x-cds-client-headers format

[perlboy]

Request For Clarification

The specification states The customer's original standard http headers Base64 encoded, including the original User Agent header.

Could clarity be provided as to the data format of these headers prior to Base64 encoding. The example of TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNzkuMC4zOTQ1Ljg4IFNhZmFyaS81MzcuMzY=

Decodes simply to: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Which provides no Header name (ie. User-Agent:).

How are other headers shipped as part of this CDR specific header intended to be shipped?

[CDR-API-Stream]

The standards do not specifically specify this. It is currently left to the discretion of the data recipient.

[perlboy]

The standards do not specifically specify this. It is currently left to the discretion of the data recipient.

So a Data Recipient can effectively include headers in any format they like? So, this would be valid prior to base64 encoding?

{
   "User-Agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36"
}

As would this?

{
   "User-Agent": ["Mozilla/5.0", "(X11; Linux x86_64)", "AppleWebKit/537.36", "(KHTML, like Gecko)", "Chrome/79.0.3945.88", "Safari/537.36"]
}

[CDR-API-Stream]

That is correct.

The purpose of this data is to allow the Data Holders identify patterns of behaviour that could indicate that the end customer has been compromised so the intent is that the data provided is consistent and structured. If there is too much variability across the data recipient community then data holders may a request additional specificity in the standards in the future.

[perlboy]

The purpose of this data is to allow the Data Holders identify patterns of behaviour that could indicate that the end customer has been compromised so the intent is that the data provided is consistent and structured. If there is too much variability across the data recipient community then data holders may a request additional specificity in the standards in the future.

So how is a Data Recipient's request expected to be validated beyond not being null?

[perlboy]

Preamble: Biza currently has 42 open issues within Standards Maintenance. In an effort to optimise our own backlog we are closing those which have no actual response from the DSB. They may be reopened at a later time or referenced when the issues are highlighted by third parties.

The "answer provided" is that the standards will not standardise this value. Consequently Electronic Thumb treats it as a fixed format field with content of { "User-Agent": "$USER_AGENT" } where $USER_AGENT is provided as a free text string contained within ThumbConsumer which is supplied during calls.