Guidance on Custom TDF Platform in compliance with OpenTDF Spec

[mm192010]

Hello,

I am currently building a TDF (Trusted Data Format) platform and would like to clarify the feasibility and compliance of our planned architecture.

Current Infrastructure:
We have already have the following components which is used by our proprietary software

• PDP (Policy Decision Point) - for policy evaluation
• PAP (Policy Administration Point) - for policy configuration
• ERS (Entity Resolution Service) - connecting to various attribute sources
• IDP (Identity Provider) - supporting OIDC

The only missing component in our architecture is the KAS (Key Access Service). We are considering building a custom KAS implementation that provides the required API endpoints. We will follow the openAPI spec for KAS as it is

1. Public Key endpoint - to return the KAS public key for policy encryption
2. Rewrap endpoint - to handle key unwrapping/rewrapping based on policy evaluation

I would like to check if the above can support

1. The current openTDF sdks can be used for creating and reading tdf files
2. Otdfctl or any other tdf client can work with my platform ? (only for creating and reading TDF)

Regards
Max

[jrschumacher]

Hi @mm192010, thank you for reaching out!

If your goal is to build a system that works with existing OpenTDF PEPs and clients, it’s important to clarify that compatibility depends on more than implementing the KAS API surface. OpenTDF relies on consistent end-to-end behavior across services (policy evaluation, identity, and key access), not just matching endpoints.

OpenTDF’s focus is on maintaining a cohesive and interoperable ecosystem. Building a separate implementation with different underlying components (PDP, ERS, etc.) may lead to behavior that diverges from what OpenTDF SDKs and tools expect, even if the interfaces appear similar.

While the project is licensed under BSD 3-Clause Clear and you are free to build your own implementation, we’re not able to guide or validate custom KAS implementations outside of the OpenTDF architecture.

If you’re interested in contributing to or extending OpenTDF in a way that preserves interoperability, we’d be happy to collaborate through discussions or proposals.

If you’re looking for more formal support, feel free to reach out to me at jschumacher@virtru.com.

Cheers,
Ryan Schumacher