Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ids-messaging: Add aditional validations #1152

Closed
2 of 4 tasks
Tracked by #1351
juliapampus opened this issue Apr 14, 2022 · 6 comments
Closed
2 of 4 tasks
Tracked by #1351

ids-messaging: Add aditional validations #1152

juliapampus opened this issue Apr 14, 2022 · 6 comments
Labels
enhancement New feature or request stale Open for x days with no activity
Projects
Connector

Comments

@juliapampus
Copy link
Contributor

Feature Request

The ids messaging could be improved by extending the validation of incoming messages.

Which Areas Would Be Affected?

ids multipart handler

Why Is the Feature Desired?

Prevent identity theft and IDS infomodel incompatibilities.

Solution Proposal

This list could be extended:

  • Compare DAT claims to message values (e.g. referringConnector == issuerConnector; check hostname of incoming request)
  • Check IDS Infomodel version against inbound versions

Type of Issue

improvement

Checklist

  • assigned appropriate label?
  • Do NOT select a milestone or an assignee!
@juliapampus juliapampus added enhancement New feature or request ids labels Apr 14, 2022
@juliapampus juliapampus added this to the Milestone 4 milestone Apr 14, 2022
@github-actions github-actions bot added this to Backlog in Connector Apr 14, 2022
@sebbader
Copy link

I propose SHACL for the second task (Check IDS Infomodel version against inbound versions). The IDS IM ships with SHACL schemas (aka shapes) out of the box, and there is a pretty widely used open source library: https://github.com/TopQuadrant/shacl

@tmberthold
Copy link
Member

tmberthold commented May 4, 2022
edited
Loading

For the (dat-)referringConnector == (message-)issuerConnector and hostname validation, please watch out for Catena-X, because the DAT claim is currently used for the BPN at the moment (e.g. BPNLCDQ90000X42KU as part of the referringConnector-claim URL, and the real hostname does not necessarily include that, so hostname validation will likely fail).

https://github.com/catenax-ng/product-edc/blob/1708db02372a2e85ec6e888ecbd3efeae9139b9b/edc-extensions/business-partner-validation/src/main/java/net/catenax/edc/validation/businesspartner/functions/AbstractBusinessPartnerValidation.java#L85

update: BPN seems to be now required to be part of the Connector-URL

@SebastianOpriel
Copy link

SebastianOpriel commented May 4, 2022
edited
Loading

If a BPN instead of the connectors URL is used for referringConnector field, no direct interoperability with other data spaces will be possible. Or another service must be present, which allows a lookup of further details.
I ask myself how EDC in case of using BPN is able to avoid DAT reply attacks.

@tmberthold tmberthold mentioned this issue May 18, 2022
Closed
@juliapampus juliapampus mentioned this issue May 24, 2022
Closed
17 tasks
@juliapampus juliapampus removed this from the Milestone 4 milestone Jun 1, 2022
@github-actions
Copy link

This issue is stale because it has been open for 14 days with no activity.

@github-actions github-actions bot added the stale Open for x days with no activity label Jun 16, 2022
@github-actions
Copy link

This issue was closed because it has been inactive for 7 days since being marked as stale.

Connector automation moved this from Backlog to Done Jun 23, 2022
@github-actions
Copy link

This issue was closed because it has been inactive for 7 days since being marked as stale.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request stale Open for x days with no activity
Projects
No open projects
Connector
  
Done
Milestone
No milestone
Development

No branches or pull requests
4 participants
@sebbader @SebastianOpriel @juliapampus @tmberthold