docs: company certificate standard/update & fix merge conflicts#1
docs: company certificate standard/update & fix merge conflicts#1PaddseL wants to merge 68 commits into
Conversation
first draft for revising response codes
Added fixes.
Fixed image link.
Updated section 2.1.5
Updated state machine image
…ceiver. A few additional changes
Explained EDC HTTP response limitations.
- Added explanation for use of Certificate Receiver/Distributor terms. - Reworked the information regarding the feedbackUrl (also made them part of the normative standard). - Reworked the Note for the EDC issue with 400 response codes.
Fixed formatting for one **MUST**
Fixed more normative formatting.
Added comments from todays discussion.
Added restriction to one unique asset per API (version/subject)
Such comments should go onto the pull request on github instead
- Added all changes from todays expert group discussion - refactored naming - updated all legacy images and changed them from png to svg
PaddseL
changed the title
|
@PaddseL Thank you for your consolidation efforts! Find four points of mine described below, but other than that this gets a confirmation from me:
|
| "receiverBpn" : "BPNL0000000002CD", | ||
| "sentDateTime" : "2025-05-04T00:00:00-07:00", | ||
| "version" : "3.1.0" | ||
| "header": { |
There was a problem hiding this comment.
I'm not sure if it is by purpose or maybe I have missed something, but this request and all requests below are slightly different than the ones defined in the openapi spec.
You can see that in the API spec there are additional fields like: 'expectedResponseBy' and 'context'. This is the case for ALL endpoints in the standard expect /status
Why are they in the API spec and not mentioned in the standard. Should we support those ? What is their purpose ?
There was a problem hiding this comment.
@nicoprow I would say remove from the open API spec?
There was a problem hiding this comment.
context is in the example in line 127, relatedMessageId and expectedResponseBy are optional attributes in the message header aspect model, which is referenced in the openAPI yaml.
I would leave it as it is, like this we're reusing the message header from CX0151 but are only specifying the relevant information in the examples.
There was a problem hiding this comment.
But I think it still should be explained in the standard what this property is if we have it in the spec. Does not matter if it is optional or not.
Ok, for the 'context'. Missed it. Thanks.
| ``` | ||
|
|
||
| >**`documentId` explanation**: | ||
| > The reasoning why a documentId (the unique ID of EDC asset of the certificate) is to be returned (and not for example the certificate as a return payload) is, |
There was a problem hiding this comment.
So can I assume that documentI**d** present in the standard (through all endpoints) is always the Id of the asset representing the certificate and the documentI**D** present in the PUSH is only an internal Id of the certificate not related to the asset of certificate ?
There was a problem hiding this comment.
seems to me that way; I can only speak for the documentId that we added to the pull scenario - that is intended to act as a shortcut for getting the new certificate, so the edc catalog filter returns only exactly this one document and no others
There was a problem hiding this comment.
they are referring to the same ID. the spelling with the capital D is just due to the business certificate aspect model, changing the aspect model is out of scope for this patch release from my understanding.
There was a problem hiding this comment.
I was more asking about the relation between the asset ID representing the certificate and documentId.
So you are saying that the docuemntID present in the request body of the PUSH mechanism is the ID of the asset of the certificate in the EDC ?
There was a problem hiding this comment.
I also raised that at the initial version of the PR: there is no written requirement on the naming of the asset for the pull mechanism.
When using the push mechanism, the certificate technically and by standard does not need an EDC asset:
Certificate Provider MUST expose company certificates in their catalog when using the pull mechanism.
However, for me it would make sense to implement it that way (asset ID = documentID) when using both mechanisms.
EDIT:
I just realized where the confusion comes from. The wording
documentId (the unique ID of EDC asset of the certificate)
might be misleading here, i would suggest changing it to
documentId (the unique ID of the certificate)
which is more fitting in my opinion.
There was a problem hiding this comment.
If this comes down to interpretation, it means we need to write it explicitly into the standard. If we end up with non-interoperable solutions, then the standard did not do its job. For the pull scenario we explicitly defined the documentId as the EDC assetId.
Since it appears to be not clear for the push scenario, I would suggest the expert group votes on if this also will be defined that way for the push scenario?
There was a problem hiding this comment.
Yes exacly! But those IDs are 2 different things.
I can imagine that a provider has the certificate persisted somewhere with this metadata including documentID, and can expose this certificate in 2 different edcs for 2 different use cases (for whatever reason). Then the 'documentID' as reference to asset id makes no sense in this case as there can be multiple asset Ids (?). It also creates a dependency to the asset Id - and what if this changes?
That is why I'm more on saying:
- documentId (present in CM APIs) = the unique ID of EDC asset of the certificate
- documentID (present in Certificate metadata) = some internal certificate ID of the provider, not related to the asset id.
There was a problem hiding this comment.
Sorry but i can't find any explicit requirement for the naming of certificate assets (for the pull mechanism), the only thing i found is the following:
The following sections detail how notification API and certificate assets should be offered in the dataspace. Please note the depicted examples show @id fields with random example UUIDs. Every dataspace participant may use their individual random uuid.
Also, to search for certificate assets with a catalog request, following requirements are specified:
The certificate assets MUST be created by the Certificate Provider in their connector catalog to be consumed by the Certificate Consumer. The property certificateType MUST reference the type of the certificate as defined in 3.2.2 Certificate Type. The property enclosedSites MUST contain all BPNSs for which the certificate is valid. The subject MUST reference cx-taxo:CompanyCertificate. Additionally, the assets MUST contain the type cx-taxo:Submodel and the semanticId specified in 3.1.2 Business Partner Company Certificate Submodel.
Also, this hint:
The certificate assets are identified by the combination of dct:subject, dct:certificateType and dct:enclosedSites. When searching the EDC catalog for a specific asset for which the assetId is unkown, make use of those properties in the catalog filter.
There was a problem hiding this comment.
Sorry but i can't find any explicit requirement for the naming of certificate assets (for the pull mechanism), the only thing i found is the following:
The following sections detail how notification API and certificate assets should be offered in the dataspace. Please note the depicted examples show @id fields with random example UUIDs. Every dataspace participant may use their individual random uuid.
Also, to search for certificate assets with a catalog requests, following requirements are specified:
The certificate assets MUST be created by the Certificate Provider in their connector catalog to be consumed by the Certificate Consumer. The property certificateType MUST reference the type of the certificate as defined in 3.2.2 Certificate Type. The property enclosedSites MUST contain all BPNSs for which the certificate is valid. The subject MUST reference cx-taxo:CompanyCertificate. Additionally, the assets MUST contain the type cx-taxo:Submodel and the semanticId specified in 3.1.2 Business Partner Company Certificate Submodel.
Also, this hint:
The certificate assets are identified by the combination of dct:subject, dct:certificateType and dct:enclosedSites. When searching the EDC catalog for a specific asset for which the assetId is unkown, make use of those properties in the catalog filter.
So for me, this documentID in the Certificate metadata (Push content) is nothing more but an internal ID.
We search those assets using only the criterias you mentioned here.
Maybe I miss understood you, but do you want to change the endpoint from
That would be also a breaking change, as this is one of the property used to search this asset in the catalog call. |
Yes to both; |
PaddseL
force-pushed
the
docs/company-certiciate-standard/update-fix-merge-conflicts
branch
2 times, most recently
from
db10d3e to
485baa9
Compare
…/update' into docs/company-certiciate-standard/update-fix-merge-conflicts
PaddseL
force-pushed
the
docs/company-certiciate-standard/update-fix-merge-conflicts
branch
from
485baa9 to
c19428b
Compare
| Business Application Provider: | ||
|
|
||
| - Business Application Provider **MUST** implement all features of the Certificate Notification API, including the support of the push, the pull and also the feedback and available mechanism. | ||
| - Business Application Provider **MUST** offer the push mechanism option to the Certificate Consumer application user, if the Certificate Consumer supports the push mechanism. |
There was a problem hiding this comment.
Can you change it to:
Business Application Provider MUST offer the push mechanism option to the application user, if the Certificate Consumer supports the push mechanism." Since of course it would be the Certificate Provider who uses the push mechanism.
…/update' into docs/company-certiciate-standard/update-fix-merge-conflicts
…/update' into docs/company-certiciate-standard/update-fix-merge-conflicts
PaddseL
force-pushed
the
docs/company-certiciate-standard/update-fix-merge-conflicts
branch
from
78f4c8c to
5b9a41d
Compare
…/update' into docs/company-certiciate-standard/update-fix-merge-conflicts
PaddseL
force-pushed
the
docs/company-certiciate-standard/update-fix-merge-conflicts
branch
from
5b9a41d to
c10f1ca
Compare
| "version": "3.1.0" | ||
| }, | ||
| "content": { | ||
| "requestStatus": "IN_PROGRESS" |
There was a problem hiding this comment.
If the /request is answered with "requestStatus": "IN_PROGRESS", how to answer with a follow up call with
"content": { "documentId": "00000000-0000-0000-0000-000000000001", "requestStatus": "COMPLETED" }
or with REJECTED ?
This is not part of the /status (where there is no requestStatus field call) so how should it work ?
There was a problem hiding this comment.
The request mechanism is designed to be polled. The Certificate Consumer needs to repeatedly call the / request endpoint of the Certificate Provider until the requestStatus is in a final state, therefore COMPLETED or REJECTED. If the final state is COMPLETED, the Certificate Consumer can consume the certificate from the Certificate Provider with the pull mechanism.
|
Thank you @PaddseL ; I won't be able to make it to today's sync, but this gets an approval from MB side. |
…/update' into docs/company-certiciate-standard/update-fix-merge-conflicts
…/update' into docs/company-certiciate-standard/update-fix-merge-conflicts
|
The added comment regarding the Thanks Patrick! |
4 participants
This version of the PR has the latest upstream changes merged into and the merge conflicts resolved.
Docs/company certificate standard/update nicoprow/catenax-ev.github.io#1
chore: apply code review suggestions, qol changes nicoprow/catenax-ev.github.io#2
Bumped version to v2.4.0