverdraftLimit": "$50000000"
"accountOverdraftLimit": "$50000000"
"name": "Carberry Research Grant Account"
"name": "Carberry Research Grant Account"
"recipients": "https://orcid.org/0000-0002-1825-0097"
"recipients": "https://orcid.org/0000-0002-1825-0097"

EncryptedContextEntity
 EncryptedContextEntity
"@id": "#ExampleSensitiveDataCode"
"@id": "#ExampleSensitiveDataCode"
"@type": "SoftwareSourceCode"
"@type": "SoftwareSourceCode"
"codeRepository": "https://github.com/UoA-eResearch/ro-crate-py/tree/encrypted-metadata"
"codeRepository": "https://github.com/UoA-eResearch/r...
"name": "Super Secret RO-Crate Repo"
"name": "Super Secret RO-Crate Repo"
"recipients": [
{"@id": "https://orcid.org/0000-0004-1818-0000"},
{"@id": "https://orcid.org/0000-0001-7760-1240"}
]
"recipients": [...
JSON serialization
"[        {
            "@id": "#ExampleSensitiveDataCode",
            "@type": "SoftwareSourceCode",
            "codeRepository": "https://github.com/UoA-eResearch/ro-crate-py/tree/encrypted-metadata",
            "name": "Super Secret RO-Crate Repo",
            "recipients": "https://orcid.org/0000-0004-1818-0000"
        }]"
JSON serialization"[        {...
Recipient
Recipient
"@id": "https://orcid.org/0000-0004-1818-0000"
"@id": "https://orcid.org/0000-0004-1818-00...
"@type": "Person"
"@type": "Person"
"email": "Jlove@guthib.com"
"email": "Jlove@guthib.com"
"keyserver": "https://keyserver.ubuntu.com"
"keyserver": "https://keyserver.ubuntu.com"
"pubkeyFingerprints": "93B72373820DDB104BC6859474CBFBAB503F3CF3"
"pubkeyFingerprints": "93B72373820DDB104BC6...
PGP encrypted String
-----BEGIN PGP MESSAGE-----\n\nhF4Dy9uOJGGmSI4SAQdApZDEDcRWXvcY yndH3YQJDaY3bFtoii/jAaYTw+g2sEsw\neY9h46EeGo3KIyD61wu4sTJL UFCihFoLzb3jzJuNmGzTAIIpZjwQSnZTmIOBf9+ V\n1MBFAQkCENnCJLcOhqgchWNkv2HcyrK+//QVmRyICdK3DPaIPIJgzgI6fjGB3Ck+\nmn2HYbr29p1PiKv/ijeJ8jEa4CD0DXchjZzyQ8m5EDlZv9pscIwmYjppz 0exyZKH\n/BYaSdGuI1xYcov3tdJNb87XspFq7e7Hg6E1K4x7 EWoxM33CJHFP0MeyMGIjx8qg\nnXQUCEEVafx n8jxHrj0wU5bu22EOxCoZwFCgQmKakYUzs9BU zcKB5zeEE5xx0wlL\noOs3+qKuXdPWYoVIpLc6q 7jhIeTZfcDrXXRWQBC2r8dhLjbTFHln1YkqCqv+ fcCw\nUN7RhtYYK84q5PyS1iE5crquXrZaz1gd\ n=rKbY\n
-----END PGP MESSAGE-----\n
PGP encrypted String...
EncryptedGraphMessage
EncryptedGraphMessage
"@id": "#Encrypted_Message93B72373820DDB104BC6859474CBFBAB503F3CF3"
"@id": "#Encrypted_Message93B72373820DDB104BC6859474CBFBA...
"@type": ["SendAction","EncryptedGraphMessage"]
"@type": ["SendAction","EncryptedGraphMessage"]
"actionStatus": "PotentialActionStatus",
"actionStatus": "PotentialActionStatus",
"deliveryMethod": "https://doi.org/10.17487/RFC4880"
"deliveryMethod": "https://doi.org/10.17487/RFC4880"
"encryptedGraph": "-----BEGIN PGP MESSAGE-----\n\nhF4Dy9uOJGGmSI4SAQdApZDEDcRWXvcYyndH3YQJDaY3bFtoii/jAaYTw+g2sEsw\neY9h46EeGo3KIyD61wu4sTJLUFCihFoLzb3jzJuNmGzTAIIpZjwQSnZTmIOBf9+V\n1MBFAQkCENnCJLcOhqgchWNkv2HcyrK+//QVmRyICdK3DPaIPIJgzgI6fjGB3Ck+\nmn2HYbr29p1PiKv/ijeJ8jEa4CD0DXchjZzyQ8m5EDlZv9pscIwmYjppz0exyZKH\n/BYaSdGuI1xYcov3tdJNb87XspFq7e7Hg6E1K4x7EWoxM33CJHFP0MeyMGIjx8qg\nnXQUCEEVafxn8jxHrj0wU5bu22EOxCoZwFCgQmKakYUzs9BUzcKB5zeEE5xx0wlL\noOs3+qKuXdPWYoVIpLc6q7jhIeTZfcDrXXRWQBC2r8dhLjbTFHln1YkqCqv+fcCw\nUN7RhtYYK84q5PyS1iE5crquXrZaz1gd\n=rKbY\n-----END PGP MESSAGE-----\n"

"encryptedGraph": "-----BEGIN PGP MESSAGE-----\n\nhF4Dy9u...
"recipients": [
{"@id": "https://orcid.org/0000-0004-1818-0000"},
{"@id": "https://orcid.org/0000-0001-7760-1240"}
]
"recipients": [... \ No newline at end of file +
Recipient
Recipient
"@id": "https://orcid.org/0000-0002-1825-0097"
"@id": "https://orcid.org/0000-0002-1825-00...
"@type": "Person"
"@type": "Person"
"email": "JCarberry@psychoceramics.brown.com"
"email": "JCarberry@psychoceramics.brown.co...
"keyserver": "https://keyserver.ubuntu.com"
"keyserver": "https://keyserver.ubuntu.com"
"pubkey_fingerprints": "985E471827FEF4D193C2CDBF65322C25ED00AB00"
"pubkey_fingerprints": "985E471827FEF4D193C2...
JSON serialization
"[            "@id": "#ExampleSensitiveDataBank",
            "@type": "BankAccount",
            "accountOverdraftLimit": "$50000000",
            "name": "Carberry Research Grant Account",
            "recipients": "https://orcid.org/0000-0002-1825-0097"
        },
        {
            "@id": "#ExampleSensitiveDataMedical",
            "@type": "MedicalCondition",
            "name": "Memory Bus Factor Syndrome",
            "naturalProgression": "full psychoceramic breakdown",
            "recipients": "https://orcid.org/0000-0002-1825-0097"
        }
]"
JSON serialization"[            "@id": "#ExampleSensiti...
PGP encrypted String
"-----BEGIN PGP MESSAGE-----


hF4Dy9uOJGGmSI4SAQdApZDEDcRWXvcYy
ndH3YQJDaY3bFtoiijAaYTw+g2sEsw\neY9h46E
eGo3KIyD61wu4sTJLUFCihFoLzb3jzJuNmGzTA
IIpZjwQSnZTmIOBf9+V\n1MBFAQkCENnCJLc
OhqgchWNkv2HcyrK+QVmRyICdK3DPaIPIJgz
gI6fjGB3Ck+mn2HYbr29p1PiKvijeJ8jEa4CD0D
XchjZzyQ8m5EDlZv9pscIwmYjppz0exyZKHBYa
SdGuI1xYcov3tdJNb87XspFq7e7Hg6E1K4x7E
WoxM33CJHFP0MeyMGIjx8qg\nnXQUCEEVa
fxn8jxHrj0wU5bu22EOxCoZwFCgQmKakYUz
9BUzcKB5zeEE5xx0wlL\noOs3+qKuXdPWYoV
IpLc6q7jhIeTZfcDrXXRWQBC2r8dhLjbTFHln1Y
kqCqv+fcCw\nUN7RhtYYK84q5PyS1iE5crquXr
Zaz1gd\n=rKbY\
-----END PGP MESSAGE-----"
PGP encrypted String...
EncryptedGraphMessage
EncryptedGraphMessage
"@id": "#Encrypted_Message985E471827FEF4D193C2CDBF65322C25ED00AB00"
"@id": "#Encrypted_Message985E471827FEF4D193C2CDBF65322C2...
"@type": ["SendAction","EncryptedGraphMessage"]
"@type": ["SendAction","EncryptedGraphMessage"]
"actionStatus": "PotentialActionStatus",
"actionStatus": "PotentialActionStatus",
"deliveryMethod": "https://doi.org/10.17487/RFC4880"
"deliveryMethod": "https://doi.org/10.17487/RFC4880"
"encryptedGraph": "-----BEGIN PGP MESSAGE-----\n\nhF4Dy9uOJGGmSI4SAQdApZDEDcRWXvcYyndH3YQJDaY3bFtoii/jAaYTw+g2sEsw\neY9h46EeGo3KIyD61wu4sTJLUFCihFoLzb3jzJuNmGzTAIIpZjwQSnZTmIOBf9+V\n1MBFAQkCENnCJLcOhqgchWNkv2HcyrK+//QVmRyICdK3DPaIPIJgzgI6fjGB3Ck+\nmn2HYbr29p1PiKv/ijeJ8jEa4CD0DXchjZzyQ8m5EDlZv9pscIwmYjppz0exyZKH\n/BYaSdGuI1xYcov3tdJNb87XspFq7e7Hg6E1K4x7EWoxM33CJHFP0MeyMGIjx8qg\nnXQUCEEVafxn8jxHrj0wU5bu22EOxCoZwFCgQmKakYUzs9BUzcKB5zeEE5xx0wlL\noOs3+qKuXdPWYoVIpLc6q7jhIeTZfcDrXXRWQBC2r8dhLjbTFHln1YkqCqv+fcCw\nUN7RhtYYK84q5PyS1iE5crquXrZaz1gd\n=rKbY\n-----END PGP MESSAGE-----\n"

"encryptedGraph": "-----BEGIN PGP MESSAGE-----\n\nhF4Dy9u...
"recipients": "https://orcid.org/0000-0002-1825-0097"
"recipients": "https://orcid.org/0000-0002-1825-0097"

1.

Encrypted Context Entitles are aggregated based on common sets of shared Recipients.
1....

2.

Encrypted Context Entities are serialized to their JSON LD representation.
2....

3.

JSON is encrypted by GPG to all recipients' public keys.
3....

4.

PGP Encrypted string and a list of recipients are stored as part of an Encrypted Graph Message.
4....

GPG Crate Encryption

When an RO-Crate containing Encrypted Context Entities is written to disk.
GPG Crate Encryption...

5.

Encrypted Graph Messages and other contents of the crate are written as ro_crate_metadata.json
5....

EncryptedContextEntity
 EncryptedContextEntity
"@id": "#ExampleSensitiveDataMedical"
"@id": "#ExampleSensitiveDataMedical"
"@type": "MedicalCondition"
"@type": "MedicalCondition"
"naturalProgression": "full psychoceramic breakdown",
"naturalProgression": "full psychoceramic breakdown",
"name": "Memory Bus Factor Syndrome"
"name": "Memory Bus Factor Syndrome"
"recipients": "https://orcid.org/0000-0002-1825-0097"
"recipients": "https://orcid.org/0000-0002-1825-0097"

EncryptedContextEntity
 EncryptedContextEntity
"@id":"#ExampleSensitiveDataBank"

"@id":"#ExampleSensitiveDataBank"
"@type": "BankAccount"
"@type": "BankAccount"
"accountOverdraftLimit": "$50000000"
"accountOverdraftLimit": "$50000000"
"name": "Carberry Research Grant Account"
"name": "Carberry Research Grant Account"
"recipients": "https://orcid.org/0000-0002-1825-0097"
"recipients": "https://orcid.org/0000-0002-1825-0097"

EncryptedContextEntity
 EncryptedContextEntity
"@id": "#ExampleSensitiveDataCode"
"@id": "#ExampleSensitiveDataCode"
"@type": "SoftwareSourceCode"
"@type": "SoftwareSourceCode"
"codeRepository": "https://github.com/UoA-eResearch/ro-crate-py/tree/encrypted-metadata"
"codeRepository": "https://github.com/UoA-eResearch/r...
"name": "Super Secret RO-Crate Repo"
"name": "Super Secret RO-Crate Repo"
"recipients": [
{"@id": "https://orcid.org/0000-0004-1818-0000"},
{"@id": "https://orcid.org/0000-0001-7760-1240"}
]
"recipients": [...
JSON serialization
"[        {
            "@id": "#ExampleSensitiveDataCode",
            "@type": "SoftwareSourceCode",
            "codeRepository": "https://github.com/UoA-eResearch/ro-crate-py/tree/encrypted-metadata",
            "name": "Super Secret RO-Crate Repo",
            "recipients": "https://orcid.org/0000-0004-1818-0000"
        }]"
JSON serialization"[        {...
Recipient
Recipient
"@id": "https://orcid.org/0000-0004-1818-0000"
"@id": "https://orcid.org/0000-0004-1818-00...
"@type": "Person"
"@type": "Person"
"email": "Jlove@guthib.com"
"email": "Jlove@guthib.com"
"keyserver": "https://keyserver.ubuntu.com"
"keyserver": "https://keyserver.ubuntu.com"
"pubkey_fingerprints": "93B72373820DDB104BC6859474CBFBAB503F3CF3"
"pubkey_fingerprints": "93B72373820DDB104BC6...
PGP encrypted String
-----BEGIN PGP MESSAGE-----\n\nhF4Dy9uOJGGmSI4SAQdApZDEDcRWXvcY yndH3YQJDaY3bFtoii/jAaYTw+g2sEsw\neY9h46EeGo3KIyD61wu4sTJL UFCihFoLzb3jzJuNmGzTAIIpZjwQSnZTmIOBf9+ V\n1MBFAQkCENnCJLcOhqgchWNkv2HcyrK+//QVmRyICdK3DPaIPIJgzgI6fjGB3Ck+\nmn2HYbr29p1PiKv/ijeJ8jEa4CD0DXchjZzyQ8m5EDlZv9pscIwmYjppz 0exyZKH\n/BYaSdGuI1xYcov3tdJNb87XspFq7e7Hg6E1K4x7 EWoxM33CJHFP0MeyMGIjx8qg\nnXQUCEEVafx n8jxHrj0wU5bu22EOxCoZwFCgQmKakYUzs9BU zcKB5zeEE5xx0wlL\noOs3+qKuXdPWYoVIpLc6q 7jhIeTZfcDrXXRWQBC2r8dhLjbTFHln1YkqCqv+ fcCw\nUN7RhtYYK84q5PyS1iE5crquXrZaz1gd\ n=rKbY\n
-----END PGP MESSAGE-----\n
PGP encrypted String...
EncryptedGraphMessage
EncryptedGraphMessage
"@id": "#Encrypted_Message93B72373820DDB104BC6859474CBFBAB503F3CF3"
"@id": "#Encrypted_Message93B72373820DDB104BC6859474CBFBA...
"@type": ["SendAction","EncryptedGraphMessage"]
"@type": ["SendAction","EncryptedGraphMessage"]
"actionStatus": "PotentialActionStatus",
"actionStatus": "PotentialActionStatus",
"deliveryMethod": "https://doi.org/10.17487/RFC4880"
"deliveryMethod": "https://doi.org/10.17487/RFC4880"
"encryptedGraph": "-----BEGIN PGP MESSAGE-----\n\nhF4Dy9uOJGGmSI4SAQdApZDEDcRWXvcYyndH3YQJDaY3bFtoii/jAaYTw+g2sEsw\neY9h46EeGo3KIyD61wu4sTJLUFCihFoLzb3jzJuNmGzTAIIpZjwQSnZTmIOBf9+V\n1MBFAQkCENnCJLcOhqgchWNkv2HcyrK+//QVmRyICdK3DPaIPIJgzgI6fjGB3Ck+\nmn2HYbr29p1PiKv/ijeJ8jEa4CD0DXchjZzyQ8m5EDlZv9pscIwmYjppz0exyZKH\n/BYaSdGuI1xYcov3tdJNb87XspFq7e7Hg6E1K4x7EWoxM33CJHFP0MeyMGIjx8qg\nnXQUCEEVafxn8jxHrj0wU5bu22EOxCoZwFCgQmKakYUzs9BUzcKB5zeEE5xx0wlL\noOs3+qKuXdPWYoVIpLc6q7jhIeTZfcDrXXRWQBC2r8dhLjbTFHln1YkqCqv+fcCw\nUN7RhtYYK84q5PyS1iE5crquXrZaz1gd\n=rKbY\n-----END PGP MESSAGE-----\n"

"encryptedGraph": "-----BEGIN PGP MESSAGE-----\n\nhF4Dy9u...
"recipients": [
{"@id": "https://orcid.org/0000-0004-1818-0000"},
{"@id": "https://orcid.org/0000-0001-7760-1240"}
]
"recipients": [... \ No newline at end of file diff --git a/ReadingEncryptedRO-Crate.svg b/ReadingEncryptedRO-Crate.svg index fb30551..69ff6fe 100644 --- a/ReadingEncryptedRO-Crate.svg +++ b/ReadingEncryptedRO-Crate.svg @@ -1,4 +1,4 @@ -





...
EncryptedGraphMessage
EncryptedGraphMessage
"@id": "#Encrypted_Message985E471827FEF4D193C2CDBF65322C25ED00AB00"
"@id": "#Encrypted_Message985E471827FEF4D193C2CDBF65322C2...
"@type": ["SendAction","EncryptedGraphMessage"]
"@type": ["SendAction","EncryptedGraphMessage"]
"actionStatus": "PotentialActionStatus",
"actionStatus": "PotentialActionStatus",
"deliveryMethod": "https://doi.org/10.17487/RFC4880"
"deliveryMethod": "https://doi.org/10.17487/RFC4880"
"encryptedGraph": "-----BEGIN PGP MESSAGE-----\n\nhF4Dy9uOJGGmSI4SAQdApZDEDcRWXvcYyndH3YQJDaY3bFtoii/jAaYTw+g2sEsw\neY9h46EeGo3KIyD61wu4sTJLUFCihFoLzb3jzJuNmGzTAIIpZjwQSnZTmIOBf9+V\n1MBFAQkCENnCJLcOhqgchWNkv2HcyrK+//QVmRyICdK3DPaIPIJgzgI6fjGB3Ck+\nmn2HYbr29p1PiKv/ijeJ8jEa4CD0DXchjZzyQ8m5EDlZv9pscIwmYjppz0exyZKH\n/BYaSdGuI1xYcov3tdJNb87XspFq7e7Hg6E1K4x7EWoxM33CJHFP0MeyMGIjx8qg\nnXQUCEEVafxn8jxHrj0wU5bu22EOxCoZwFCgQmKakYUzs9BUzcKB5zeEE5xx0wlL\noOs3+qKuXdPWYoVIpLc6q7jhIeTZfcDrXXRWQBC2r8dhLjbTFHln1YkqCqv+fcCw\nUN7RhtYYK84q5PyS1iE5crquXrZaz1gd\n=rKbY\n-----END PGP MESSAGE-----\n"

"encryptedGraph": "-----BEGIN PGP MESSAGE-----\n\nhF4Dy9u...
"recipients": "https://orcid.org/0000-0002-1825-0097"
"recipients": "https://orcid.org/0000-0002-1825-0097"

1.

Encrypted Graph Messages are read and their "encryptedGraph" strings are extracted.
1....

2.

The PGP message in "encryptedGraph" are decrypted if possible using private keys available to GPG
2....

3.

Decrypted JSON is read into RO-Crate entities and re-inserted back into RO-Crate @Graph.
3....

Reading a GPG RO-Crate

When an RO-Crate containing Encrypted Graph Messages is read from disk.
Reading a GPG RO-Crate...












...

2.1

if the message cannot be decrypted EncryptedGraphMessages remain in the RO-crate "@grpah"
2.1...
Recipient
Recipient
"@id": "https://orcid.org/0000-0002-1825-0097"
"@id": "https://orcid.org/0000-0002-1825-00...
"@type": "Person"
"@type": "Person"
"email": "JCarberry@psychoceramics.brown.com"
"email": "JCarberry@psychoceramics.brown.co...
"keyserver": "https://keyserver.ubuntu.com"
"keyserver": "https://keyserver.ubuntu.com"
"pubkeyFingerprints": "985E471827FEF4D193C2CDBF65322C25ED00AB00"
"pubkeyFingerprints": "985E471827FEF4D193C2...
JSON serialization
"{
            "@id": "#ExampleSensitiveDataMedical",
            "@type": "MedicalCondition",
            "name": "Memory Bus Factor Syndrome",
            "naturalProgression": "full psychoceramic breakdown",
            "recipients": "https://orcid.org/0000-0002-1825-0097"
}"
JSON serialization"{...
JSON serialization
"{          
    "@id": "#ExampleSensitiveDataBank",
            "@type": "BankAccount",
            "accountOverdraftLimit": "$50000000",
            "name": "Carberry Research Grant Account",
            "recipients": "https://orcid.org/0000-0002-1825-0097"
}"
JSON serialization...

EncryptedContextEntity
 EncryptedContextEntity
"@id": "#ExampleSensitiveDataMedical"
"@id": "#ExampleSensitiveDataMedical"
"@type": "MedicalCondition"
"@type": "MedicalCondition"
"naturalProgression": "full psychoceramic breakdown",
"naturalProgression": "full psychoceramic breakdown",
"name": "Memory Bus Factor Syndrome"
"name": "Memory Bus Factor Syndrome"
"recipients": "https://orcid.org/0000-0002-1825-0097"
"recipients": "https://orcid.org/0000-0002-1825-0097"

EncryptedContextEntity
 EncryptedContextEntity
"@id":"#ExampleSensitiveDataBank"

"@id":"#ExampleSensitiveDataBank"
"@type": "BankAccount"
"@type": "BankAccount"
"accountOverdraftLimit": "$50000000"
"accountOverdraftLimit": "$50000000"
"name": "Carberry Research Grant Account"
"name": "Carberry Research Grant Account"
"recipients": "https://orcid.org/0000-0002-1825-0097"
"recipients": "https://orcid.org/0000-0002-1825-0097"

EncryptedContextEntity
 EncryptedContextEntity
"@id": "#ExampleSensitiveDataCode"
"@id": "#ExampleSensitiveDataCode"
"@type": "SoftwareSourceCode"
"@type": "SoftwareSourceCode"
"codeRepository": "https://github.com/UoA-eResearch/ro-crate-py/tree/encrypted-metadata"
"codeRepository": "https://github.com/UoA-eResearch/r...
"name": "Super Secret RO-Crate Repo"
"name": "Super Secret RO-Crate Repo"
"recipients": [
{"@id": "https://orcid.org/0000-0004-1818-0000"},
{"@id": "https://orcid.org/0000-0001-7760-1240"}
]
"recipients": [...
JSON serialization
"[        {
            "@id": "#ExampleSensitiveDataCode",
            "@type": "SoftwareSourceCode",
            "codeRepository": "https://github.com/UoA-eResearch/ro-crate-py/tree/encrypted-metadata",
            "name": "Super Secret RO-Crate Repo",
            "recipients": "https://orcid.org/0000-0004-1818-0000"
        }]"
JSON serialization"[        {...
EncryptedGraphMessage
EncryptedGraphMessage
"@id": "#Encrypted_Message93B72373820DDB104BC6859474CBFBAB503F3CF3"
"@id": "#Encrypted_Message93B72373820DDB104BC6859474CBFBA...
"@type": ["SendAction","EncryptedGraphMessage"]
"@type": ["SendAction","EncryptedGraphMessage"]
"actionStatus": "PotentialActionStatus",
"actionStatus": "PotentialActionStatus",
"deliveryMethod": "https://doi.org/10.17487/RFC4880"
"deliveryMethod": "https://doi.org/10.17487/RFC4880"
"encryptedGraph": "-----BEGIN PGP MESSAGE-----\n\nhF4Dy9uOJGGmSI4SAQdApZDEDcRWXvcYyndH3YQJDaY3bFtoii/jAaYTw+g2sEsw\neY9h46EeGo3KIyD61wu4sTJLUFCihFoLzb3jzJuNmGzTAIIpZjwQSnZTmIOBf9+V\n1MBFAQkCENnCJLcOhqgchWNkv2HcyrK+//QVmRyICdK3DPaIPIJgzgI6fjGB3Ck+\nmn2HYbr29p1PiKv/ijeJ8jEa4CD0DXchjZzyQ8m5EDlZv9pscIwmYjppz0exyZKH\n/BYaSdGuI1xYcov3tdJNb87XspFq7e7Hg6E1K4x7EWoxM33CJHFP0MeyMGIjx8qg\nnXQUCEEVafxn8jxHrj0wU5bu22EOxCoZwFCgQmKakYUzs9BUzcKB5zeEE5xx0wlL\noOs3+qKuXdPWYoVIpLc6q7jhIeTZfcDrXXRWQBC2r8dhLjbTFHln1YkqCqv+fcCw\nUN7RhtYYK84q5PyS1iE5crquXrZaz1gd\n=rKbY\n-----END PGP MESSAGE-----\n"

"encryptedGraph": "-----BEGIN PGP MESSAGE-----\n\nhF4Dy9u...
"recipients": [
{"@id": "https://orcid.org/0000-0004-1818-0000"},
{"@id": "https://orcid.org/0000-0001-7760-1240"}
]
"recipients": [... \ No newline at end of file +





...
EncryptedGraphMessage
EncryptedGraphMessage
"@id": "#Encrypted_Message985E471827FEF4D193C2CDBF65322C25ED00AB00"
"@id": "#Encrypted_Message985E471827FEF4D193C2CDBF65322C2...
"@type": ["SendAction","EncryptedGraphMessage"]
"@type": ["SendAction","EncryptedGraphMessage"]
"actionStatus": "PotentialActionStatus",
"actionStatus": "PotentialActionStatus",
"deliveryMethod": "https://doi.org/10.17487/RFC4880"
"deliveryMethod": "https://doi.org/10.17487/RFC4880"
"encryptedGraph": "-----BEGIN PGP MESSAGE-----\n\nhF4Dy9uOJGGmSI4SAQdApZDEDcRWXvcYyndH3YQJDaY3bFtoii/jAaYTw+g2sEsw\neY9h46EeGo3KIyD61wu4sTJLUFCihFoLzb3jzJuNmGzTAIIpZjwQSnZTmIOBf9+V\n1MBFAQkCENnCJLcOhqgchWNkv2HcyrK+//QVmRyICdK3DPaIPIJgzgI6fjGB3Ck+\nmn2HYbr29p1PiKv/ijeJ8jEa4CD0DXchjZzyQ8m5EDlZv9pscIwmYjppz0exyZKH\n/BYaSdGuI1xYcov3tdJNb87XspFq7e7Hg6E1K4x7EWoxM33CJHFP0MeyMGIjx8qg\nnXQUCEEVafxn8jxHrj0wU5bu22EOxCoZwFCgQmKakYUzs9BUzcKB5zeEE5xx0wlL\noOs3+qKuXdPWYoVIpLc6q7jhIeTZfcDrXXRWQBC2r8dhLjbTFHln1YkqCqv+fcCw\nUN7RhtYYK84q5PyS1iE5crquXrZaz1gd\n=rKbY\n-----END PGP MESSAGE-----\n"

"encryptedGraph": "-----BEGIN PGP MESSAGE-----\n\nhF4Dy9u...
"recipients": "https://orcid.org/0000-0002-1825-0097"
"recipients": "https://orcid.org/0000-0002-1825-0097"

1.

Encrypted Graph Messages are read and their "encryptedGraph" strings are extracted.
1....

2.

The PGP message in "encryptedGraph" are decrypted if possible using private keys available to GPG
2....

3.

Decrypted JSON is read into RO-Crate entities and re-inserted back into RO-Crate @Graph.
3....

Reading a GPG RO-Crate

When an RO-Crate containing Encrypted Graph Messages is read from disk.
Reading a GPG RO-Crate...












...

2.1

if the message cannot be decrypted EncryptedGraphMessages remain in the RO-crate "@grpah"
2.1...
Recipient
Recipient
"@id": "https://orcid.org/0000-0002-1825-0097"
"@id": "https://orcid.org/0000-0002-1825-00...
"@type": "Person"
"@type": "Person"
"email": "JCarberry@psychoceramics.brown.com"
"email": "JCarberry@psychoceramics.brown.co...
"keyserver": "https://keyserver.ubuntu.com"
"keyserver": "https://keyserver.ubuntu.com"
"pubkey_fingerprints": "985E471827FEF4D193C2CDBF65322C25ED00AB00"
"pubkey_fingerprints": "985E471827FEF4D193C2...
JSON serialization
"{
            "@id": "#ExampleSensitiveDataMedical",
            "@type": "MedicalCondition",
            "name": "Memory Bus Factor Syndrome",
            "naturalProgression": "full psychoceramic breakdown",
            "recipients": "https://orcid.org/0000-0002-1825-0097"
}"
JSON serialization"{...
JSON serialization
"{          
    "@id": "#ExampleSensitiveDataBank",
            "@type": "BankAccount",
            "accountOverdraftLimit": "$50000000",
            "name": "Carberry Research Grant Account",
            "recipients": "https://orcid.org/0000-0002-1825-0097"
}"
JSON serialization...

EncryptedContextEntity
 EncryptedContextEntity
"@id": "#ExampleSensitiveDataMedical"
"@id": "#ExampleSensitiveDataMedical"
"@type": "MedicalCondition"
"@type": "MedicalCondition"
"naturalProgression": "full psychoceramic breakdown",
"naturalProgression": "full psychoceramic breakdown",
"name": "Memory Bus Factor Syndrome"
"name": "Memory Bus Factor Syndrome"
"recipients": "https://orcid.org/0000-0002-1825-0097"
"recipients": "https://orcid.org/0000-0002-1825-0097"

EncryptedContextEntity
 EncryptedContextEntity
"@id":"#ExampleSensitiveDataBank"

"@id":"#ExampleSensitiveDataBank"
"@type": "BankAccount"
"@type": "BankAccount"
"accountOverdraftLimit": "$50000000"
"accountOverdraftLimit": "$50000000"
"name": "Carberry Research Grant Account"
"name": "Carberry Research Grant Account"
"recipients": "https://orcid.org/0000-0002-1825-0097"
"recipients": "https://orcid.org/0000-0002-1825-0097"

EncryptedContextEntity
 EncryptedContextEntity
"@id": "#ExampleSensitiveDataCode"
"@id": "#ExampleSensitiveDataCode"
"@type": "SoftwareSourceCode"
"@type": "SoftwareSourceCode"
"codeRepository": "https://github.com/UoA-eResearch/ro-crate-py/tree/encrypted-metadata"
"codeRepository": "https://github.com/UoA-eResearch/r...
"name": "Super Secret RO-Crate Repo"
"name": "Super Secret RO-Crate Repo"
"recipients": [
{"@id": "https://orcid.org/0000-0004-1818-0000"},
{"@id": "https://orcid.org/0000-0001-7760-1240"}
]
"recipients": [...
JSON serialization
"[        {
            "@id": "#ExampleSensitiveDataCode",
            "@type": "SoftwareSourceCode",
            "codeRepository": "https://github.com/UoA-eResearch/ro-crate-py/tree/encrypted-metadata",
            "name": "Super Secret RO-Crate Repo",
            "recipients": "https://orcid.org/0000-0004-1818-0000"
        }]"
JSON serialization"[        {...
EncryptedGraphMessage
EncryptedGraphMessage
"@id": "#Encrypted_Message93B72373820DDB104BC6859474CBFBAB503F3CF3"
"@id": "#Encrypted_Message93B72373820DDB104BC6859474CBFBA...
"@type": ["SendAction","EncryptedGraphMessage"]
"@type": ["SendAction","EncryptedGraphMessage"]
"actionStatus": "PotentialActionStatus",
"actionStatus": "PotentialActionStatus",
"deliveryMethod": "https://doi.org/10.17487/RFC4880"
"deliveryMethod": "https://doi.org/10.17487/RFC4880"
"encryptedGraph": "-----BEGIN PGP MESSAGE-----\n\nhF4Dy9uOJGGmSI4SAQdApZDEDcRWXvcYyndH3YQJDaY3bFtoii/jAaYTw+g2sEsw\neY9h46EeGo3KIyD61wu4sTJLUFCihFoLzb3jzJuNmGzTAIIpZjwQSnZTmIOBf9+V\n1MBFAQkCENnCJLcOhqgchWNkv2HcyrK+//QVmRyICdK3DPaIPIJgzgI6fjGB3Ck+\nmn2HYbr29p1PiKv/ijeJ8jEa4CD0DXchjZzyQ8m5EDlZv9pscIwmYjppz0exyZKH\n/BYaSdGuI1xYcov3tdJNb87XspFq7e7Hg6E1K4x7EWoxM33CJHFP0MeyMGIjx8qg\nnXQUCEEVafxn8jxHrj0wU5bu22EOxCoZwFCgQmKakYUzs9BUzcKB5zeEE5xx0wlL\noOs3+qKuXdPWYoVIpLc6q7jhIeTZfcDrXXRWQBC2r8dhLjbTFHln1YkqCqv+fcCw\nUN7RhtYYK84q5PyS1iE5crquXrZaz1gd\n=rKbY\n-----END PGP MESSAGE-----\n"

"encryptedGraph": "-----BEGIN PGP MESSAGE-----\n\nhF4Dy9u...
"recipients": [
{"@id": "https://orcid.org/0000-0004-1818-0000"},
{"@id": "https://orcid.org/0000-0001-7760-1240"}
]
"recipients": [... \ No newline at end of file diff --git a/index.md b/index.md index 24f538e..e8dec11 100644 --- a/index.md +++ b/index.md @@ -2,34 +2,6 @@ Based on : [https://github.com/workflowhub-eu/about/tree/master/Workflow-RO-Crat # GPG Crate (DRAFT) - - - - - - - * Permalink: `TODO` @@ -80,13 +52,13 @@ If a data entity has associated sensitive metadata these SHOULD be created as se Any *EncryptedContextEntity* MAY OPTIONALLY contain `EncryptedContextEntity` in its type. *(as almost any type of entity MAY be an encryptedcontextentity with their original typing to be retained unchanged, for this reason EncryptedContextEntities SHOULD be defined programmatically in the library writing or reading the crate rather by their @type)*. -Any *EncryptedContextEntity* MUST have a least one entity as a `recipient` and that *recipient* MUST have at least one valid gpg public key fingerprint listed via the `pubkeyFingerprints` property. +Any *EncryptedContextEntity* MUST have a least one entity as a `recipient` and that *recipient* MUST have at least one valid gpg public key fingerprint listed via the `pubkey_fingerprints` property. Values specified in an *EncryptedContextEntity*'s `recipients` property SHOULD refer to other context entities within the graph via the standard `"recipients":[{"@id":""}]` format. *(they should not be raw strings or references to external files)*. Encrypted context entities MUST only exist in a decrypted state only while in memory. -Once the crate is written to disk as `ro_crate_metadata.json` *EncryptedContextEntities* are aggregated based on common sets of `recipient` `pubkeyFingerprints` and written as the `encrypted_graph` property of an `EncryptedGraphMessage`. +Once the crate is written to disk as `ro_crate_metadata.json` *EncryptedContextEntities* are aggregated based on common sets of `recipient` `pubkey_fingerprints` and written as the `encrypted_graph` property of an `EncryptedGraphMessage`. When data is decrypted from an *EncryptedGraphMessage* it MUST be decrypted into an *EncryptedContextEntity* it MAY be manually redesignated as a *Context Entity* later if the data is no longer to be encrypted. @@ -126,15 +98,15 @@ An *EncryptedGraphMessage* that cannot be decrypted MAY be removed from the grap An *EncryptedGraphMessage* SHOULD record its status via `"actionStatus"`. E.g. `'actionStatus":"PotentialActionStatus"` for a message that is yet to be decrypted or sent. -An *EncryptedGraphMessage* SHOULD record the message format of the message encrypted as `"encryptedGraph"` property via the `deliveryMethod` property. +An *EncryptedGraphMessage* SHOULD record the encryption message format of the message encrypted as `"encryptedGraph"` property via the `deliveryMethod` property. -An the `deliveryMethod` property of an *EncryptedGraphMessage* SHOULD point to a URI of a standard or documentation that provides context to identify and the message stored in `'encryptedGraph"` format, this SHOULD be sufficient to determine a decryption method for the message. For example "https://doi.org/10.17487/RFC4880" for PGP encrypted messages. +The `deliveryMethod` property of an *EncryptedGraphMessage* SHOULD point to a URI of a standard or documentation that provides context to identify the message stored in `'encryptedGraph"` format, this SHOULD be sufficient to determine a decryption method for the message. For example "https://doi.org/10.17487/RFC4880" for PGP encrypted messages. Any *EncryptedGraphMessage* MUST list all `"recipients"` matching the complete set of `"recipients"` of any *EncryptedContextEntities* that were aggregated and encrypted as part of the *EncryptedGraphMessage*. Values specified in an *EncryptedGraphMessage*s `"recipients"` property SHOULD refer to other context entities within the graph via the `"recipients":[{"@id":""}]` format. *(they should not be raw strings or references to external files)* -`"recipients"` of an *EncryptedGraphMessage* SHOULD refer to the complete set of private key holders that are able to decrypt the message stored in `"encryptedGraph"`. They MAY list contact information to identify these individuals and MAY identify their public keys via `"pubkeyFingerprints". +`"recipients"` of an *EncryptedGraphMessage* SHOULD refer to the complete set of private key holders that are able to decrypt the message stored in `"encryptedGraph"`. They MAY list contact information to identify these individuals and MAY identify their public keys via `"pubkey_fingerprints". ## Recipients @@ -144,11 +116,11 @@ A *Recipient* SHOULD be of the type `"ContactPoint"` `"Person"` and/or `"Audienc *Recipients* and MAY refer back to a*EncryptedGraphMessage*s and *EncryptedContextEntities* using the `"recipientOf"` property. -*Recipients* of *EncryptedGraphMessage*s and *EncryptedContextEntities* MUST store at least one public key fingerprint via the `pubkeyFingerprints` property. +*Recipients* of *EncryptedGraphMessage*s and *EncryptedContextEntities* MUST store at least one public key fingerprint via the `pubkey_fingerprints` property. -The fingerprints stored via *Recipients*' `pubkeyFingerprints` MUST refer to public keys accessible to the system writing the *crate* either locally or via a keyserver. +The fingerprints stored via *Recipients*' `pubkey_fingerprints` MUST refer to public keys accessible to the system writing the *crate* either locally or via a keyserver. -*Recipients* MAY list a keyserver from which the public keys matching their `pubkeyFingerprints` can be retrieved via `keyserver`. +*Recipients* MAY list a keyserver from which the public keys matching their `pubkey_fingerprints` can be retrieved via `keyserver`. ## Summary: Reading and Writing a GPG-Crate @@ -228,14 +200,14 @@ A minimal example of _GPG Crate_ metadata, containing example sensitive banking "actionStatus": "PotentialActionStatus", "deliveryMethod": "https://doi.org/10.17487/RFC4880", "encryptedGraph": "-----BEGIN PGP MESSAGE-----\n\nhF4DV/haefcwdMcSAQdAoKdyS9NBV6cXRw7oAYrWdfAXvhS6XSOnTav8H+IObwUw\nZhM6tfPBOiZQP4aQ5u/r222RZb/kdWyIm4Z88riSawm/Q6HgGOw61o4aqIpbFN3A\nhF4DVhe2+C+HB+0SAQdAdIAFPbC8ykXunE7NPG0WUL2uQLzRYrGc2AyCX0I8P3Iw\nRXlmAKkVZIy32KFVLW5LCI4aZvuE85csjqmX5tuXGNlmgqzIkcsTD2x/WAz2oqGQ\n1MBnAQkCENeUCJO2Pv/9lGTd2RXZAr5DvtvtWIZX+JvS2TkCxw1LPZ5kB/xWt/gQ\nNIzYqoM0s6g4MMXkON/ezZ7gU2Cqc+FaFflbtuAkN3telMZECcm7BIIp8fkFlHYe\nbE1d40tAq6ZEIfWKOykdNxjDqV3Va3+Ue+ZDUkte82SQnyO2xY1gYdk9VMGWbyDM\nYiuzbMEzZtyiwRWgHXag0jml4yQBMwCWHkLSrq5iyZVo+igQ+X3GXgpj3SD27Ef2\nKj/kdwxvhjH3nZovzT8eRipO42nvt6Gck4XGpRnNpX5uminNmCwjxz1obykj06oe\nbSP1Fk7D733wlv2JIJTr2804w0K+c7DbNX86/4ROaaiMnceKKL2IqAyeU5m6t4dj\nNMzgX3jvUtnA/w==\n=nUDI\n-----END PGP MESSAGE-----\n", -"recipients": [ -{ - "@id": "https://orcid.org/0000-0004-1818-0000" -}, -{ - "@id": "https://orcid.org/0000-0001-7760-1240" -} -] + "recipients": [ + { + "@id": "https://orcid.org/0000-0004-1818-0000" + }, + { + "@id": "https://orcid.org/0000-0001-7760-1240" + } + ] } ] }