diff --git a/api/toip-tswg-trustregistryprotocol-v2.yaml b/api/toip-tswg-trustregistryprotocol-v2.yaml index d91fb14..defa189 100644 --- a/api/toip-tswg-trustregistryprotocol-v2.yaml +++ b/api/toip-tswg-trustregistryprotocol-v2.yaml @@ -1,6 +1,5 @@ -openapi: 3.0.0 +openapi: 3.1.0 servers: - # Added by API Auto Mocking Plugin - description: SwaggerHub API Auto Mocking url: https://virtserver.swaggerhub.com/darrellodonnell/ToIP.TrustRegistry/0.1.0 info: @@ -15,15 +14,13 @@ info: * list the acknowledged trust registries that the RoR recognizes and what that may mean in the context of a particular governance framework. version: 2.0.alpha - title: ToIP Trust Registry Protocol v2 - Working Draft + title: ToIP Trust Registry Protocol v2 - Working Draft contact: email: darrell.odonnell@continuumloop.com license: name: Apache 2.0 - url: 'http://www.apache.org/licenses/LICENSE-2.0.html' + url: http://www.apache.org/licenses/LICENSE-2.0.html tags: - # - name: admins - # description: Secured Admin-only calls - name: registry description: Queries about Entities, Registries, and Resources. - name: lookups @@ -33,30 +30,34 @@ tags: - name: offline description: Offline operations (i.e. prepare to go offline). paths: - - /entitities/{entityid}: + /entitities/{entityid}: get: tags: - - registry - summary: Returns Registry Information about a particular entity that is represented in the queried system. + - registry + summary: >- + Returns Registry Information about a particular entity that is + represented in the queried system. parameters: - in: path - name: entityid + name: entityid required: true schema: $ref: '#/components/schemas/Uri' - description: | - The URI-based identifier of a DID or X.509 Issuer. Allows reserved characters per RFC3986. + description: > + The URI-based identifier of a DID or X.509 Issuer. Allows reserved + characters per RFC3986. + Do **NOT** escape the URI. - allowReserved: true # allow reserved characters per RFC3986 + allowReserved: true - in: query - name: authorizationVID + name: authorizationVID required: false schema: $ref: '#/components/schemas/Uri' - description: | - The identifier of the Authorization that is being queried for this Entity. - allowReserved: true # allow reserved characters per RFC3986 + description: > + The identifier of the Authorization that is being queried for this + Entity. + allowReserved: true responses: '200': description: search results matching criteria @@ -70,29 +71,32 @@ paths: $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' - /entities/{entityVID}/authorization: + /entities/{entityVID}/authorization: get: tags: - - registry + - registry summary: Determine whether an Entity has a particular Authorization. parameters: - in: path - name: entityVID + name: entityVID required: true schema: $ref: '#/components/schemas/VID' - description: | - The VID-based identifier of a VID/DID/AID or X.509 Issuer. Allows reserved characters per RFC3986. + description: > + The VID-based identifier of a VID/DID/AID or X.509 Issuer. Allows + reserved characters per RFC3986. + Do **NOT** escape the URI. - allowReserved: true # allow reserved characters per RFC3986 + allowReserved: true - in: query name: authorizationVID required: false schema: $ref: '#/components/schemas/Uri' - description: | - The identifier of the Authorization that is being queried for this Entity. - allowReserved: true # allow reserved characters per RFC3986 + description: > + The identifier of the Authorization that is being queried for this + Entity. + allowReserved: true responses: '200': description: search results matching criteria @@ -106,21 +110,23 @@ paths: $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' - /entities/{entityVID}/authorizations: + /entities/{entityVID}/authorizations: get: tags: - - registry + - registry summary: Determine whether an Entity has a particular Authorization. parameters: - in: path - name: entityVID + name: entityVID required: true schema: $ref: '#/components/schemas/VID' - description: | - The VID-based identifier of a VID/DID/AID or X.509 Issuer. Allows reserved characters per RFC3986. + description: > + The VID-based identifier of a VID/DID/AID or X.509 Issuer. Allows + reserved characters per RFC3986. + Do **NOT** escape the URI. - allowReserved: true # allow reserved characters per RFC3986 + allowReserved: true responses: '200': description: search results matching criteria @@ -134,30 +140,39 @@ paths: $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' - /registries/recognized-registries: + /registries/recognized-registries: get: tags: - - registry - summary: | - Query this Trust Registry about its recognition of another Trust Registry. + - registry + summary: > + Query this Trust Registry about its recognition of another Trust + Registry. parameters: - in: query - name: namespace-VID + name: namespace-VID required: false schema: $ref: '#/components/schemas/VID' - description: | - Filter in only the namespace requested - show all registries otherwise. The URI-based Verifiable Identifier (VID) (e.g. DID or X.509 VID). Allows reserved characters per RFC3986. + description: > + Filter in only the namespace requested - show all registries + otherwise. The URI-based Verifiable Identifier (VID) (e.g. DID or + X.509 VID). Allows reserved characters per RFC3986. + Do **NOT** escape the URI. - allowReserved: true # allow reserved characters per RFC3986 + allowReserved: true - in: query name: EGF-VID required: false - schema: + schema: $ref: '#/components/schemas/VID' - description: | - Filter in only the registries under the specified EGF (by EGF DID). Defaults to be limited to the EGFURI that is being queried at the root. - The URI-based Verifiable Identifier (VID) (e.g. DID or X.509 VID). Allows reserved characters per RFC3986. + description: > + Filter in only the registries under the specified EGF (by EGF DID). + Defaults to be limited to the EGFURI that is being queried at the + root. + + The URI-based Verifiable Identifier (VID) (e.g. DID or X.509 VID). + Allows reserved characters per RFC3986. + Do **NOT** escape the URI. responses: '200': @@ -172,23 +187,27 @@ paths: $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' - /registries/{registryVID}/recognized-registries/: + /registries/{registryVID}/recognized-registries/: get: tags: - - registry - summary: | - Query this Trust Registry about its recognition of a specific Trust Registry. + - registry + summary: > + Query this Trust Registry about its recognition of a specific Trust + Registry. + TODO: determine RoR (registry of registry) impacts here. parameters: - in: path - name: registryVID + name: registryVID required: true schema: $ref: '#/components/schemas/VID' - description: | - The URI-based identifier of a DID or X.509 Issuer. Allows reserved characters per RFC3986. + description: > + The URI-based identifier of a DID or X.509 Issuer. Allows reserved + characters per RFC3986. + Do **NOT** escape the URI. - allowReserved: true # allow reserved characters per RFC3986 + allowReserved: true responses: '200': description: search results matching criteria @@ -202,23 +221,23 @@ paths: $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' - /registries/{registryVID}/: get: tags: - - registry + - registry summary: Get resource data indicated by DID. parameters: - in: path - name: registryVID + name: registryVID required: true schema: $ref: '#/components/schemas/VID' - description: | - The URI-based identifier of a DID or X.509 Issuer. Allows reserved characters per RFC3986. + description: > + The URI-based identifier of a DID or X.509 Issuer. Allows reserved + characters per RFC3986. + Do **NOT** escape the URI. - allowReserved: true # allow reserved characters per RFC3986 - + allowReserved: true responses: '200': description: search results matching criteria @@ -234,23 +253,23 @@ paths: $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' - /lookup/authorizations: - get: tags: - - lookups + - lookups summary: Get a list of Rights that are used in this Trust Registry. parameters: - in: query - name: egfURI + name: egfURI required: true schema: $ref: '#/components/schemas/Uri' - description: | - The URI-based identifier of a DID or X.509 Issuer. Allows reserved characters per RFC3986. + description: > + The URI-based identifier of a DID or X.509 Issuer. Allows reserved + characters per RFC3986. + Do **NOT** escape the URI. - allowReserved: true # allow reserved characters per RFC3986 + allowReserved: true responses: '200': description: search results matching criteria @@ -264,9 +283,8 @@ paths: $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' - /lookup/namespaces: - get: + get: tags: - lookups summary: Get the namespaces that are supported in this trust Registry. @@ -284,23 +302,25 @@ paths: $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' - /lookup/vidmethods: - get: tags: - - lookups - summary: Get a list of DID Methods that are supported by a particular Governance Framework. + - lookups + summary: >- + Get a list of DID Methods that are supported by a particular Governance + Framework. parameters: - in: query - name: egfURI + name: egfURI required: true schema: $ref: '#/components/schemas/VIDMethodListType' - description: | - Provides a list of DID-methods that are supported by this trust registry. MAY include Maximum Assurance Level + description: > + Provides a list of DID-methods that are supported by this trust + registry. MAY include Maximum Assurance Level + that a DID Method is set at under the EGF. - allowReserved: true # allow reserved characters per RFC3986 + allowReserved: true responses: '200': description: search results matching criteria @@ -314,22 +334,26 @@ paths: $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' - /lookup/assurancelevels: get: tags: - - lookups - summary: Get a list of the assurance levels that are in use by this Trust Registry (and its governing EGF). + - lookups + summary: >- + Get a list of the assurance levels that are in use by this Trust + Registry (and its governing EGF). parameters: - in: query - name: egfURI + name: egfURI required: true schema: $ref: '#/components/schemas/Uri' - description: | - The URI-based identifier of the Ecosystem Governance Framework that the assurance levels apply to. Allows reserved characters per RFC3986. + description: > + The URI-based identifier of the Ecosystem Governance Framework that + the assurance levels apply to. Allows reserved characters per + RFC3986. + Do **NOT** escape the URI. - allowReserved: true # allow reserved characters per RFC3986 + allowReserved: true responses: '200': description: search results matching criteria @@ -343,14 +367,12 @@ paths: $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' - - /metadata: - get: + get: tags: - metadata summary: Provides metadata object. - description: Metadata object. + description: Metadata object. responses: '200': description: search results matching criteria @@ -364,16 +386,16 @@ paths: $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' - -# OFFLINE OPERATIONS /offline/exportfile: get: tags: - offline summary: Access a full data file that can be used offline. operationId: getOfflineFile - description: | - Allows querying to determine the status of an Issuer, as identified by their Identifier (unique), + description: > + Allows querying to determine the status of an Issuer, as identified by + their Identifier (unique), + credential type, and EGF that they are operating under. responses: '200': @@ -382,17 +404,16 @@ paths: application/json: schema: $ref: '#/components/schemas/ExportFile' - # '401': - # $ref: '#/components/responses/Unauthorized' - /offline/trustestablishmentdocument: get: tags: - offline summary: Access a full data file that can be used offline. operationId: getTED - description: | - Allows querying to determine the status of an Issuer, as identified by their Identifier (unique), + description: > + Allows querying to determine the status of an Issuer, as identified by + their Identifier (unique), + credential type, and EGF that they are operating under. responses: '200': @@ -407,8 +428,6 @@ paths: $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' - - components: securitySchemes: bearerAuth: @@ -464,7 +483,6 @@ components: application/problem+json: schema: $ref: '#/components/schemas/ProblemDetails' - default: description: Generic Error schemas: @@ -476,12 +494,12 @@ components: type: string format: uri description: string providing an URI formatted according to IETF RFC 3986. - -# MAIN DATA TYPES - AssuranceLevelType: + AssuranceLevelType: type: object - description: | - Creates assurance level as a top-level/first-class-citizen of a Trust Registry. AssuranceLevel values + description: > + Creates assurance level as a top-level/first-class-citizen of a Trust + Registry. AssuranceLevel values + MUST be defined in an EGF if they are used. required: - identifier @@ -491,81 +509,120 @@ components: identifier: type: string format: URI - example: 'did:example:123' - name: + examples: + - did:example:123 + name: type: string - example: "LOA2" + examples: + - LOA2 description: type: string - example: "Level of Assurance 2 - see EGF for definition, terms, obligations, liabilities, and indemnity" - - + examples: + - "Level of Assurance 2 - see EGF for definition, terms, obligations,liabilities, and indemnity" AuthorizationType: - type: object + type: object required: - - identifier + - identifier - simplename - description properties: identifier: type: string - format: VID - example: 'did:example:123' - simplename: + format: uri + examples: + - "did:example:123" + simplename: type: string description: type: string - assuranceLevel: - description: The Assurance Level for the Authorization. Defined in the EGF. [OPTIONAL] - allOf: + assuranceLevel: + description: >- + The Assurance Level for the Authorization. Defined in the EGF. + [OPTIONAL] + allOf: - $ref: '#/components/schemas/AssuranceLevelType' AuthorizationResponseType: - type: object + type: object required: - - identifier - - simplename + - entityID + - authorizationUniqueString - description properties: - identifier: + entityID: + type: string + format: uri + examples: + - did:example:123 + description: > + The VID that identifies the Entity that may (i.e. it may be expired, + revoked, terminated) hold the particular Authorization. + authorizationUniqueString: type: string - format: VID - example: 'did:example:123' - simplename: + description: The unique string that identifies the Authorization. + authorizationID: type: string + format: uri + examples: + - "did:example:123" + description: the VID that identifies the particular Authorization. description: type: string - authorizationAssuranceLevel: - description: The Assurance Level for the Authorization. Defined in the EGF. [OPTIONAL] + assuranceLevel: + description: >- + The Assurance Level for the Authorization. Defined in the EGF. + [OPTIONAL] allOf: - $ref: '#/components/schemas/AssuranceLevelType' + authorizationStatus: + $ref: '#/components/schemas/StatusType' authorizationValidity: description: The Validity dates related to this particular authorization. allOf: - $ref: '#/components/schemas/ValidityDatesType' - - status: + EntityType: + type: object + required: + - identifier + - governanceFrameworkVID + - status + - validFromDT + properties: + entityVID: type: string - enum: - - current - - expired - - terminated - - revoked - description: > - Provides a current status for entity (issuer or verifier) - - - current - the entity is currently authorized, as of time of the - query. - - - expired - entity rights have expired. - - - terminated - entity has voluntarily ceased Issuer role under the - specific EGF. - - - revoked - entity authority under specific EGF was terminated by - the governing authority. - statusDetail: + format: uri + examples: + - "did:example:123" + description: The primary identifier for the Entity (i.e. the primary key) + governanceFrameworkVID: type: string - description: Optional free text that expands on the status parameter. + format: uri + exampls: + - "did:example:456" + primaryTrustRegistryVID: + type: string + format: uri + examples: + - "did:example:123" + description: A VID identifying the registered entity's Primary Trust Registry + authorizations: + $ref: '#/components/schemas/AuthorizationListType' + description: List of the Authorizations that the Entity has. + secondaryTrustRegistries: + type: array + items: + type: string + format: uri + examples: + ["did:example:456", "did:example:789"] + description: >- + A VID identifying a secondary trust registry that this Entity is + registered in. + participatingNamepaces: + $ref: '#/components/schemas/NamespaceListType' + entityDataValidity: + $ref: '#/components/schemas/ValidityDatesType' + registrationStatus: + $ref: '#/components/schemas/StatusType' VIDMethodType: type: object required: @@ -575,308 +632,287 @@ components: properties: identifier: type: string - description: | - as "maintained" at https://w3c.github.io/did-spec-registries/#did-methods TODO: do better... + description: > + as "maintained" at + https://w3c.github.io/did-spec-registries/#did-methods TODO: do + better... maximumAssuranceLevel: - description: | - A DID Method may, due to technical or human trust considerations be limited in the assurance + description: > + A DID Method may, due to technical or human trust considerations be + limited in the assurance + level that it can provide. - allOf: + allOf: - $ref: '#/components/schemas/AssuranceLevelType' - IntegrityType: type: object - description: Integrity object + description: Integrity object required: - - hash + - hash - hashtype properties: - hashtype: - type: string - example: "sha-256" + hashtype: + type: string + examples: + - "sha2-256" description: | Hashing algorithm well-known-name. TODO: Reference to some list? - hash: + hash: type: string - description: asdf - example: "64ee532ac8a4871e21ccf0397ac8154efb747ec37a2a116c35fc8b810cbf24bd" - + description: the hash of the data. + examples: + - "64ee532ac8a4871e21ccf0397ac8154efb747ec37a2a116c35fc8b810cbf24bd" ResourceReferencedType: type: object description: Resource that is provided by reference to a different source. - required: + required: - identifier - lastupdated - datatype - - resourceURI + - resourceURI properties: identifier: type: string - format: VID - example: 'did:example:123' + format: uri + examples: + - did:example:123 lastupdated: type: string - format: date-time #RFC 3339, Section 5.6 + format: date-time datatype: - description: | + description: > TODO: DECIDE about mimeType vs. dataType as property name - The `kind` of resource (e.g. credential-definition, schema-definition, revocation-registry). intended + + The `kind` of resource (e.g. credential-definition, + schema-definition, revocation-registry). intended + to be used by recipient for processing of the data payload. type: string resourceURI: $ref: '#/components/schemas/Uri' integrity: $ref: '#/components/schemas/IntegrityType' - ResourceDirectType: type: object - description: Resource that is served directly by this trust registry. - required: + description: Resource that is served directly by this trust registry. + required: - identifier - lastupdated - datatype properties: identifier: type: string - format: VID - example: 'did:example:123' + format: uri + examples: + - "did:example:123" lastupdated: type: string - format: date-time #RFC 3339, Section 5.6 + format: date-time datatype: - description: | + description: > TODO: DECIDE about mimeType vs. dataType as property name - The `kind` of resource (e.g. credential-definition, schema-definition, revocation-registry). intended + + The `kind` of resource (e.g. credential-definition, + schema-definition, revocation-registry). intended + to be used by recipient for processing of the data payload. type: string resourceURI: description: Resource URI for direct reference (to this Trust Registry). $ref: '#/components/schemas/Uri' payloadJSON: - type: object - description: JSON object - - NamespaceType: + type: object + description: JSON object + NamespaceType: type: object - description: | - Namespace object - formal name, EGF that governs namespace, VC/DIDAuth/etc. + description: > + Namespace object - formal name, EGF that governs namespace, + VC/DIDAuth/etc. required: - identifier - canonicalString properties: identifier: type: string - format: VID - example: 'did:example:123' - canonicalString: + format: uri + examples: + - "did:example:123" + canonicalString: type: string - example: + examples: - "ca.issuer.driverlicense" - - "mining.tsm" + - "mining.tsm" egfURI: type: string - example: + examples: - "did:example:GlobalDriverLicenseDID" description: URI of the EGF that defines the namespace. description: type: string - RegistryType: type: object - description: | - Data structure for basic Trust Registry indication of what the queried TR will state about another TR. - required: + description: > + Data structure for basic Trust Registry indication of what the queried + TR will state about another TR. + required: - identifier - name properties: identifier: type: string - format: VID - example: 'did:example:123' - name: + format: uri + examples: + - "did:example:123" + name: type: string - example: "Professional Engineers Ontario" + examples: + - "Professional Engineers Ontario" description: type: string - example: "Established on June 14, 1922, Professional Engineers Ontario (PEO) is the licensing and regulating body for professional engineering in the province." - + examples: + - "Established on June 14, 1922, Professional Engineers Ontario (PEO) is the licensing and regulating body for professional engineering in the province." + participatingNamepaces: + $ref: '#/components/schemas/NamespaceListType' peerType: type: string enum: - peer - - superior - - subordinate + - superior + - subordinate - metaregistry description: > - Relationship types - how does the TR that is being queried consider the other TR. + Relationship types - how does the TR that is being queried consider + the other TR. * peer - registy is recognized as a peer under another jurisdiction or governance mechanism. * superior - registry is above this TR in a hierarchy. * subordinate - registry is subordinate to this TR in a hierarchy. * metaregistry - registry being queried is considered (by this TR) to be a metaregistry (aka registry of registries) - - - - EntityType: + StatusType: type: object + description: >- + Status and textual description for Entity Registration Status, and + Entity Authorization Status required: - - identifier - - credentialType - - governanceFrameworkURI - status - - validFromDT properties: - identifier: - type: string - format: VID - example: 'did:example:123' - authorizations: - $ref: '#/components/schemas/AuthorizationListType' - description: List of the Authorizations that the Entity has. - - governanceFrameworkVID: - type: string - format: VID - example: 'did:example:456' - primaryTrustRegistryVID: - type: string - format: VID - example: 'did:example:456' - description: "A VID identifying the registered entity's Primary Trust Registry" - additionalTrustRegistries: - type: array - items: - type: string - format: VID - example: 'did:example:456' - description: "A VID identifying the a Trust Registry" - DIDDocument: - type: string - format: URI - description: '(TODO: REMOVE? redundant and confusing)Provides a URI that resolves to the DID Document for the Identifier.' - entityDataValidity: - $ref: '#/components/schemas/ValidityDatesType' - status: + status: type: string - enum: [current, expired, terminated, revoked] + enum: + - current + - expired + - terminated + - revoked description: | - Provides a current status for entity (issuer or verifier) - - current - the entity is currently authorized, as of time of the query. - - expired - entity rights have expired. - - terminated - entity has voluntarily ceased Issuer role under the specific EGF. - - revoked - entity authority under specific EGF was terminated by the governing authority. - statusDetail: - type: string - description: "Optional free text that expands on the status parameter." -# LIST data types - used to provide context to the array data served up. - + Provides a current status for entity at time of the query. + - current - status is current in the system of record. + - expired - status has expired in the system of record. + - terminated - entity has voluntarily terminated its status. + - revoked - status was revoked by the governing authority. + detail: + type: string + description: Optional free text that expands on the status parameter. AssuranceLevelListType: type: array - items: + items: $ref: '#/components/schemas/AssuranceLevelType' - AuthorizationListType: type: array - items: + items: $ref: '#/components/schemas/AuthorizationType' - example: - - identifier: "did:example:abc" - simplename: "country:role" - - identifier: "did:example:abcd" - simplename: "canada:professional:engineer" + examples: + - identifier: did:example:abc + simplename: country:role + - identifier: did:example:abcd + simplename: canada:professional:engineer AuthorizationResponseListType: type: array - items: + items: $ref: '#/components/schemas/AuthorizationResponseType' - example: - - identifier: "did:example:abc" - simplename: "country:role" - - - identifier: "did:example:abcd" - simplename: "canada:professional:engineer" + examples: + - identifier: did:example:abc + simplename: country:role + - identifier: did:example:abcd + simplename: canada:professional:engineer NamespaceListType: type: array items: - $ref: "#/components/schemas/NamespaceType" - + $ref: '#/components/schemas/NamespaceType' RegistryListType: type: array - description: "Array of RegistryQueryType" + description: Array of RegistryQueryType items: - $ref: "#/components/schemas/RegistryType" - + $ref: '#/components/schemas/RegistryType' EntityListType: type: array items: $ref: '#/components/schemas/EntityType' - VIDMethodListType: type: array - items: + items: $ref: '#/components/schemas/VIDMethodType' - - MetadataType: type: object - required: + required: - lastupdated properties: lastupdated: type: string - format: date-time #RFC 3339, Section 5.6 - languages: # TODO: create Object with default-language + format: date-time + languages: type: array - description: language codes (RFC 4646 - https://datatracker.ietf.org/doc/html/rfc4646) - items: + description: >- + language codes (RFC 4646 - + https://datatracker.ietf.org/doc/html/rfc4646) + items: type: string - example: + examples: - "en" - "en-CA" - "fr-CA" - - - ExportLookups: type: object properties: VIDMethods: $ref: '#/components/schemas/VIDMethodListType' - AssuranceLevels: + AssuranceLevels: $ref: '#/components/schemas/AssuranceLevelListType' - Authorizations: + Authorizations: $ref: '#/components/schemas/AuthorizationListType' - Namespaces: + Namespaces: $ref: '#/components/schemas/NamespaceListType' - - ValidityDatesType: type: object - description: Date and Time of validity. - properties: + description: Date and Time of validity. + properties: validFromDT: type: string format: date-time - description: 'Indicates that the Identifier status applies at the indicated time. A time in the past indicates when the last status change was recorded in the Trust Registry.' + description: >- + Indicates that the Identifier status applies at the indicated time. + A time in the past indicates when the last status change was + recorded in the Trust Registry. validUntilDT: type: string format: date-time - description: 'Indicates the validity ends/ended at this date and time. A time in the past may indicate that the data have expired. A blank response indicates that the validity does not have an end value (i.e. does not or has not expired yet).' - - + description: >- + Indicates the validity ends/ended at this date and time. A time in + the past may indicate that the data have expired. A blank response + indicates that the validity does not have an end value (i.e. does + not or has not expired yet). ExportFile: type: object - required: + required: - extractdatetime properties: - extractdatetime: + extractdatetime: type: string format: date-time - description: 'The time of the data extraction.' + description: The time of the data extraction. version: type: string - nullable: true - description: Version string [OPTIONAL] + description: Version string [OPTIONAL] validity: - $ref: '#/components/schemas/ValidityDatesType' + $ref: '#/components/schemas/ValidityDatesType' lookups: $ref: '#/components/schemas/ExportLookups' registries: @@ -885,20 +921,16 @@ components: $ref: '#/components/schemas/EntityListType' resources: $ref: '#/components/schemas/RegistryListType' - TrustEstablishmentDocument: - type: object + type: object required: - TBD - description: Trust Establishment Document per https://identity.foundation/trust-establishment/ + description: >- + Trust Establishment Document per + https://identity.foundation/trust-establishment/ properties: - TBD: - type: string - - - -#TODO: Where did ProblemDetails come from? - + TBD: + type: string ProblemDetails: description: A Problem Details object (RFC 7807) type: object @@ -907,27 +939,34 @@ components: type: string format: uri description: An absolute URI that identifies the problem type - default: about:blank # kept for backwards-compatibility, type will be mandatory in problem-v2 + default: about:blank title: type: string - description: A short summary of the problem type. Written in English and readable for engineers (usually not suited for non technical stakeholders and not localized). - example: Service Unavailable + description: >- + A short summary of the problem type. Written in English and readable + for engineers (usually not suited for non technical stakeholders and + not localized). + examples: + - "Service Unavailable" status: type: integer format: int32 - description: The HTTP status code generated by the origin server for this occurrence of the problem. + description: >- + The HTTP status code generated by the origin server for this + occurrence of the problem. minimum: 400 maximum: 600 - exclusiveMaximum: true detail: type: string - description: A human-readable explanation specific to this occurrence of the problem + description: >- + A human-readable explanation specific to this occurrence of the + problem instance: type: string format: uri - description: An absolute URI reference that identifies the specific occurrence of the problem. It may or may not yield further information if dereferenced. + description: >- + An absolute URI reference that identifies the specific occurrence of + the problem. It may or may not yield further information if + dereferenced. security: - - bearerAuth: [] # apply to full API - #ADJUST - remove prescriptive - and add verbiage to support - # future use of VC/DIDAuth/etc. - # \ No newline at end of file + - bearerAuth: [] \ No newline at end of file diff --git a/diagrams/highlevel.plantuml b/diagrams/highlevel.plantuml index bfb464b..aab855f 100644 --- a/diagrams/highlevel.plantuml +++ b/diagrams/highlevel.plantuml @@ -71,25 +71,29 @@ package QueryDataObjects { class EntityList class Entity { - identifier: VID - didmethod: DIDMethod - Authorizations[]: EntityAuthorizationList - registryListings[] - Namespaces[] + entityVID: VID + name: string + metadata: object + description: string + primaryTrustRegistry: VID + registrationStatus: string + registrationStatusDetail: string + secondaryTrustRegistries[] + authorizations[]: EntityAuthorizationList + participatingNamespaces[] HasAuthorization(Authorization) } class EntityAuthorization { entityID: VID + authorizationUniqueString: string authorizationID: VID - simplename: string description: string assuranceLevel: string status: AuthorizationStatus + statusDetail: string ' ValidityDatesType (TODO: remove type?) - validFromDT: datetime - validToDT: datetime - + authorizationValidity: ValidityDatesType } object Registry { @@ -162,8 +166,6 @@ class ExportFile { Resources: ResourceList Metadata Validity - - } Class ValidityDatesType { diff --git a/spec/header.md b/spec/header.md index 61de96f..e379481 100644 --- a/spec/header.md +++ b/spec/header.md @@ -21,6 +21,17 @@ Shift to Implementer Review Draft before going to Implementer Review. ::: ## Draft Specification +### Note to Implementers and Reviewers + +The intent of this Implmenters Review Draft Deliverable is to drive input for the specification. Comments + +Provide input via: +* GitHub Issues - for items that need to be tracked. These will be formally dispositioned t + +::: TODO: +TODO: complete this preamble. @darrellodonnell +::: + ### Source The following links will be helpful for editors and reviewers during the DRAFT stage. diff --git a/spec/images/puml/highlevel.png b/spec/images/puml/highlevel.png index 95795d0..ace793a 100644 Binary files a/spec/images/puml/highlevel.png and b/spec/images/puml/highlevel.png differ