Initial GET and DELETE Operations #271
Conversation
mprorock
requested review from
peacekeeper,
msporny,
mavarley,
OR13 and
mkhraisha
as code owners
|
@msporny i am inclined to set "id" for getters to be UUID or a URI - does this make sense to you? |
I'm fine to start there. I expect that we'll quickly move towards something that looks more like 'transaction-id' as the next step, and then expand further after that. Every time we try to pick UUID, it turns into "UUID and multi-base 128 bit value", which then turns into "but I want to encode JWT-like objects in the ID, so give me 1024 URL-safe characters to play around with". I get why we'd want URIs for GET... shudder a bit at having to URIEncode those. No strong feelings, but again, feels like "id"s are just going to turn into "1024 URL-safe characters" over time. Just my $0.02 for now. |
yeah - i suspect you are right for top level API and then i also expect profiles to tighten that down to their specific requirements - e.g. i would bet the traceability goes with just UUID for a variety of reasons |
|
I think this is useful, but GET and DELETE operations should probably be optional. There may be implementations that can issue VCs but then don't remember them. |
|
@mprorock I've merged the other PR that this was based on to |
|
There are conflicts |
|
Conflicts should now be resolved |
Still showing conflits with rebase and merge. I can squash-merge if you'd like, but would prefer to keep your history. |
|
as of this comment, this is what I see. |
|
The other code owners have not reviewed. |
holder.yml
Outdated
| name: id | ||
| schema: | ||
| type: string | ||
| format: uuid |
There was a problem hiding this comment.
Hrm, disagree w/ this only being able to be a UUID -- but we can deal w/ that in another PR. Just noting my objection to this one design choice.
There was a problem hiding this comment.
@mprorock we can take this change in our profile and leave this repo with type string where <script> alert(1);</script> is a spec legal identifier.
There was a problem hiding this comment.
leave this repo with
typestring where<script> alert(1);</script>is a spec legal identifier.
Or, you know, do something more sane :P and re-use our existing transactionId/exchangeId regexes, which don't allow the attack you mention above:
https://github.com/w3c-ccg/vc-api/blob/main/components/parameters/path/TransactionId.yml
There was a problem hiding this comment.
So I agree that the legal identifier character set should be limited to keep it simple.
However, I think this idea that we are going to play whack-a-mole with data that is allowed in fields based on how it might be abused in other contexts (both known and unknown!) is misguided. That's what encoding / escaping is for. If you're not doing that appropriately in the relevant contexts, then relying on certain fields to not allow certain values is not going to save you.
| "418": | ||
| description: I'm a teapot - MUST not be returned outside of pre-arranged scenarios between both parties |
There was a problem hiding this comment.
Har har :) -- presuming we're going to eventually remove this... because if we don't, we'll have to test for it.
| format: uuid | ||
| responses: | ||
| "202": | ||
| description: Credential deleted - this is a 202 by default as soft deletes and processing time are assumed |
There was a problem hiding this comment.
This should probably say "Credential marked for deletion". Looks like the proposal here is that this call is sometimes implemented as eventually consistent. This also need to state what the side effects are... like, if associated with a status list, what happens to the status bits?
|
This is what I see:
|
holder.yml
Outdated
| name: id | ||
| schema: | ||
| type: string | ||
| format: uuid |
There was a problem hiding this comment.
| format: uuid |
There was a problem hiding this comment.
Lets make sure to allow xss / command injection in our identifiers.
There was a problem hiding this comment.
No, let's not do that -- we have a more sane path forward that the group already has consensus on: https://github.com/w3c-ccg/vc-api/pull/271/files#r837533740
There was a problem hiding this comment.
+1 manu - added an ObjectId that matches that transaction id
| "400": | ||
| description: Bad Request | ||
| "401": | ||
| description: Not Authorized |
There was a problem hiding this comment.
are we going to define authorization? and test it?
There was a problem hiding this comment.
are we going to define authorization? and test it?
The test suites will need to have some authz mechanism in them because the production software that all implementers are implementing are all (AFAIK) requiring authz. If we have interop on the test suites, the spec will have to reflect reality and document how authz is being performed in an interoperable fashion.
| type: string | ||
| oneOf: | ||
| - "credentials" | ||
| - "verifiablecredentials" |
There was a problem hiding this comment.
| - "verifiablecredentials" | |
| - "verifiable-credentials" |
There was a problem hiding this comment.
Why kebab-case instead of camelCase? We're using camelCase everywhere else, no?
There was a problem hiding this comment.
its a query string param, and its pluralized... so i figured it would be better to not have it look like verifiableCredential which shows up in VPs, but I am not attached to anything other than fixing the lowercase concatenation issue.
There was a problem hiding this comment.
Thanks for the explanation, I didn't see that it was a query param, I agree with your view wrt. casing and query params.
ahh thats because you are using rebase... you should stop using rebase since it makes it harder for non technical git users to contribute ; ) |
that should be fixed now - thanks for catching that |
When there are non-technical Github people involved, I use squash. This is not one of those cases :), @mprorock knows what he's doing. I consider it bad form to squash merge contributor's commits if it looks like they've gone to the trouble of creating a clean history. In those cases, I ask them if they're ok with it before doing it. |
| type: array | ||
| items: | ||
| type: string | ||
| oneOf: |
There was a problem hiding this comment.
These options seem a bit arbitrary... fine for now, but we need to define exactly what should be happening when each option is provided... for example, is this really checking the type field, or is it doing something else -- my guess is the latter... while the former might be more useful?
There was a problem hiding this comment.
LGTM. @mprorock, do I have your permission to squash-merge this PR? Or, would you like to rebase so I can rebase-merge? Note: If you rebase, please just make it so that the auto-generated files don't show up in history at all... I had to go in and surgically remove auto-gen'd files from history the last time.
personally I am a squash and merge fan @msporny - so good to go at your discretion |
The bare minimum get and delete operations for credentials and presentations - putting this in for feedback and once merged we can extend the pattern as required. in particular - i think we will want allow a PUT to update and / or replace items by ID
NOTE: Depends on pr #270 and should not be merged until that is resolved