You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The spec mentions 3 endpoints: discovery, status and requests (the endpoint to submit a new DSR) . Then there is the callback coming from the data processor to the data controller.
The requests and status endpoints both provide a header X-OpenDSR-Signature in the response. My question are:
What is the purpose of that signature in the response of these 2 endpoints? Is it about accountability/auditing purposes?
I would assume that preventing a MITM attack would be done by other means (during the TLS handshake, checking that the certificate provided by the data processor is valid, signed by a trusted CA & that the domain matches). Is that correct?
Should the controller validate those signatures (the same way it should validate the signature in the callback)? This is unclear in the spec as far as I am aware.
Thank you!
The text was updated successfully, but these errors were encountered:
Hi,
The spec mentions 3 endpoints:
discovery,statusandrequests(the endpoint to submit a new DSR) . Then there is the callback coming from the data processor to the data controller.The
requestsandstatusendpoints both provide a headerX-OpenDSR-Signaturein the response. My question are:What is the purpose of that signature in the response of these 2 endpoints? Is it about accountability/auditing purposes?
Should the controller validate those signatures (the same way it should validate the signature in the callback)? This is unclear in the spec as far as I am aware.
Thank you!
The text was updated successfully, but these errors were encountered: