Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve the business-partner-validation extensions #673

Closed
paullatzelsperger opened this issue Jul 27, 2023 · 3 comments · Fixed by #687, #688 or #690
Closed

Improve the business-partner-validation extensions #673

paullatzelsperger opened this issue Jul 27, 2023 · 3 comments · Fixed by #687, #688 or #690
Assignees
@paullatzelsperger
Labels
enhancement New feature or request

Comments

@paullatzelsperger
Copy link
Contributor

WHAT

The current implementation of the BPN validation simply validates a BPN against a hard-coded list of BPNs stored on a policy. While this works well for testing, it is not scalable in a production environment, because

  • every contract definition is explicitly bound to specific BPNs
  • changing intended recipients of a data offer requires updating the policy
  • the same function is bound for Duty, Permission, Prohibition, where it only should be Permission

WHY

Inflexible and actually wrong implementation of BPN validation

HOW

Add a new extension, that performs the validation not against a hard-coded list, but rather reads that list from a database table. This table can be manipulated via a new API endpoint. Thus the following implementation items are necessary:

  • In-Mem implementation
  • Postgres implementation
  • REST controller
  • a new Policy evaluation function "BPN in getListFromDatabase()",
  • deprecate but don't delete the old extension
@paullatzelsperger paullatzelsperger added the enhancement New feature or request label Jul 27, 2023
@paullatzelsperger paullatzelsperger self-assigned this Jul 27, 2023
@SebastianOpriel
Copy link

SebastianOpriel commented Jul 27, 2023
edited

Some things which come to my mind:

  • Deletion of a BPN shall be reflected on consumers side, as the concluded contract couldn't be used anymore and most probably will result in a transfer error.
  • A change might be legally a breach of contract, as consumer might rely its business processes on that data
  • Wasn't there a discussion around updating contract definitions? I have in min that the proposed solution was to create new contract definitions, assets, etc. Same applied to deleting a concluded contract. But maybe, that is overhauled.

@paullatzelsperger
Copy link
Contributor Author

paullatzelsperger commented Aug 2, 2023
edited

Some things which come to my mind:

  • Deletion of a BPN shall be reflected on consumers side, as the concluded contract couldn't be used anymore and most probably will result in a transfer error.
  • A change might be legally a breach of contract, as consumer might rely its business processes on that data
  • Wasn't there a discussion around updating contract definitions? I have in min that the proposed solution was to create new contract definitions, assets, etc. Same applied to deleting a concluded contract. But maybe, that is overhauled.

These are all valid points, but that's not what this issue is about. This issue is about storing the BPNs in a database, instead of hard-coding them directly in the policy. So functionally, nothing will change.

Updating ContractDefinitions is possible via the Management API

Whether or not a particular operation is allowed from a legal perspective may vary with country, jurisdiction, business context, etc., so it must be handled elsewhere, i.e. outside of EDC.

@SebastianOpriel
Copy link

Thanks for clarification and hint to Mgt API!

@paullatzelsperger paullatzelsperger mentioned this issue Aug 2, 2023
Merged
This was referenced Aug 3, 2023
Merged
Merged
@SebastianOpriel SebastianOpriel mentioned this issue Aug 31, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@paullatzelsperger paullatzelsperger

Labels
enhancement New feature or request
Projects
EDC Board
Status: Done
Milestone
No milestone
2 participants
@SebastianOpriel @paullatzelsperger