Attributes are represented by Attribute Objects
Attributes that an entity (or actor, or subject) "has" are referred to as "entity entitlements" and are represented by Entitlement Objects
Attributes that entities "need" in order to access data are referred to as "data attributes" and are represented by Policy Objects
The set of all entity entitlements involved in a request are referred to as "claims" and are represented by a Claims Object
A TDF file consists of:
- Encrypted payload
- manifest.json.
The TDF protocol also defines the following objects:
- A Attribute Object created by an attribute authority.
- A Policy Object created by the client and used by the Key Access Service (KAS).
- Policy Objects contain Attribute Objects, describing the object (or data) attributes.
- A Entitlement Object describing the entitlements of a single entity (or actor, or subject).
- Entitlement Objects contain Attribute Objects, describing individual entity (or actor, or subject) attributes.
- A Claims Object created by the Attribute Provider and issued by an OIDC IdP
- Claims Objects contain Entitlement Objects, describing the entitlements of all entities (PE or NPE) involved in an access decision.