-
Notifications
You must be signed in to change notification settings - Fork 216
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Policy negotiation flow #239
Comments
Really thorough! I need to digest this a bit but should there also be an error state from contract negotiation? |
Another comment: if the contract is malformed, I would tend to model that as an error state as opposed to declined. What do you think? |
@jimmarino @juliapampus @ronjaquensel
Also in theory, it would be possible to go from |
@juliapampus @ronjaquensel I took the states you defined and started modeling a contract negotiation state machine. I came across some issues and simplifications I think we can make. I'll start with suggested additions and removals:
Based on these, here is the state diagram I came up with. Transitions happen after events initiated by the client (C), provider (P), or both (C/P). Either a client or provider can transition to the ERROR state from any other state. This is not shown to simplify the diagram. Let me know what you think and if these changes sound reasonable. Implementation Notes
Contract Negotiation ImplementationThis part outlines an implementation for the contract negotiation process based on the specification created by @juliapampus @ronjaquensel. Architectural ConsiderationsThe contract negotiation subsystem will be modelled as a state machine, which aligns with the existing design of the transfer process subsystem. This state-machine design is necessary to support the key requirements of asynchronous and reliable operation. A contract negotiation is conducted between two Asynchronous, Reliable OperationAs outlined by the state charts, a The
The client and provider subtypes will define the following operations respectively (these operations are a rough sketch and not complete):
and (these operations are a rough sketch and not complete):
All operations will be idempotent and return immediately. However, side effects of those operations will be run on a separate timer thread. For example, a provider may confirm a negotiation. This operation will transactionally update a backing persistent store with the state transition. However, sending a notification and finalized This design is the same as the AuditabilityAll metadata associated with a negotiation process will be persisted as part of the The Non-RepudiationNon-repudiation (the ability for each party to prove the contents of a PR Descriptions@jimmarino will provide the following PRs (if someone is interested in working with on this together, please DM). Part 1: Introduce types and service interfacesThis PR will introduce the basic type and service definitions for Part 2: ContractNegotiationManager implementationThis PR will implement the skeletons introduced in Part 1. |
As discussed last week, @ronjaquensel and I want to share our thoughts about a possible contract negotiation flow containing states - similar to our current transfer process.
.puml
files: edc-negotiation.zipWe tried to keep the number of states as small as possible. States on both sides express the same behaviour and, therefore, trigger the same action.
REQUESTED
(prov, cons): A contract request or counter offer has been initiated. The connector sends an appropriate message to the recipient. The state is changed toREQUEST_ACK
as soon as the request or a response to a request has been received.REQUEST_ACK
(prov, cons): The connector has sent a contract request/offer. The connector (on e.g. consumer side) that initiated the request/offer is waiting for a response. The connector that approved the receipt of a request/offer is switching to the next state.VALIDATING
(prov, cons): Depending on the input (contract request/offer/agreement), the connector validates the contract by comparing it with the contract of the last state. E.g. request - offer, offer - offer, agreement - offer, agreement - request, agreement - agreement. Optionally, the user or another system is being involved in the negotiation process.APPROVED
(prov, cons): As soon, as the contract's content is approved by the connector, a user, or an external system, the connector builds an appropriate contract agreement. This is stored in a dedicated location. As soon as the initial sender of an agreement has not received a matching contract agreement, the stored one is marked asnot confirmed
. Next, a message containing the agreement is sent. The status changes toPENDING
.DECLINED
(prov, cons): If a contract is malformed or invalid, or a user wants to abort the negotiation process, the state changes toDECLINED
. Thereupon, a contract rejection is sent (and the process gets removed). If necessary, the rejection is logged on both sides and propagated involved users or systems.PENDING
(prov, cons): This state implies that an agreement has been sent and the connector is waiting for confirmation. This can happen both on provider and consumer side, depending on the one that first agreed.CONFIRMED
(prov, cons): If the validation of an agreement is successful, the state changes toCONFIRMED
. As a result, the stored agreement is marked as confirmed and persisted permanently. Thus, it can be used for later access and usage control.ENDED
(prov, cons): This is the final state that marks the negotiation process as ended. No further action is required.Below, you can see a possible negotiation process that is based on the one that has been created some time ago (see here). Please note that the validation process within the negotiation phase was shortened for readability purpose. On top of that, not everything may be necessary for the "happy flow".
Since agreements can expire or be revoked, they have different states - as indicated above.
INITIATED
: not confirmed by the assignee yetCONFIRMED
: valid contract that can be used for access and usage controlEXPIRED
: the end date has been reached, nevertheless the contract can be extendedREVOKED
: the contract has been ended by e.g. a user with appropriate rightsThe text was updated successfully, but these errors were encountered: