Skip to content

Commit

Permalink
pr remarks
Browse files Browse the repository at this point in the history
  • Loading branch information
paullatzelsperger committed Jul 3, 2024
1 parent fce1f5a commit f961458
Showing 1 changed file with 19 additions and 9 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -2,23 +2,30 @@

## Decision

The `POST /catalog/request` endpoint to request a catalog will receive a new optional field in the request body with which the requesting participant (=consumer) can insert additional scopes into the DCP interaction.
The `POST /catalog/request` endpoint to request a catalog will receive a new optional field in the request body with
which the requesting participant (=consumer) can insert additional scopes into the DCP interaction.

## Rationale

In typical DCP interactions, the consumer derives the required scopes from the current request (e.g. policies, or existing agreements). This does not work for a Catalog request, because there is no request context.
In typical DCP interactions, the consumer derives the required scopes from the current request (e.g. policies, or
existing agreements). This does not work for a Catalog request, because there is no request context.

Further, in many dataspaces there are "default scopes", i.e. scopes that must be present on every DSP interaction, but these are static - they can't be changed at runtime.
Further, in many dataspaces there are "default scopes", i.e. scopes that must be present on every DSP interaction, but
these are static - they can't be changed at runtime.

So if a provider offers assets, that are only available is a special (non-default) credential is presented, the consumer must be able to attach the respective scope strings to the access token.
So if a provider offers assets, that are only available is a special (non-default) credential is presented, the consumer
must be able to attach the respective scope strings to the access token.

_NB: the information \_which_ scopes must be added, has to be conveyed out-of-band.\_

In other words, a consumer may know that a provider has certain assets available, but they have an access policy constraint on them, which makes them "invisible" unless a certain credential is presented.
In other words, a consumer may know that a provider has certain assets available, but they have an access policy
constraint on them, which makes them "invisible" unless a certain credential is presented.

## Approach

The `CatalogRequest` will receive a new field `parameters`, which is an extensible map. This map may contain an entry `additionalScopes` which is a list of scope strings (as per [DCP Specification, Section 3.1](https://github.com/eclipse-tractusx/identity-trust/blob/main/specifications/verifiable.presentation.protocol.md#31-access-scopes)):
The `CatalogRequest` will receive a new field `parameters`, which is an extensible map. This map may contain an
entry `additionalScopes` which is a list of scope strings (as
per [DCP Specification, Section 3.1](https://github.com/eclipse-tractusx/identity-trust/blob/main/specifications/verifiable.presentation.protocol.md#31-access-scopes)):

```json
{
Expand All @@ -31,14 +38,17 @@ The `CatalogRequest` will receive a new field `parameters`, which is an extensib
},
"parameters": {
"additionalScopes": [
"org.eclipse.edc.vc.type.AdditionalCredentialType1:read",
"org.eclipse.edc.vc.type.AdditionalCredentialType2:*",
"org.eclipse.edc.vc.type.AdditionalCredentialType1:read",
"org.eclipse.edc.vc.type.AdditionalCredentialType2:*"
]
}
}
```

Scope strings provided in that fashion will get added to the default scopes.

NB: both the `parameters` map and the `additionalScopes` entry are _OPTIONAL_.

This feature will be added in an Alpha version of the Management API first, specifically of `3.1.0-alpha`. The respective URL path will be `/v31alpha/api/management/catalog/request` as per our [deprecation policy](https://github.com/eclipse-edc/docs/tree/main/developer/decision-records/2024-05-27-maturity-levels-deprecation-policy).
This feature will be added in an Alpha version of the Management API first, specifically of `3.1.0-alpha`. The
respective URL path will be `/v3.1alpha/api/management/catalog/request` as per
our [deprecation policy](https://github.com/eclipse-edc/docs/tree/main/developer/decision-records/2024-05-27-maturity-levels-deprecation-policy).

0 comments on commit f961458

Please sign in to comment.