Issue
Currently, NPE (Non-Person Entity) claims are transmitted as JSON in HTTP requests to authnz-rs. This is inconsistent with the NanoTDF binary format used elsewhere in the architecture.
Current State
arkavo-edge → authnz-rs (authentication): JSON
{
"platform_code": "macos-arm64",
"platform_state": "Trusted",
"device_id": "...",
"app_version": "0.38.2"
}authnz-rs → arkavo-edge (response): NTDF binary token (Z85 encoded)
Authorization: NTDF <z85-encoded-binary-token>
Proposal
NPE claims should be serialized as binary (matching NanoTDF format) and Z85 encoded for transport, rather than using JSON.
Benefits:
- Consistency with NanoTDF binary format
- Smaller payload size
- Unified serialization approach
- Better alignment with RATS attestation evidence formats
Impact
- authnz-rs API changes (breaking)
- arkavo-edge client changes
- Update NTDF token specification
- Migration path for existing deployments
Related Work
- NTDF token specification:
ntdf-token/draft-arkavo-ntdf-token-00.md
- NanoTDF implementation:
opentdf-rs
- arkavo-edge implementation: Issue #309
Issue
Currently, NPE (Non-Person Entity) claims are transmitted as JSON in HTTP requests to authnz-rs. This is inconsistent with the NanoTDF binary format used elsewhere in the architecture.
Current State
arkavo-edge → authnz-rs (authentication): JSON
{ "platform_code": "macos-arm64", "platform_state": "Trusted", "device_id": "...", "app_version": "0.38.2" }authnz-rs → arkavo-edge (response): NTDF binary token (Z85 encoded)
Proposal
NPE claims should be serialized as binary (matching NanoTDF format) and Z85 encoded for transport, rather than using JSON.
Benefits:
Impact
Related Work
ntdf-token/draft-arkavo-ntdf-token-00.mdopentdf-rs