-
Notifications
You must be signed in to change notification settings - Fork 46
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Initial GET and DELETE Operations #271
Conversation
@msporny i am inclined to set "id" for getters to be UUID or a URI - does this make sense to you? |
I'm fine to start there. I expect that we'll quickly move towards something that looks more like 'transaction-id' as the next step, and then expand further after that. Every time we try to pick UUID, it turns into "UUID and multi-base 128 bit value", which then turns into "but I want to encode JWT-like objects in the ID, so give me 1024 URL-safe characters to play around with". I get why we'd want URIs for GET... shudder a bit at having to URIEncode those. No strong feelings, but again, feels like "id"s are just going to turn into "1024 URL-safe characters" over time. Just my $0.02 for now. |
yeah - i suspect you are right for top level API and then i also expect profiles to tighten that down to their specific requirements - e.g. i would bet the traceability goes with just UUID for a variety of reasons |
I think this is useful, but GET and DELETE operations should probably be optional. There may be implementations that can issue VCs but then don't remember them. |
@mprorock I've merged the other PR that this was based on to |
There are conflicts |
Conflicts should now be resolved |
Still showing conflits with rebase and merge. I can squash-merge if you'd like, but would prefer to keep your history. |
holder.yml
Outdated
name: id | ||
schema: | ||
type: string | ||
format: uuid |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hrm, disagree w/ this only being able to be a UUID -- but we can deal w/ that in another PR. Just noting my objection to this one design choice.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mprorock we can take this change in our profile and leave this repo with type
string where <script> alert(1);</script>
is a spec legal identifier.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
leave this repo with
type
string where<script> alert(1);</script>
is a spec legal identifier.
Or, you know, do something more sane :P and re-use our existing transactionId/exchangeId regexes, which don't allow the attack you mention above:
https://github.com/w3c-ccg/vc-api/blob/main/components/parameters/path/TransactionId.yml
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So I agree that the legal identifier character set should be limited to keep it simple.
However, I think this idea that we are going to play whack-a-mole with data that is allowed in fields based on how it might be abused in other contexts (both known and unknown!) is misguided. That's what encoding / escaping is for. If you're not doing that appropriately in the relevant contexts, then relying on certain fields to not allow certain values is not going to save you.
"418": | ||
description: I'm a teapot - MUST not be returned outside of pre-arranged scenarios between both parties |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Har har :) -- presuming we're going to eventually remove this... because if we don't, we'll have to test for it.
format: uuid | ||
responses: | ||
"202": | ||
description: Credential deleted - this is a 202 by default as soft deletes and processing time are assumed |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should probably say "Credential marked for deletion". Looks like the proposal here is that this call is sometimes implemented as eventually consistent. This also need to state what the side effects are... like, if associated with a status list, what happens to the status bits?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok to merge as a work in progress. I've noted a few things that are concerning with the PR, but good enough for now.
holder.yml
Outdated
name: id | ||
schema: | ||
type: string | ||
format: uuid |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
format: uuid |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lets make sure to allow xss / command injection in our identifiers.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, let's not do that -- we have a more sane path forward that the group already has consensus on: https://github.com/w3c-ccg/vc-api/pull/271/files#r837533740
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 manu - added an ObjectId
that matches that transaction id
"400": | ||
description: Bad Request | ||
"401": | ||
description: Not Authorized |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
are we going to define authorization? and test it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
are we going to define authorization? and test it?
The test suites will need to have some authz mechanism in them because the production software that all implementers are implementing are all (AFAIK) requiring authz. If we have interop on the test suites, the spec will have to reflect reality and document how authz is being performed in an interoperable fashion.
type: string | ||
oneOf: | ||
- "credentials" | ||
- "verifiablecredentials" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- "verifiablecredentials" | |
- "verifiable-credentials" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why kebab-case instead of camelCase? We're using camelCase everywhere else, no?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
its a query string param, and its pluralized... so i figured it would be better to not have it look like verifiableCredential
which shows up in VPs, but I am not attached to anything other than fixing the lowercase concatenation issue.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the explanation, I didn't see that it was a query param, I agree with your view wrt. casing and query params.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hrm, just spotted the two massive auto-generated files. We have Github Actions to auto-generate files, we should not commit autogenerated files.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
remove auto generated files
that should be fixed now - thanks for catching that |
When there are non-technical Github people involved, I use squash. This is not one of those cases :), @mprorock knows what he's doing. I consider it bad form to squash merge contributor's commits if it looks like they've gone to the trouble of creating a clean history. In those cases, I ask them if they're ok with it before doing it. |
type: array | ||
items: | ||
type: string | ||
oneOf: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These options seem a bit arbitrary... fine for now, but we need to define exactly what should be happening when each option is provided... for example, is this really checking the type
field, or is it doing something else -- my guess is the latter... while the former might be more useful?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. @mprorock, do I have your permission to squash-merge this PR? Or, would you like to rebase so I can rebase-merge? Note: If you rebase, please just make it so that the auto-generated files don't show up in history at all... I had to go in and surgically remove auto-gen'd files from history the last time.
personally I am a squash and merge fan @msporny - so good to go at your discretion |
The bare minimum get and delete operations for credentials and presentations - putting this in for feedback and once merged we can extend the pattern as required. in particular - i think we will want allow a PUT to update and / or replace items by ID
NOTE: Depends on pr #270 and should not be merged until that is resolved