+
OSIRAA User Identity Verification
+
+
+
OSIRAA is an interoperability testing and reference implementation tool of the Data Rights Protocol. It's used to ensure that implementations of the protocol adhere to interoperable norms rather than to submit actionable Data Rights Requests.
+
+
1. Desired Level of Assurance
+
+
+
OSIRAA makes no guarantee of the validity of identity attributes presented in Data Rights Requests, and even requests sent with "verified" attributes should be assumed to contain synthetic identities.
+
+
Operators of OSIRAA shall not present Data Rights Requests to counterparties without notice and consent of the counterparty's technical contacts.
+
+
2. Validation Steps for Each Attribute
+
+
+
2.1. Email
+ The Consumer's email address is not validated by the Agent.
+
+
2.2. Phone
+ The Consumer's phone number is not validated by the Agent.
+
+
+
diff --git a/drp_aa_mvp/data_rights_request/templates/data_rights_request/index.html b/drp_aa_mvp/data_rights_request/templates/data_rights_request/index.html
index 667cd9d..e708d88 100644
--- a/drp_aa_mvp/data_rights_request/templates/data_rights_request/index.html
+++ b/drp_aa_mvp/data_rights_request/templates/data_rights_request/index.html
@@ -1,130 +1,120 @@
-
-
OSIRAA - Open Source Implementer's Reference Authorized Agent
-
-
View test criteria
-
-
-
Send a DRP Data Privacy Request
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
OSIRAA - Open Source Implementer's Reference Authorized Agent
+
+
View test criteria
+
+
+
Refresh Data from the Service Directory
+
+
+
+
+
Send a DRP Data Privacy Request
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/drp_aa_mvp/data_rights_request/templates/data_rights_request/request_sent.html b/drp_aa_mvp/data_rights_request/templates/data_rights_request/request_sent.html
index 24a371f..6538695 100644
--- a/drp_aa_mvp/data_rights_request/templates/data_rights_request/request_sent.html
+++ b/drp_aa_mvp/data_rights_request/templates/data_rights_request/request_sent.html
@@ -1,28 +1,35 @@
-
-
OSIRAA - Open Source Implementer's Reference Authorized Agent
-
-
DRP Data Privacy Request Sent
-
-
Covered Business: {{covered_biz.name}}
-
Request Url: {{request_url}}
-
Response Code: {{response_code}}
-
-
-
Response Payload:
-
{{response_payload}}
-
-
-
Test Results:
-
- {% for test_result in test_results %}
- {{test_result.name}}:{{test_result.result}}
- {% endfor %}
-
-
-
-
-
+
+
OSIRAA - Open Source Implementer's Reference Authorized Agent
+
+
DRP Data Privacy Request Sent
+
+
Covered Business: {{covered_biz.name}}
+
+
Request Url: {{request_url}}
+
+
Agent Verify Key: {{agent_verify_key}}
+
+
Request Payload:
+ {{request_obj}}
+
+
Encoded Payload (Signed Request):
+ {{signed_request}}
+
+
Response Code: {{response_code}}
+
+
Response Payload:
+ {{response_payload}}
+
+
Test Results:
+
+ {% for test_result in test_results %}
+ {{test_result.name}}:{{test_result.result}}
+ {% endfor %}
+
+
+
+
+
diff --git a/drp_aa_mvp/data_rights_request/templates/drp_aa_mvp/index.html b/drp_aa_mvp/data_rights_request/templates/drp_aa_mvp/index.html
index 3ee2661..34c0c1a 100644
--- a/drp_aa_mvp/data_rights_request/templates/drp_aa_mvp/index.html
+++ b/drp_aa_mvp/data_rights_request/templates/drp_aa_mvp/index.html
@@ -1,20 +1,24 @@
-
-
OSIRAA - Open Source Implementer's Reference Authorized Agent
-
+
+
OSIRAA - Open Source Implementer's Reference Authorized Agent
+
-
Version 0.7.0 - Updated March 2023
+
Version 0.9.3 - Updated November 2024
-
How to Use this App:
-OSIRAA (Open Source Implementer's Reference Authorized Agent) is test suite designed to simulate the role of an Authorized Agent in a Digital Rights Protocol (DRP) environment. The application tests for the availability, correctness and completeness of API endpoints of a Privacy Infrastructure Provider (PIP) or Covered Business (CB) partner application. See https://github.com/consumer-reports-digital-lab/data-rights-protocol/blob/main/data-rights-protocol.md for more info on DRP system roles and API specification.
+
How to Use this App:
+ OSIRAA (Open Source Implementer's Reference Authorized Agent) is test suite designed to simulate the role of an Authorized Agent in a Digital Rights Protocol (DRP) environment. The application tests for the availability, correctness and completeness of API endpoints of a Privacy Infrastructure Provider (PIP) or Covered Business (CB) partner application. See https://github.com/consumer-reports-innovation-lab/data-rights-protocol/blob/main/data-rights-protocol.md for more info on DRP system roles and API specification.
-
Admin Tool
-A user may model a PIP or Covered Business in the Admin Tool, along with any number of users. This is a standard Python app, so you must first create an admin superuser in the usual way before you can administer data configurations. For version 0.7, a Covered Business requires a Discovery Endpoint, and Auth Bearer Token, to be supplied by the PIP/CB partner. NOTE: The previously required API Secret has been depricated. The Authorized Agent will be using a public/private key instead of shared api secret.
-
+
Admin Tool
+ A user may model a PIP or Covered Business in the Admin Tool, along with any number of users. This is a standard Python app, so you must first create an admin superuser in the usual way before you can administer data configurations. For version 0.9.3, the Discovery Endpoint for a Covered Business has been depricated; it has been replaced by a Service Directory. The Service Directory holds discoverable information for all DPR impelementers in a common place. This information is periodically queried and the database automatically updated.
+
-
Cert Tests Definitions
-The Digital Rights Protocol is centered on a set of API calls between an Authorized Agent and a PIP or Covered Business, on behalf of a User exercising his or her digital rights.
+
Cert Tests Definitions
+ The Digital Rights Protocol is centered on a set of API calls between an Authorized Agent and a PIP or Covered Business, on behalf of a User exercising his or her digital rights.
-
Run Tests Against a PIP or Covered Business API Endpoint
-First select a PIP or Covered Business from the dropdown. You can then test the API endpoints for that PIP/CB for the following calls: Discover, Exercise and Status. Some calls require additional parameters such as a User or Covered Regime. These can be set via dropdowns above the button in each section to trigger the call. Users (Identity Users) can be configured in the Admin Tool.
+
Run Tests Against a PIP or Covered Business API Endpoint
+ First select a PIP or Covered Business from the dropdown. You can then test the API endpoints for that PIP/CB for the following calls: Discover, Exercise and Status. Some calls require additional parameters such as a User or Covered Regime. These can be set via dropdowns above the button in each section to trigger the call. Users (Identity Users) can be configured in the Admin Tool.
-
Once the call is made, the app presents an analysis of the response. It shows the request url, the response code, and the response payload. If the the response is valid json, it test for required fields, fields in the response specific to the request params, etc. Note that you must first call Exercise for a given PIP/User combination before you can call Status. This is because the Exercise call returns a request_id, which is used for subsequent Status calls.
+
Once the call is made, the app presents an analysis of the response. It shows the request url, the response code, and the response payload. If the the response is valid json, it test for required fields, fields in the response specific to the request params, etc. Note that you must first call Exercise for a given PIP/User combination before you can call Status. This is because the Exercise call returns a request_id, which is used for subsequent Status calls.
+
+
Generate Agent Auth Keys
+ Every Auhorized Agent requires a pair of auth keys - the secret signing key and the public verify key - to function in the DRP ecosystem. For memebers of the DRP consortium, the public key is published in the Service Directory for Authorized Agents at https://discovery.datarightsprotocol.org/agents.json. This utility will generate a pair of secure keys in compliance with the technical requirements of the DRP spec for use in your app.
+
\ No newline at end of file
diff --git a/drp_aa_mvp/data_rights_request/urls.py b/drp_aa_mvp/data_rights_request/urls.py
index 54ca140..6455a91 100644
--- a/drp_aa_mvp/data_rights_request/urls.py
+++ b/drp_aa_mvp/data_rights_request/urls.py
@@ -4,25 +4,13 @@
urlpatterns = [
path('', views.index, name='index'),
-
- path('make_request', views.index, name='make_request'),
-
+ path('identity_verification.html', views.identity_verification, name='identity_verification'),
+ path('refresh_service_directory_data', views.refresh_service_directory_data, name='refresh_service_directory_data'),
path('select_covered_business', views.select_covered_business, name='select_covered_business'),
-
path('setup_pairwise_key', views.setup_pairwise_key, name='setup_pairwise_key'),
-
path('get_agent_information', views.get_agent_information, name='get_agent_information'),
-
- path('send_request_discover_data_rights', views.send_request_discover_data_rights,
- name='send_request_discover_data_rights'),
-
- path('send_request_excercise_rights', views.send_request_excercise_rights,
- name='send_request_excercise_rights'),
-
+ path('send_request_exercise_rights', views.send_request_exercise_rights, name='send_request_exercise_rights'),
path('send_request_get_status', views.send_request_get_status, name='send_request_get_status'),
-
path('send_request_revoke', views.send_request_revoke, name='send_request_revoke'),
-
- path('data_rights_request_sent_return', views.data_rights_request_sent_return,
- name='data_rights_request_sent_return'),
+ path('data_rights_request_sent_return', views.data_rights_request_sent_return, name='data_rights_request_sent_return'),
]
diff --git a/drp_aa_mvp/data_rights_request/views.py b/drp_aa_mvp/data_rights_request/views.py
index f6431e7..2e2a55e 100644
--- a/drp_aa_mvp/data_rights_request/views.py
+++ b/drp_aa_mvp/data_rights_request/views.py
@@ -1,64 +1,79 @@
+import arrow
import base64
-import datetime
+from datetime import datetime, timezone, timedelta
+
import json
-import os
-import re
+import re # regex library
+import requests
+import validators
+
from typing import Optional, Tuple
import logging
-logging.basicConfig(level=logging.INFO)
+logging.basicConfig(level=logging.DEBUG)
logger = logging.getLogger(__name__)
-import arrow
-import requests
-import validators
-from covered_business.models import CoveredBusiness
+from django.conf import settings
from django.core import serializers
from django.http import HttpResponse, HttpResponseRedirect
from django.shortcuts import render
+
from nacl import signing
-from nacl.encoding import HexEncoder
+from nacl.encoding import Base64Encoder
from nacl.public import PrivateKey
-from reporting.views import (test_agent_information_endpoint, test_discovery_endpoint, test_excercise_endpoint,
- test_status_endpoint, test_revoked_endpoint, test_pairwise_key_setup_endpoint)
-from user_identity.models import IdentityUser
from .models import (DataRightsRequest, DataRightsStatus, DrpRequestStatusPair,
DrpRequestTransaction, IdentityPayload)
-#root_utl = os.environ['REQUEST_URI']
-#print (f"**** root_url = {root_utl}")
+from covered_business.models import CoveredBusiness
+from reporting.views import (test_agent_information_endpoint, test_exercise_endpoint, #test_discovery_endpoint,
+ test_status_endpoint, test_revoked_endpoint, test_pairwise_key_setup_endpoint)
+from user_identity.models import IdentityUser
+
+import drp_pip.models
+
+
+auth_agent_drp_id = settings.AUTHORIZED_AGENT_ID
+auth_agent_drp_name = settings.AUTHORIZED_AGENT_NAME
+auth_agent_callback_url = settings.WEB_URL + '/update_status' #'http://127.0.0.1:8003/update_status'
-auth_agent_drp_id = os.environ.get('OSIRAA_AA_ID', 'CR_AA_DRP_ID_001')
-auth_agent_callback_url = "http://127.0.0.1:8001/update_status" #f"{os.environ.get('SERVER_NAME')}/update_status"
+service_directory_agents_url = settings.SERVICE_DIRECTORY_AGENT_URL
+service_directory_businesses_url = settings.SERVICE_DIRECTORY_BUSINESS_URL
-# todo: these keys actually should be generated offline before we start using the app
-# and get them from the v0.0 service direcotry which will be a part of this dhango app, along with OSIRPIP
-# for now we'll generate the keys one-time only
-def load_pynacl_keys() -> Tuple[signing.SigningKey, signing.VerifyKey]:
- path = os.environ.get("OSIRAA_KEY_FILE", "./keys.json")
- if not os.path.exists(path):
- with open(path, "w") as f:
- signing_key = signing.SigningKey.generate()
- verify_key = signing_key.verify_key
- json.dump({
- "signing_key": signing_key.encode(encoder=HexEncoder).decode(),
- "verify_key": verify_key.encode(encoder=HexEncoder).decode()
- }, f)
- with open(path, "r") as f:
- jason = json.load(f)
- return (signing.SigningKey(jason["signing_key"], encoder=HexEncoder),
- signing.VerifyKey(jason["verify_key"], encoder=HexEncoder))
+# get the (b64-encoded) keys from environment vars (or the vault if the app is deployed) ...
+# signing key must remain secret
+settings_signing_key = settings.AGENT_SIGNING_KEY_B64
+# verify key must match the key stored in the service directory
+settings_verify_key = settings.AGENT_VERIFY_KEY_B64
-signing_key, verify_key = load_pynacl_keys()
+logger.info(f"** settings_signing_key = {settings_signing_key}")
+logger.info(f"** settings_verify_key = {settings_verify_key}")
+# create encoded keys from the strings loaded in from the settings ...
+def encode_keys() -> Tuple[signing.SigningKey, signing.VerifyKey]:
+ return (signing.SigningKey(settings_signing_key, encoder=Base64Encoder),
+ signing.VerifyKey(settings_verify_key, encoder=Base64Encoder))
+
+signing_key, verify_key = encode_keys()
+
+#logger.debug(f"signing_key = {signing_key}")
+#logger.debug(f"verify_key = {verify_key}")
# the public key and signing key as b64 strings
-signing_key_hex = signing_key.encode(encoder=HexEncoder) # remains secret, never shared, but remains with AA model
-verify_key_hex = verify_key.encode(encoder=HexEncoder) # we're going to store hex encoded verify key in the service directory
-logger.debug(f"verify_key is {verify_key_hex}")
+signing_key_b64 = signing_key.encode(encoder=Base64Encoder)
+verify_key_b64 = verify_key.encode(encoder=Base64Encoder)
+
+auth_agent_signing_key = signing_key_b64
+auth_agent_verify_key = verify_key_b64
+
+logger.info(f"** auth_agent_drp_id = {auth_agent_drp_id}")
+logger.info(f"** auth_agent_drp_name = {auth_agent_drp_name}")
+logger.info(f"** auth_agent_callback_url = {auth_agent_callback_url}")
+logger.info(f"** auth_agent_signing_key = {auth_agent_signing_key}")
+logger.info(f"** auth_agent_verify_key = {auth_agent_verify_key}")
+
selected_covered_biz: Optional[CoveredBusiness] = None
@@ -78,6 +93,48 @@ def index(request):
return render(request, 'data_rights_request/index.html', context)
+# call to the service directory returns the info for all CB's, same as what was in the .well_known endpoint for each CB
+def refresh_service_directory_data (request):
+ request_url = service_directory_businesses_url
+ response = get_service_directory_covered_biz(request_url)
+
+ try:
+ response_json = json.loads(response.text)
+ except ValueError as e:
+ logger.warn('** WARNING - refresh_service_directory_data(): NOT valid json **')
+ return False
+
+ for response_item in response_json:
+ covered_biz_cb_id = str(response_item['id']) # corresponds to cb_id in the CovereredBusiness model
+ covered_biz_id = get_covered_biz_id_from_cb_id(covered_biz_cb_id) # index to lookup the object
+
+ if covered_biz_id is not None:
+ covered_biz = CoveredBusiness.objects.get(pk=covered_biz_id)
+ set_covered_biz_params_from_service_directory(covered_biz, response_item)
+ else:
+ create_covered_biz_db_entry_from_service_directory_params(response_item)
+
+ # todo: handle case where SD enrty is removed - mark CB in DB as 'removed' ...
+
+ drp_pip.models.AuthorizedAgent.refresh_from_directory(service_directory_agents_url)
+
+ user_identities = IdentityUser.objects.all()
+ covered_businesses = CoveredBusiness.objects.all()
+ covered_biz_id = request.POST.get('sel_covered_biz_id')
+ #selected_covered_biz = CoveredBusiness.objects.get(pk=covered_biz_id)
+ #covered_biz_form_display = get_covered_biz_form_display(covered_businesses, selected_covered_biz)
+ request_actions = get_request_actions_form_display(selected_covered_biz)
+
+ context = {
+ 'user_identities': user_identities,
+ 'covered_businesses': covered_businesses, #covered_biz_form_display,
+ 'selected_covered_biz': selected_covered_biz,
+ 'request_actions': request_actions
+ }
+
+ return render(request, 'data_rights_request/index.html', context)
+
+
def select_covered_business(request):
user_identities = IdentityUser.objects.all()
covered_businesses = CoveredBusiness.objects.all()
@@ -96,58 +153,27 @@ def select_covered_business(request):
return render(request, 'data_rights_request/index.html', context)
-def send_request_discover_data_rights(request):
- covered_biz_id = request.POST.get('sel_covered_biz_id')
- covered_biz = CoveredBusiness.objects.get(pk=covered_biz_id)
- request_url = covered_biz.discovery_endpoint # + ".well-known/data-rights.json"
- bearer_token = covered_biz.auth_bearer_token or ""
-
- if (validators.url(request_url)):
- unauthed_response = get_well_known(request_url)
- response = get_well_known(request_url, bearer_token)
- set_covered_biz_well_known_params(covered_biz, response)
-
- discover_test_results = test_discovery_endpoint(request_url, {
- 'unauthed': unauthed_response,
- 'authed': response
- })
-
- request_sent_context = {
- 'covered_biz': covered_biz,
- 'request_url': request_url,
- 'response_code': response.status_code,
- 'response_payload': response.text,
- 'test_results': discover_test_results,
- }
-
- else:
- request_sent_context = {
- 'covered_biz': covered_biz,
- 'request_url': request_url,
- 'response_code': 'invalid url for /discover, no response',
- 'response_payload': '',
- 'test_results': [],
- }
-
- return render(request, 'data_rights_request/request_sent.html', request_sent_context)
-
-
-def setup_pairwise_key(request):
+def setup_pairwise_key(request): # a.k.a. regsiter agent
covered_biz_id = request.POST.get('sel_covered_biz_id')
covered_biz = CoveredBusiness.objects.get(pk=covered_biz_id)
request_url = covered_biz.api_root_endpoint + f"/v1/agent/{auth_agent_drp_id}"
- request_obj = create_setup_pairwise_key_request_json(covered_biz.cb_id)
-
+ request_obj = create_setup_pairwise_key_request_json(covered_biz.cb_id)
signed_request = sign_request(signing_key, request_obj)
+ logger.info('** setup_pairwise_key(): request_url = ' + request_url)
+
if (validators.url(request_url)):
response = post_agent(request_url, signed_request)
pairwise_setup_test_results = test_pairwise_key_setup_endpoint(request_obj, response)
- set_covered_biz_pairwise_key_params(covered_biz, response, signing_key, verify_key)
+
+ set_covered_biz_pairwise_key_params(covered_biz, response)
request_sent_context = {
'covered_biz': covered_biz,
'request_url': request_url,
+ 'agent_verify_key': auth_agent_verify_key,
+ 'request_obj': request_obj,
+ 'signed_request': signed_request,
'response_code': response.status_code,
'response_payload': response.text,
'test_results': pairwise_setup_test_results,
@@ -157,6 +183,9 @@ def setup_pairwise_key(request):
request_sent_context = {
'covered_biz': covered_biz,
'request_url': request_url,
+ 'agent_verify_key': auth_agent_verify_key,
+ 'request_obj': request_obj,
+ 'signed_request': signed_request,
'response_code': 'invalid url for /create_pairwise_key, no response',
'response_payload': '',
'test_results': [],
@@ -165,13 +194,15 @@ def setup_pairwise_key(request):
return render(request, 'data_rights_request/request_sent.html', request_sent_context)
-
def get_agent_information(request):
covered_biz_id = request.POST.get('sel_covered_biz_id')
covered_biz = CoveredBusiness.objects.get(pk=covered_biz_id)
request_url = covered_biz.api_root_endpoint + f"/v1/agent/{auth_agent_drp_id}"
bearer_token = covered_biz.auth_bearer_token or ""
+
+ logger.info('** get_agent_information(): request_url = ' + request_url)
+
if (validators.url(request_url)):
response = get_agent(request_url, bearer_token)
agent_info_test_results = test_agent_information_endpoint(request_url, response)
@@ -180,6 +211,7 @@ def get_agent_information(request):
request_sent_context = {
'covered_biz': covered_biz,
'request_url': request_url,
+ 'agent_verify_key': auth_agent_verify_key,
'response_code': response.status_code,
'response_payload': response.text,
'test_results': agent_info_test_results,
@@ -189,7 +221,8 @@ def get_agent_information(request):
request_sent_context = {
'covered_biz': covered_biz,
'request_url': request_url,
- 'response_code': 'invalid url for /create_pairwise_key, no response',
+ 'agent_verify_key': auth_agent_verify_key,
+ 'response_code': 'invalid url for /get_agent_information, no response',
'response_payload': '',
'test_results': [],
}
@@ -197,8 +230,7 @@ def get_agent_information(request):
return render(request, 'data_rights_request/request_sent.html', request_sent_context)
-
-def send_request_excercise_rights(request):
+def send_request_exercise_rights(request):
covered_biz_id = request.POST.get('sel_covered_biz_id')
covered_biz = CoveredBusiness.objects.get(pk=covered_biz_id)
user_id_id = request.POST.get('user_identity')
@@ -206,16 +238,20 @@ def send_request_excercise_rights(request):
request_action = request.POST.get('request_action')
covered_regime = request.POST.get('covered_regime')
- request_url = covered_biz.api_root_endpoint + "/v1/data-right-request/"
+ # note - removed trailing slash
+ request_url = covered_biz.api_root_endpoint + "/v1/data-rights-request"
bearer_token = covered_biz.auth_bearer_token
+ logger.info(f'** setup_pairwise_key(): request_url = {request_url}')
+
# todo: a missing param in the request_json could cause trouble ...
- #print('** send_request_excercise_rights(): request_action = ' + request_action)
+ #print('** send_request_exercise_rights(): request_action = ' + request_action)
- request_json = create_excercise_request_json(user_identity, covered_biz,
- request_action, covered_regime)
+ request_json = create_exercise_request_json(user_identity, covered_biz, request_action, covered_regime)
+ logger.info(f'** setup_pairwise_key(): request_json = {request_json}')
signed_request = sign_request(signing_key, request_json)
+ logger.info(f'** setup_pairwise_key(): signed_request = {signed_request}')
if (validators.url(request_url)):
response = post_exercise_rights(request_url, bearer_token, signed_request)
@@ -226,8 +262,11 @@ def send_request_excercise_rights(request):
request_sent_context = {
'covered_biz': covered_biz,
'request_url': request_url,
+ 'agent_verify_key': auth_agent_verify_key,
+ 'request_obj': request_json,
+ 'signed_request': signed_request,
'response_code': response.status_code,
- 'response_payload': 'invalid json in response for /v1/data-right-request/',
+ 'response_payload': 'invalid json in response for /v1/data-rights-request',
'test_results': [],
}
@@ -239,20 +278,26 @@ def send_request_excercise_rights(request):
data_rights_transaction: DrpRequestTransaction = create_drp_request_transaction(user_identity,
covered_biz, request_json, response_json)
- excercise_test_results = test_excercise_endpoint(request_json, response)
+ exercise_test_results = test_exercise_endpoint(request_json, response)
request_sent_context = {
'covered_biz': covered_biz,
'request_url': request_url,
+ 'agent_verify_key': auth_agent_verify_key,
+ 'request_obj': request_json,
+ 'signed_request': signed_request,
'response_code': response.status_code,
'response_payload': response.text,
- 'test_results': excercise_test_results
+ 'test_results': exercise_test_results
}
else:
request_sent_context = {
'covered_biz': covered_biz,
'request_url': request_url,
+ 'agent_verify_key': auth_agent_verify_key,
+ 'request_obj': request_json,
+ 'signed_request': signed_request,
'response_code': 'invalid url for /excecise , no response',
'response_payload': '',
'test_results': [],
@@ -272,24 +317,24 @@ def send_request_get_status(request):
if (request_id != None):
if (validators.url(request_url)):
- # todo: This request SHALL contain an Bearer Token header containing the key for this AA-CB pairwise relationship in it in the form Authorization: Bearer
. This token is generated by calling POST /agent/{id} in section 2.06.
+ # This request SHALL contain an Bearer Token header containing the key for this AA-CB pairwise relationship in it in the form Authorization: Bearer . This token is generated by calling POST /agent/{id} in section 2.06.
response = get_status(request_url, request_id, bearer_token)
- # todo: log request to DB, setup status callback ...
-
status_test_results = test_status_endpoint(request_url, response)
request_sent_context = {
'covered_biz': covered_biz,
- 'request_url': response.request.url,
- 'response_code': response.status_code,
+ 'request_url': response.request.url,
+ 'agent_verify_key': auth_agent_verify_key,
+ 'response_code': response.status_code,
'response_payload': response.text,
- 'test_results': status_test_results
+ 'test_results': status_test_results
}
else:
request_sent_context = {
'covered_biz': covered_biz,
'request_url': request_url,
+ 'agent_verify_key': auth_agent_verify_key,
'response_code': 'invalid url for /status , no response',
'response_payload': '',
'test_results': [],
@@ -298,6 +343,7 @@ def send_request_get_status(request):
request_sent_context = {
'covered_biz': covered_biz,
'request_url': request_url,
+ 'agent_verify_key': auth_agent_verify_key,
'response_code': 'no request id for this user and covered business, request not sent',
'response_payload': '',
'test_results': [],
@@ -322,14 +368,13 @@ def send_request_revoke(request):
if (validators.url(request_url)):
response = post_revoke(request_url, bearer_token, signed_request)
-
- # todo: log request to DB, stop status ping ...
-
revoke_test_results = test_revoked_endpoint(request_url, response)
context = {
'covered_biz': covered_biz,
'request_url': response.request.url,
+ 'request_obj': request_json,
+ 'signed_request': signed_request,
'response_code': response.status_code,
'response_payload': response.text,
'test_results': revoke_test_results,
@@ -339,6 +384,9 @@ def send_request_revoke(request):
request_sent_context = {
'covered_biz': covered_biz,
'request_url': request_url,
+ 'agent_verify_key': auth_agent_verify_key,
+ 'request_obj': request_json,
+ 'signed_request': signed_request,
'response_code': 'invalid url for /revoke , no response',
'response_payload': '',
'test_results': [],
@@ -347,6 +395,9 @@ def send_request_revoke(request):
request_sent_context = {
'covered_biz': covered_biz,
'request_url': "/v1/data-rights-request/{{None}}",
+ 'agent_verify_key': auth_agent_verify_key,
+ 'request_obj': request_json,
+ 'signed_request': signed_request,
'response_code': 'no request id for this user and covered business, request not sent',
'response_payload': '',
'test_results': [],
@@ -375,21 +426,38 @@ def data_rights_request_sent_return(request):
#-------------------------------------------------------------------------------------------------#
-def set_covered_biz_well_known_params(covered_biz, response):
- try:
- json.loads(response.text)
- except ValueError as e:
- logger.warn('** WARNING - set_covered_biz_well_known_params(): NOT valid json **')
- return False
+def get_covered_biz_id_from_cb_id(covered_biz_cb_id):
+ covered_businesses = CoveredBusiness.objects.all()
+
+ for covered_biz in covered_businesses:
+ if covered_biz.cb_id == covered_biz_cb_id:
+ return covered_biz.id
+
+ return None
+
+def set_covered_biz_params_from_service_directory(covered_biz, params_json):
try:
- reponse_json = response.json()
- covered_biz.api_root = reponse_json['api_base']
- covered_biz.supported_actions = reponse_json['actions']
+ covered_biz.api_root = params_json['api_base']
+ covered_biz.supported_actions = params_json['supported_actions']
covered_biz.save()
except KeyError as e:
- logger.warn('** WARNING - set_covered_biz_well_known_params(): missing keys **')
- return False
+ logger.warn('** WARNING - set_covered_biz_params_from_service_directory(): missing keys **')
+ raise e
+
+def create_covered_biz_db_entry_from_service_directory_params (params_json):
+ try:
+ cb_id = params_json['id']
+ name = params_json['name']
+ logo = params_json['logo']
+ api_root_endpoint = params_json['api_base']
+ supported_actions = params_json['supported_actions']
+
+ new_covered_biz = CoveredBusiness.objects.create(name=name, cb_id=cb_id, logo=logo, api_root_endpoint=api_root_endpoint, supported_actions=supported_actions)
+
+ except KeyError as e:
+ logger.warn('** WARNING - set_covered_biz_params_from_service_directory(): missing keys **')
+ raise e
def get_covered_biz_form_display(covered_businesses, selected_biz):
@@ -449,26 +517,30 @@ def get_request_actions_form_display (covered_biz):
def sign_request(signing_key, request_obj):
signed_obj = signing_key.sign(json.dumps(request_obj).encode())
- bencoded = base64.b64encode(signed_obj)
+ b64encoded = base64.b64encode(signed_obj)
- return bencoded
+ return b64encoded
def create_setup_pairwise_key_request_json(covered_biz_id):
- issued_time = arrow.get()
- expires_time = issued_time.shift(minutes=15)
+ issued_time = datetime.now(timezone.utc)
+ expires_time = issued_time + timedelta(minutes=15) # 15 minutes from now
+ issued_timestamp = issued_time.isoformat(timespec='milliseconds')
+ expires_timestamp = expires_time.isoformat(timespec='milliseconds')
request_json = {
"agent-id": auth_agent_drp_id,
"business-id": covered_biz_id,
- "expires-at": str(expires_time),
- "issued-at": str(issued_time),
+ "issued-at": issued_timestamp,
+ "expires-at": expires_timestamp,
}
+ #logger.info(f"** create_setup_pairwise_key_request_json(): request_json = {request_json}")
+
return request_json
-def set_covered_biz_pairwise_key_params(covered_biz, response, signing_key, verify_key):
+def set_covered_biz_pairwise_key_params(covered_biz, response):
try:
json.loads(response.text)
except ValueError as e:
@@ -488,20 +560,24 @@ def set_covered_biz_pairwise_key_params(covered_biz, response, signing_key, veri
covered_biz.save()
except KeyError as e:
- logger.warn('** WARNING - set_covered_biz_pairwise_key_params(): missing keys **')
+ logger.warn('** WARNING - set_covered_biz_pairwise_key_params(): missing token **')
return False
def create_agent_key_setup_json(agent_id, business_id):
- issued_time = datetime.datetime.now()
- expires_time = issued_time + datetime.timedelta(min=15) # 15 minutes from now
+ issued_time = datetime.now(timezone.utc)
+ expires_time = issued_time + timedelta(minutes=15) # 15 minutes from now
+ issued_timestamp = issued_time.isoformat(timespec='milliseconds')
+ expires_timestamp = expires_time.isoformat(timespec='milliseconds')
agent_key_setup_json = {
"agent-id": agent_id,
"business-id": business_id,
- "expires-at": expires_time,
- "issued-at": issued_time
+ "issued-at": issued_timestamp,
+ "expires-at": expires_timestamp,
}
+
+ #logger.info(f"** create_agent_key_setup_json(): agent_key_setup_json = {agent_key_setup_json}")
return agent_key_setup_json
@@ -522,34 +598,44 @@ def set_agent_info_params(response):
logger.warn('** WARNING - set_agent_info_params(): missing keys **')
return False
+
#--------------------------------------------------------------------------------------------------#
-def create_excercise_request_json(user_identity, covered_biz, request_action, covered_regime):
- issued_time = arrow.get()
- expires_time = issued_time.shift(days=45)
+def create_exercise_request_json(user_identity, covered_biz, request_action, covered_regime):
+ issued_time = datetime.now(timezone.utc)
+ expires_time = issued_time + timedelta(minutes=15) # 15 minutes from now
+ issued_timestamp = issued_time.isoformat(timespec='milliseconds')
+ expires_timestamp = expires_time.isoformat(timespec='milliseconds')
request_obj = {
# 1
"agent-id": auth_agent_drp_id,
"business-id": covered_biz.cb_id,
- "expires-at": str(expires_time),
- "issued-at": str(issued_time),
+ "issued-at": issued_timestamp,
+ "expires-at": expires_timestamp,
# 2
- "drp.version": "0.7",
+ "drp.version": "0.9.3",
"exercise": request_action,
"regime": covered_regime,
"relationships": [],
"status_callback": auth_agent_callback_url,
# 3
- # claims in IANA JSON Web Token Claims page, see https://www.iana.org/assignments/jwt/jwt.xhtml#claims for details
+ # claims in IANA JSON Web Token Claims page, see
+ # https://www.iana.org/assignments/jwt/jwt.xhtml#claims for details
+
"name": (user_identity.last_name + ", " + user_identity.first_name),
"email": user_identity.email,
+ "email_verified": user_identity.email_verified,
"phone_number": user_identity.phone_number,
+ "phone_number_verified": user_identity.phone_verified,
"address": user_identity.get_address(),
+ "address_verified": user_identity.address_verified,
}
+ #logger.debug(f"** create_exercise_request_json(): request_obj = {request_obj}")
+
return request_obj
@@ -579,7 +665,7 @@ def create_drp_request_transaction(user_identity, covered_biz, request_json, res
)
data_rights_request = DataRightsRequest.objects.create(
- #request_id not sent on /excercise call
+ #request_id not sent on /exercise call
#meta = request_json['meta'],
relationships = request_json['relationships'],
status_callback = request_json['status_callback'],
@@ -596,14 +682,14 @@ def create_drp_request_transaction(user_identity, covered_biz, request_json, res
processing_details = response_json.get('processing_details'),
reason = response_json.get('reason'),
user_verification_url = response_json.get('user_verification_url'),
- # these fields need to be coerced to a datetime from arbitrary timestamps
+ # coerce to a datetime object from timestamp string
received_at = enrich_date(response_json.get('received_at')),
expected_by = enrich_date(response_json.get('expected_by')),
# expires_at?
)
# todo: this doesn't seem to work ...
- #excercise_request = DrpRequestStatusPair.create(data_rights_request.id, data_rights_status.id)
+ #exercise_request = DrpRequestStatusPair.create(data_rights_request.id, data_rights_status.id)
transaction = DrpRequestTransaction.objects.create(
user_ref = user_identity,
@@ -611,22 +697,19 @@ def create_drp_request_transaction(user_identity, covered_biz, request_json, res
request_id = data_rights_status.request_id,
current_status = data_rights_status.status,
# expires_date = data_rights_status.expires_date,
-
is_final = False,
- #excer_request = excercise_request
+ #exer_request = exercise_request
)
return transaction
def enrich_date(dt: Optional[str]):
- '''
- arrow.get returns "now" if you pass it None -- we want to just not persist anything in that case.
-
- additionally, munge the input string to drop RFC3339 characters which are incorrectly parsed as timestamps
- '''
+ # arrow.get returns "now" if you pass it None -- we want to just not persist anything in that case.
if dt is None:
return None
+
+ # additionally, munge the input string to drop RFC3339 characters which are incorrectly parsed as timestamps
if re.search(r'-[0-9]{4}$', dt):
dt = dt[:-5] # sickos.jpg
@@ -647,7 +730,14 @@ def get_request_id (covered_biz, user_identity):
#-------------------------------------------------------------------------------------------------#
+#GET https://discovery.datarightsprotocol.org/businesses.json
+def get_service_directory_covered_biz (service_dir_biz_url):
+ response = requests.get(service_dir_biz_url)
+ return response
+
+
#GET /.well-known/data-rights.json
+'''
def get_well_known(discovery_url, bearer_token=""):
if bearer_token != "":
request_headers = {'Authorization': f"Bearer {bearer_token}"}
@@ -656,9 +746,10 @@ def get_well_known(discovery_url, bearer_token=""):
response = requests.get(discovery_url)
return response
+'''
-#POST /v1/data-right-request/
+#POST /v1/data-rights-request/
def post_exercise_rights(request_url, bearer_token, signed_request):
request_headers = {
'Authorization': f"Bearer {bearer_token}",
@@ -702,3 +793,6 @@ def get_agent(request_url, bearer_token):
response = requests.get(request_url, headers=request_headers)
return response
+
+def identity_verification(request):
+ return render(request, 'data_rights_request/identity_verification.html', {})
diff --git a/drp_aa_mvp/drp_aa_mvp/settings.py b/drp_aa_mvp/drp_aa_mvp/settings.py
index 7076d93..b5b8188 100644
--- a/drp_aa_mvp/drp_aa_mvp/settings.py
+++ b/drp_aa_mvp/drp_aa_mvp/settings.py
@@ -24,6 +24,17 @@
ENV = os.environ.get('DJANGO_ENV', DEV)
+def get(variable, default=''):
+ """
+ To be used over os.environ.get() to avoid deploying local/dev keys in production. Forced
+ env vars to be present.
+ """
+ if ENV == PRODUCTION and variable not in os.environ:
+ raise Exception('Required environment variable not set: {}'.format(variable))
+
+ return os.environ.get(variable, default)
+
+
# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/3.2/howto/deployment/checklist/
@@ -31,18 +42,17 @@
SECRET_KEY = 'django-insecure-%k6u+v8prz33iu179r=u^x=nqgf3eaged+x5h93rs(kob^t6u)'
# SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = True
+DEBUG = False #True
ALLOWED_HOSTS = ['localhost', '127.0.0.1', 'drp-authorized-agent.herokuapp.com', '44.209.94.186', 'osiraa.datarightsprotocol.org']
-
# Application definition
-
INSTALLED_APPS = [
'user_identity.apps.UserIdentityConfig',
'covered_business.apps.CoveredBusinessConfig',
'data_rights_request.apps.DataRightsRequestConfig',
'reporting.apps.ReportingConfig',
+ 'agent_keys.apps.AgentKeysConfig',
'drp_pip.apps.DrpPipConfig',
'django.contrib.admin',
'django.contrib.auth',
@@ -88,20 +98,18 @@
# https://docs.djangoproject.com/en/3.2/ref/settings/#databases
if ENV in [STAGING, PRODUCTION]:
- # for heroku deploy ...
import dj_database_url
DATABASES = {
'default': dj_database_url.config(conn_max_age=500, ssl_require=False),
}
-
else:
# for local use only ...
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.postgresql_psycopg2',
- 'NAME': os.environ.get('POSTGRES_NAME') or 'authorizedagent',
+ 'NAME': os.environ.get('POSTGRES_NAME') or 'authorizedagent09',
'USER': os.environ.get('POSTGRES_USER') or 'postgres',
- 'PASSWORD': os.environ.get('POSTGRES_PASSWORD') or 'rootz',
+ 'PASSWORD': os.environ.get('POSTGRES_PASSWORD') or 'postgres',
'HOST': os.environ.get('POSTGRES_HOST') or 'localhost',
'PORT': os.environ.get('POSTGRES_PORT') or '5432'
},
@@ -112,21 +120,34 @@
# https://docs.djangoproject.com/en/3.2/ref/settings/#auth-password-validators
AUTH_PASSWORD_VALIDATORS = [
- {
- 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
- },
- {
- 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
- },
- {
- 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
- },
- {
- 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
- },
+ { 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator' },
+ { 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator' },
+ { 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator' },
+ { 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator' },
]
+# Authorized Agent ID and Name, should match entries in service directory
+AUTHORIZED_AGENT_ID = get('AUTHORIZED_AGENT_ID', 'CR_AA_DRP_ID_001_LOCAL')
+AUTHORIZED_AGENT_NAME = get('AUTHORIZED_AGENT_NAME', 'OSIRAA Local Test Instance')
+WEB_URL = get('WEB_URL', 'http://127.0.0.1:8003')
+
+# Authorized Agent Signing Key (64-bit encoded). Must remain secret.
+AGENT_SIGNING_KEY_B64 = get('AGENT_SIGNING_KEY_B64', '098LMB1ayJW1N45oQ4J22ddU96gXr3/x5hEmKnPFpP0=')
+
+# Authorized Agent Verify Key (64-bit encoded)
+# This is the public verify key for use in sending DRP requests to CB and PIP partners.
+# It must match the key decalared in the Service Directory, or else partners' attempt
+# to validate DRP messages they receive will fail
+AGENT_VERIFY_KEY_B64 = get('AGENT_VERIFY_KEY_B64', 'jkX15E7+NA/0E7K5YAp7+GndMP6/Fa0dJJYyr1GJPoQ=')
+
+SERVICE_DIRECTORY_AGENT_URL = 'https://discovery.datarightsprotocol.org/agents.json'
+SERVICE_DIRECTORY_BUSINESS_URL = 'https://discovery.datarightsprotocol.org/businesses.json'
+
+# CB ID and Name for OSIRPIP
+OSIRAA_PIP_CB_ID = get('OSIRAA_PIP_CB_ID', "osirpip-cb-local-01")
+OSIRAA_PIP_CB_NAME = get('OSIRAA_PIP_CB_NAME', 'OSIRPIP Local Test Instance')
+
# Internationalization
# https://docs.djangoproject.com/en/3.2/topics/i18n/
diff --git a/drp_aa_mvp/drp_aa_mvp/urls.py b/drp_aa_mvp/drp_aa_mvp/urls.py
index 8a26a59..39177de 100644
--- a/drp_aa_mvp/drp_aa_mvp/urls.py
+++ b/drp_aa_mvp/drp_aa_mvp/urls.py
@@ -23,6 +23,7 @@
urlpatterns = [
path('', views.index, name='index'),
path('admin/', admin.site.urls),
+ path('agent_keys/', include('agent_keys.urls')),
path('user_identity/', include('user_identity.urls')),
path('covered_business/', include('covered_business.urls')),
path('data_rights_request/', include('data_rights_request.urls')),
diff --git a/drp_aa_mvp/drp_pip/migrations/0001_initial.py b/drp_aa_mvp/drp_pip/migrations/0001_initial.py
index f3e38d6..ba35977 100644
--- a/drp_aa_mvp/drp_pip/migrations/0001_initial.py
+++ b/drp_aa_mvp/drp_pip/migrations/0001_initial.py
@@ -21,7 +21,7 @@ class Migration(migrations.Migration):
('logo', models.ImageField(blank=True, upload_to='company-logos', verbose_name='Logo Image')),
('logo_thumbnail', models.ImageField(blank=True, upload_to='company-logos/thumbnails')),
('subtitle_description', models.TextField(blank=True)),
- ('verify_key', models.TextField(verbose_name='Hex encoded key to verify signed requests')),
+ ('verify_key', models.TextField(verbose_name='Base64 encoded key to verify signed requests')),
],
),
]
diff --git a/drp_aa_mvp/drp_pip/models.py b/drp_aa_mvp/drp_pip/models.py
index f4e97e9..f261c15 100644
--- a/drp_aa_mvp/drp_pip/models.py
+++ b/drp_aa_mvp/drp_pip/models.py
@@ -1,19 +1,20 @@
from django.db import models
import data_rights_request.models as drr
+import json
+import logging
+import requests
+
class MessageValidationException(Exception):
pass
-# TKTKTK I should really be thinking hard about just using the one in
-# the OSIRAA side... not sue how that would effect an "internal" end
-# to end test tho right now so just duplicating.
class DataRightsRequest(drr.DataRightsRequest):
aa_id = models.CharField(max_length=63, blank=True, default='')
+
class DataRightsStatus(drr.DataRightsStatus):
aa_id = models.CharField(max_length=63, blank=True, default='')
-
class AuthorizedAgent(models.Model):
name = models.CharField(max_length=63, blank=True, default='')
brand_name = models.CharField(max_length=63, blank=True, default='')
@@ -21,8 +22,10 @@ class AuthorizedAgent(models.Model):
logo = models.ImageField('Logo Image', upload_to='company-logos', blank=True)
logo_thumbnail = models.ImageField(upload_to='company-logos/thumbnails', blank=True)
subtitle_description = models.TextField(blank=True)
+
+ # todo: confirm that it's the correct, base64 encoded key ...
+ verify_key = models.TextField('Base64 encoded key to verify signed requests')
- verify_key = models.TextField('Hex encoded key to verify signed requests')
bearer_token = models.TextField('pair-wise token between AA and CB', blank=True)
def __str__(self):
@@ -35,3 +38,43 @@ def fetch_by_id(cls, aa_id: str):
@classmethod
def fetch_by_bearer_token(cls, token: str):
return cls.objects.get(bearer_token=token)
+
+ @classmethod
+ def refresh_from_directory(cls, directory_url):
+ response = requests.get(directory_url)
+
+ try:
+ response_json = json.loads(response.text)
+ except ValueError as e:
+ logging.warn('** WARNING - refresh_service_directory(): NOT valid json **')
+ return False
+
+ # loop thru entries and update the CB's in the DB
+ for item in response_json:
+ agent_id = str(item['id']) # this field corresponds to cb_id in the CovereredBusiness model
+
+ aa_id = item["id"]
+ name = item["name"]
+ logo = item.get("logo")
+
+ # todo: confirm that it's the correct, base64 encoded key ...
+ verify_key = item["verify_key"]
+
+ try:
+ agent_model = cls.fetch_by_id(agent_id)
+ except cls.DoesNotExist as e:
+ agent_model = None
+
+ if agent_model is not None:
+ agent_model.aa_id = aa_id
+ agent_model.name = name
+ agent_model.logo = logo
+ agent_model.verify_key = verify_key
+ agent_model.save()
+ else:
+ new_agent = cls.objects.create(
+ aa_id = aa_id,
+ name = name,
+ logo = logo,
+ verify_key = verify_key,
+ )
diff --git a/drp_aa_mvp/drp_pip/urls.py b/drp_aa_mvp/drp_pip/urls.py
index d7d240f..1055a19 100644
--- a/drp_aa_mvp/drp_pip/urls.py
+++ b/drp_aa_mvp/drp_pip/urls.py
@@ -4,10 +4,7 @@
urlpatterns = [
# path('', views.index, name='index'),
-
- path('.well-known/data-rights.json', views.static_discovery, name='discovery'),
- # TKTKTK fix path to match
- path('v1/data-right-request/', views.exercise, name='receive_request'),
+ path('v1/data-rights-request/', views.exercise, name='receive_request'),
path('v1/data-rights-request/', views.get_status, name='get_status'),
- path('v1/agent/', views.agent, name='agent_router_ugghhh'),
+ path('v1/agent/', views.agent, name='agent_router'),
]
diff --git a/drp_aa_mvp/drp_pip/views.py b/drp_aa_mvp/drp_pip/views.py
index 38bc8dd..70f9198 100644
--- a/drp_aa_mvp/drp_pip/views.py
+++ b/drp_aa_mvp/drp_pip/views.py
@@ -1,3 +1,4 @@
+import arrow
import base64
import json
import os
@@ -5,12 +6,13 @@
from typing import Optional
import uuid
-import arrow
+from django.conf import settings
+from django.http import JsonResponse, HttpResponse, HttpRequest
from django.shortcuts import render
from django.views.decorators.csrf import csrf_exempt
from django.views.decorators.http import require_http_methods
-from django.http import JsonResponse, HttpResponse, HttpRequest
-from nacl.encoding import HexEncoder
+
+from nacl.encoding import Base64Encoder
from nacl.signing import VerifyKey
from nacl.utils import random
import nacl.exceptions
@@ -19,23 +21,17 @@
DataRightsRequest, DataRightsStatus)
from data_rights_request.models import ACTION_CHOICES, REGIME_CHOICES
-# TKTKTK cross-module import
+# todo: cross-module import ...
# from data_rights_request.models import ACTION_CHOICES, REGIME_CHOICES
import logging
logging.basicConfig(level=logging.WARN)
logger = logging.getLogger(__name__)
-logger.setLevel(logging.WARN)
+logger.setLevel(logging.DEBUG)
-OSIRAA_PIP_CB_ID = os.environ.get("OSIRAA_PIP_CB_ID", "osiraa-local-001")
+OSIRAA_PIP_CB_ID = settings.OSIRAA_PIP_CB_ID
+#OSIRAA_PIP_CB_ID = os.environ.get("OSIRAA_PIP_CB_ID", "osirpip-cb-local-01")
-@csrf_exempt
-def static_discovery(request):
- return JsonResponse({
- "version": "0.7",
- "actions": ["sale:opt-out", "sale:opt-in", "access", "deletion"],
- "api_base": f"{request.scheme}://{request.get_host()}/pip/",
- })
"""
Privacy Infrastructure Providers MUST validate the message in this order:
@@ -47,23 +43,30 @@ def static_discovery(request):
- That the current time is before the Expiration expires-at claim
"""
+# the /agent endpoint, supports two different methods GET and POST
@csrf_exempt
@require_http_methods(["GET", "POST"])
def agent(request, aa_id: str):
- """
- urlconfs can't choose a route based on method so we'll do it ourselves
- I really do hate django.
- """
- if request.method == 'GET':
- return agent_status(request, aa_id)
- elif request.method == 'POST':
- return register_agent(request, aa_id)
+ logger.info('** drp_pip.agent()')
+ # urlconfs can't choose a route based on method so we'll do it ourselves
+ if request.method == 'POST':
+ return register_agent(request, aa_id)
+ elif request.method == 'GET':
+ return agent_information(request, aa_id)
+
+@csrf_exempt
+# when an agent sends call to setup pairwise keys, it goes here.
+# we validate their agent id and verify key, and return a bearer token
def register_agent(request, aa_id: str):
+ logger.info('** drp_pip.register_agent()')
+
agent = AuthorizedAgent.fetch_by_id(aa_id)
+ logger.info(f'** drp_pip.register_agent(): agent = {agent}')
+
if agent is None:
- # Validate That the signature validates to the key associated with the out of band Authorized Agent identity presented in the request path.
+ # validate that the signature validates to the key associated with the out of band Authorized Agent identity presented in the request path
logger.error(f"could not find authorized agent for {aa_id}")
return HttpResponse(status=403)
@@ -73,33 +76,38 @@ def register_agent(request, aa_id: str):
return HttpResponse(status=403)
# make a token and persist it...
- agent.bearer_token = HexEncoder.encode(random(size=64)).decode()
+ agent.bearer_token = Base64Encoder.encode(random(size=64)).decode()
+
try:
agent.save()
+
return JsonResponse({
"agent-id": message["agent-id"],
"token": agent.bearer_token
})
except:
- return HttpResponse(b"Something went wonky! Token did not persist.", status=500)
+ return HttpResponse(b"Something went wrong, token did not persist.", status=500)
+
def validate_auth_header(request) -> Optional[str]:
auth_header = request.headers.get("Authorization")
- extractor = r"Bearer ([a-zA-Z0-9=+\-_/]+)"
- matches = re.match(extractor, auth_header)
+ extractor = r"Bearer ([a-zA-Z0-9=+\-_/]+)"
+ matches = re.match(extractor, auth_header)
+
if matches is None:
- logger.error(f"Auth header did not parse.")
- logger.error(f"header '{auth_header}'")
+ logger.error(f"validate_auth_header(): Auth header '{auth_header}' did not parse")
return None
+ #logger.debug(f"** validate_auth_header(): matches = {matches}")
+
return matches.group(1)
@csrf_exempt
-def agent_status(request, aa_id: str):
- """
- This method just looks to see that the bearer token is in the DB.
- """
+def agent_information(request, aa_id: str):
+ logger.info('** drp_pip.agent_information()')
+
+ # this method just looks to see that the bearer token is in the DB ...
bearer_token = validate_auth_header(request)
if not bearer_token:
return HttpResponse(status=403)
@@ -107,25 +115,52 @@ def agent_status(request, aa_id: str):
agent = AuthorizedAgent.fetch_by_bearer_token(bearer_token)
if agent.aa_id != aa_id:
- logger.error(f"bearer token did not match expected AA {aa_id}???")
+ logger.error(f"bearer token did not match expected AA {aa_id}")
return HttpResponse(status=403)
if agent is None:
- logger.error(f"tok did not resolve to agent; caller expected {aa_id}")
+ logger.error(f"token did not resolve to agent; caller expected {aa_id}")
return HttpResponse(status=403)
return JsonResponse({})
-
+# the /exercise endpoint - POST only
@csrf_exempt
def exercise(request: HttpRequest):
+ logger.info('** drp_pip.exercise()')
+
+ logger.debug(f"** drp_pip.exercise(): request = {request}")
+
+ # todo: why is the body empty when the message arrives ???
+ logger.info(f'** drp_pip.exercise(): request.body = {request.body}')
+
+ logger.info(f'** drp_pip.exercise(): data = {request.POST.data}')
+
+ body_str = request.body.decode();
+ logger.info(f'** drp_pip.exercise(): body_str = {body_str}')
+
+ #bytestring = b'Hello, world!'
+ #string = bytestring.decode('utf-8')
+
bearer_token = validate_auth_header(request)
+
+ logger.info(f'** drp_pip.exercise(): bearer_token = {bearer_token}')
+
if not bearer_token:
return HttpResponse(status=403)
agent = AuthorizedAgent.fetch_by_bearer_token(bearer_token)
+ logger.info(f'** drp_pip.exercise(): agent = {agent.name}')
+
+ logger.info(f'** drp_pip.exercise(): request.body = {request.body}')
+
+ #logger.info(f'** drp_pip.exercise(): request.encoding = {request.encoding}')
+ #logger.info(f'** drp_pip.exercise(): request.POST = {request.POST}')
+
+ #or, we can use HttpRequest.read() or even HttpRequest.POST
+
try:
message = validate_message_to_agent(agent, request)
except:
@@ -145,7 +180,7 @@ def exercise(request: HttpRequest):
status_callback = message['status_callback'],
regime = db_regime,
right = db_right,
- # persist claims...?
+ # todo: persist claims ... ?
)
status = dict(
@@ -156,7 +191,6 @@ def exercise(request: HttpRequest):
# processing_details = response_json.get('processing_details'),
# reason = response_json.get('reason'),
# user_verification_url = response_json.get('user_verification_url'),
- # these fields need to be coerced to a datetime from arbitrary timestamps
received_at = str(arrow.get())
# expected_by = enrich_date(response_json.get('expected_by')),
)
@@ -197,52 +231,76 @@ def get_status(request, request_id: str):
def validate_message_to_agent(agent: AuthorizedAgent, request: HttpRequest) -> dict:
- """Validate the message is coming from the specified agent and
- destined to us in a reasonable time window. Returns the
- deserialized message or raises.
- """
- now = arrow.get()
+ # validate that the message is coming from the specified agent and destined to us in a reasonable time window
+ # returns the deserialized message or raises an exception
+
+ logger.info(f"** validate_message_to_agent()")
aa_id = agent.aa_id
- verify_key_hex = agent.verify_key
- verify_key = VerifyKey(verify_key_hex, encoder=HexEncoder)
+
+ # todo: verify this is the correctly encoded verify key
+ verify_key_b64 = agent.verify_key
- logger.debug(f"vk is {verify_key_hex}")
- logger.debug(f"agent is {aa_id}")
+ # todo: what does this do? why to we need to unencode it?
+ verify_key = VerifyKey(verify_key_b64, encoder=Base64Encoder)
- decoded = base64.b64decode(request.body)
- logger.debug(f"decoded is {decoded}")
- logger.debug(f"encoded is {request.body}")
+ logger.debug(f"** authourized_agent_id = {aa_id}")
+ logger.debug(f"** verify_key_b64 = {verify_key_b64}")
+
+ logger.debug(f"** encoded request.body = {request.body}")
+ decoded_body = request.body.decode()
+ logger.debug(f"** decoded_body = {decoded_body}")
+
+ b64decoded_body = base64.b64decode(request.body)
+ logger.debug(f"** b64decoded_body = {b64decoded_body}")
+
try:
- # don't need to do anything here -- if it doesn't raise it's verified!
- serialized_message = verify_key.verify(decoded)
+ serialized_message = verify_key.verify(decoded_body)
+ logger.debug(f"** serialized_message = {serialized_message}")
+
except nacl.exceptions.BadSignatureError as e:
- # Validate That the signature validates to the key associated with the out of band Authorized Agent identity presented in the request path.
- logger.error(f"bad signature from {aa_id}: {e}")
+ # Validate the signature to the key associated with the out of band
+ # Authorized Agent identity presented in the request path
+ logger.error(f"** validate_message_to_agent(): bad signature from {aa_id}: {e}")
+
raise e
message = json.loads(serialized_message)
-
+ logger.debug(f"** message = {message}")
+
aa_id_claim = message["agent-id"]
if aa_id_claim != aa_id:
- # Validate that the Authorized Agent specified in the agent-id claim in the request matches the Authorized Agent associated with the presented Bearer Token
- raise MessageValidationException(f"outer aa {aa_id} doesn't match claim {aa_id_claim}!!")
+ # validate that the Authorized Agent specified in the agent-id claim in the request matches
+ # the Authorized Agent associated with the presented Bearer Token
+ logger.error(f"** validate_message_to_agent(): outer aa {aa_id} doesn't match claim {aa_id_claim}")
+
+ raise MessageValidationException(f"outer aa {aa_id} doesn't match claim {aa_id_claim}")
business_id_claim = message["business-id"]
if business_id_claim != OSIRAA_PIP_CB_ID:
- # - That they are the Covered Business specified inside the business-id claim
+ # validate that they are the Covered Business specified inside the business-id claim
+ logger.error(f"** validate_message_to_agent(): claimed business-id {business_id_claim} does not match expected {OSIRAA_PIP_CB_ID}")
+
raise MessageValidationException(f"claimed business-id {business_id_claim} does not match expected {OSIRAA_PIP_CB_ID}")
+ now = arrow.get()
+
expires_at_claim = message["expires-at"]
if now > arrow.get(expires_at_claim):
- # TKTKTK: maybe worth checking that it's within like 15 minutes or something just to be sure the AA is compliant?
- # - That the current time is after the Timestamp issued-at claim
+ # validate that the current time is after the Timestamp issued-at claim
+ # todo: check that it's within like 15 minutes or so just to be sure the AA is compliant ... ?
+ logger.error(f"** validate_message_to_agent(): message has expired {expires_at_claim}")
+
raise MessageValidationException(f"Message has expired! {expires_at_claim}")
issued_at_claim = message["issued-at"]
if arrow.get(issued_at_claim) > now:
- # - That the current time is before the Expiration expires-at claim
- raise MessageValidationException(f"Message from the future??? {issued_at_claim}")
+ # validate that the current time is before the Expiration expires-at claim
+ logger.error(f"** validate_message_to_agent(): message from the future? {issued_at_claim}")
+
+ raise MessageValidationException(f"Message from the future? {issued_at_claim}")
+
+ logger.info(f"** validate_message_to_agent(): message = {message}")
return message
diff --git a/drp_aa_mvp/fixtures/fixture.json b/drp_aa_mvp/fixtures/fixture.json
index ea1babb..7686c4f 100644
--- a/drp_aa_mvp/fixtures/fixture.json
+++ b/drp_aa_mvp/fixtures/fixture.json
@@ -1,52 +1,52 @@
[
-{
- "model": "covered_business.coveredbusiness",
- "pk": 3,
- "fields": {
- "name": "osiraa-local",
- "brand_name": "",
- "cb_id": "osiraa-local-001",
- "logo": "",
- "logo_thumbnail": "",
- "subtitle_description": "",
- "discovery_endpoint": "http://localhost:8000/pip/.well-known/data-rights.json",
- "api_root_endpoint": "http://localhost:8000/pip",
- "supported_actions": "[\"sale:opt-out\", \"sale:opt-in\", \"access\", \"deletion\"]",
- "auth_bearer_token": "_"
+ {
+ "model": "covered_business.coveredbusiness",
+ "pk": 3,
+ "fields": {
+ "name": "osiraa-local",
+ "brand_name": "",
+ "cb_id": "osiraa-local-001",
+ "logo": "",
+ "logo_thumbnail": "",
+ "subtitle_description": "",
+ "discovery_endpoint": "http://localhost:8000/pip/.well-known/data-rights.json",
+ "api_root_endpoint": "http://localhost:8000/pip",
+ "supported_actions": "[ \"sale:opt-out\", \"sale:opt-in\", \"access\", \"deletion\" ]",
+ "auth_bearer_token": "_"
+ }
+ },
+ {
+ "model": "drp_pip.authorizedagent",
+ "pk": 1,
+ "fields": {
+ "name": "osiraa-local",
+ "brand_name": "",
+ "aa_id": "CR_AA_DRP_ID_001",
+ "logo": "",
+ "logo_thumbnail": "",
+ "subtitle_description": "",
+ "verify_key": "b0409a509cf611a0529ff25df555f692e896eaeb599bfc6e402fa18e523ad7a0",
+ "bearer_token": ""
+ }
+ },
+ {
+ "model": "user_identity.identityuser",
+ "pk": 1,
+ "fields": {
+ "first_name": "John",
+ "last_name": "Random",
+ "email": "jrandom1980@gmail.com",
+ "email_verified": true,
+ "phone_number": "",
+ "phone_verified": false,
+ "city": "",
+ "country": "",
+ "address1": "",
+ "address2": "",
+ "state_province": "",
+ "zip_postal": "",
+ "address_verified": false,
+ "power_of_attorney": false
+ }
}
-},
-{
- "model": "drp_pip.authorizedagent",
- "pk": 1,
- "fields": {
- "name": "osiraa-local",
- "brand_name": "",
- "aa_id": "CR_AA_DRP_ID_001",
- "logo": "",
- "logo_thumbnail": "",
- "subtitle_description": "",
- "verify_key": "b0409a509cf611a0529ff25df555f692e896eaeb599bfc6e402fa18e523ad7a0",
- "bearer_token": ""
- }
-},
-{
- "model": "user_identity.identityuser",
- "pk": 1,
- "fields": {
- "first_name": "John",
- "last_name": "Random",
- "email": "jrandom1980@gmail.com",
- "email_verified": true,
- "phone_number": "",
- "phone_verified": false,
- "city": "",
- "country": "",
- "address1": "",
- "address2": "",
- "state_province": "",
- "zip_postal": "",
- "address_verified": false,
- "power_of_attorney": false
- }
-}
]
diff --git a/drp_aa_mvp/reporting/models.py b/drp_aa_mvp/reporting/models.py
index 890a1ae..476e391 100644
--- a/drp_aa_mvp/reporting/models.py
+++ b/drp_aa_mvp/reporting/models.py
@@ -43,7 +43,7 @@ class ReportEntry(models.Model):
covered_biz_name = models.CharField(max_length=127, blank=True, default='')
is_pip = models.BooleanField(default=False)
- # action (for excercise only)
+ # action (for exercise only)
request_action = models.CharField(max_length=10, blank=True, default='',
choices=REQUEST_ACTION_CHOICES)
covered_regime = models.CharField(max_length=31, blank=True, default='',
diff --git a/drp_aa_mvp/reporting/templates/reporting/index.html b/drp_aa_mvp/reporting/templates/reporting/index.html
index d684c5a..455658d 100644
--- a/drp_aa_mvp/reporting/templates/reporting/index.html
+++ b/drp_aa_mvp/reporting/templates/reporting/index.html
@@ -1,327 +1,304 @@
-
-OSIRAA - Open Source Implementer's Reference Authorized Agent
-
-
-DRP Cert Test Suite
+
+
OSIRAA - Open Source Implementer's Reference Authorized Agent
+
-
Version 0.7.0 - Updated March 2023
+
DRP Cert Test Suite
-
See also https://github.com/consumer-reports-digital-lab/data-rights-protocol/blob/main/data-rights-protocol.md
+
Version 0.9.3 - Updated November 2024
-
+
See also https://github.com/consumer-reports-innovation-lab/data-rights-protocol/blob/main/data-rights-protocol.md
+
-
1. GET /.well-known/data-rights.json (“Data Rights Discovery” endpoint)
-
- - Covered Business's domain SHOULD have a /.well-known/data-rights.json
- - Discovery Endpoint MUST be valid JSON
- - Discovery Endpoint MUST contain a version field (currently 0.7)
- - Discovery Endpoint MUST provide a field “api_base”
-
- - “api_base” url MUST be a well-formed url
- - “api_base” url MUST be valid for subsequent calls
-
-
- - Discovery Endpoint MUST provide a list of supported “actions”
- - Discovery Endpoint MAY contain a hint set “user_relationships”
- - Discovery Endpoint SHOULD NOT contain additional undefined fields
-
-
+
2. POST /v1/data-rights-request (“Data Rights Exercise” endpoint)
+
+ - A Data Rights Exercise request SHALL contain a JSON-encoded message body
+ - The message body SHALL have a libsodium/NaCl/ED25119 binary signature immediately prepended to it
+
+
+ - The message body MUST containing the following fields:
+
+ - “agent-id” - a string identifying the Authorized Agent which is submitting the data rights request
+ - “business-id” - a string identifying the Covered Business which the request is being sent to
+ - “issued-at” - an ISO 8601-encoded timestamp expressing when the request was created.
+ - “expires-at” - an ISO 8601-encoded timestamp expressing when the request should no longer be considered viable
+ - “drp.version” - a string referencing the current protocol version "0.9.3"
+ - “exercise” - string specifying the Rights Action: [ access | deletion | sale:opt_out | sale:opt_in | access:categories | access:specific ]
+ - “regime” (optional) - a string specifying the legal regime under which the Data Request is being taken: [ ccpa | voluntary ]
+ - “relationships” (optional) - a list of string 'hints' for the Covered Business
+ - “status_callback” (optional) - a URL that the Status Callback can be sent to
+ - “name” (str) - if known, claim SHALL contain the user's full name most likely known by the Covered Business
+ - “email” (str) - if known, claim SHALL contain the user's email address
+ - “email_verified” (bool) - TRUE if the user's email address has been affirmatively verified according to the System Rules
+ - “phone_number” (str) - if known, claim SHALL contain the user's phone number in E.164 encoding
+ - “phone_number_verified” (bool) - TRUE if the user's phone number has been affirmatively verified according to the System Rules
+ - “address” (str) - if known, claim SHALL contain the user's preferred address, asspecified in OpenID Connect Core 1.0 section 5.1.1
+ - “address_verified” (bool) - TRUE if the user's address has been affirmatively verified according to the System Rules
+ - “power_of_attorney” (str) - MAY contain a reference to a User-signed document delegating power of attorney to the submitting AA
+
+
+
+
+ - The Privacy Infrastructure Provider SHALL validate the message is signed according to the guidance in section 3.07
+
+
+ - All calls MUST return a Data Rights Status object for all actions listed in the Service Directory for the Covered Business
+ - Values of fields may vary, see below. Test all supported permutations:
+
+ - POST /v1/data-rights-request { action: “access”, regime: “ccpa” }
+ - POST /v1/data-rights-request { action: “access”, regime: “voluntary” }
+ - POST /v1/data-rights-request { action: “deletion”, regime: “ccpa” }
+ - POST /v1/data-rights-request { action: “deletion”, regime: “voluntary” }
+ - POST /v1/data-rights-request { action: “sale:opt_out”, regime: “ccpa” }
+ - POST /v1/data-rights-request { action: “sale:opt_out”, regime: “voluntary” }
+ - POST /v1/data-rights-request { action: “sale:opt_in”, regime: “ccpa” }
+ - POST /v1/data-rights-request { action: “sale:opt_in”, regime: “voluntary” }
+
+
+
-
2. POST /v1/data-right-request/ (“Data Rights Exercise” endpoint)
-
- - A Data Rights Exercise request SHALL contain a JSON-encoded message body
- - The message body SHALL have a libsodium/NaCl/ED25119 binary signature immediately prepended to it
+
+ - Returns a Data Rights Status object
+
+ - MUST contain field “request_id”
+ - “request_id” is globally unique
+ - MUST contain field “status”
+ - “status” allowable values: [ "in_progress" | "open" | "fulfilled" | "revoked" | "denied" | "expired" ]
+ - allowable status values vary with action; see below
+ - MAY contain field “reason”
+ - “reason” allowable values: "need_verification" | "suspected_fraud" | “insuf_verification” | "no_match" | "claim_not_covered" | "too_many_requests" | "outside_jurisdiction" | "other" | “none”
+ - allowable reason values vary with status; see below
+ - MUST contain field “received_at”
+ - “received_at” is an ISO 8601 string (ISO time format)
+ - SHOULD contain field “expected_by”
+ - “expected_by” is an ISO 8601 string (ISO time format)
+ - MAY contain a field "processing_details", a text string - @RR is there a max character length?
+ - MAY contain a field "user_verification_url"
+ - "user_verification_url" must be a well formatted URI
+ - "user_verification_url" must a valid endmpoint which correctly returns data about the request
+ - MAY contain a field "expires_at"
+ - "expires_at" should be an [ISO 8601]-encoded time
+ - Additional optional/unknown fields - throw a warning
+
+
+
- - The message body MUST containing the following fields:
-
- The first set of claims describes the parties and time frame
- - “agent-id” - a string identifying the Authorized Agent which is submitting the data rights request
- - “business-id” - a string identifying the Covered Business which the request is being sent to
- - “expires-at” - an ISO 8601-encoded timestamp expressing when the request should no longer be considered viable
- - “issued-at” - an ISO 8601-encoded timestamp expressing when the request was created.
-
+ 2.1. POST /v1/data-rights-request { action: “access”, regime: “ccpa” }
+
+ - Status: “open” | “in_progress”
+ - If status == “open”, reason SHOULD be “none”
+ - If status == “in_progress”, reason SHOULD be “need_verification” | “none”
+ - If status == “in_progress”, response MUST contain "expires-at"
+
+
- The second grouping contains data about the Data Rights Request
- - “drp.version” - a string referencing the current protocol version "0.7"
- - “exercise” - string specifying the Rights Action: [ access | deletion | sale:opt_out | sale:opt_in | access:categories | access:specific ]
- - “regime” (optional) - a string specifying the legal regime under which the Data Request is being taken: [ ccpa | voluntary ]
- - “relationships” (optional) - a list of string 'hints' for the Covered Business
- - “status_callback” (optional) - a URL that the Status Callback can be sent to
-
+ 2.2. POST /v1/data-rights-request { action: “access”, regime: “voluntary” }
+
+ - Status: “open” | “in_progress” | “denied”
+ - If status == “open”, reason SHOULD be “none”
+ - If status == “in_progress”, reason SHOULD be “need_verification” | “none”
+ - If status == “in_progress”, response MUST contain "expires-at"
+ - If status == “denied”, reason SHOULD be “outside_jurisdiction”
+
+
- The JSON object minimally must contain the claims outlined in section 3.04 regarding identity encapsulation
- - “name” (str) - if known, claim SHALL contain the user's full name most likely known by the Covered Business
- - “email” (str) - if known, claim SHALL contain the user's email address
- - “email_verified” (bool) - TRUE if the user's email address has been affirmatively verified according to the System Rules
- - “phone_number” (str) - if known, claim SHALL contain the user's phone number in E.164 encoding
- - “phone_number_verified” (bool) - TRUE if the user's phone number has been affirmatively verified according to the System Rules
- - “address” (str) - if known, claim SHALL contain the user's preferred address, asspecified in OpenID Connect Core 1.0 section 5.1.1
- - “address_verified” (bool) - TRUE if the user's address has been affirmatively verified according to the System Rules
- - “power_of_attorney” (str) - MAY contain a reference to a User-signed document delegating power of attorney to the submitting AA
+ 2.3. POST /v1/data-rights-request { action: “deletion”, regime: “ccpa” }
+
+ - Status: “open” | “in_progress”
+ - If status == “open”, reason SHOULD be “none”
+ - If status == “in_progress”, reason SHOULD be “need_verification” | “none”
+ - If status == “in_progress”, response MUST contain "expires-at"
+
+
-
-
+ 2.4. POST /v1/data-rights-request { action: “deletion”, regime: “voluntary” }
+
+ - Status: “open” | “in_progress” | “denied”
+ - If status == “open”, reason SHOULD be “none”
+ - If status == “in_progress”, reason SHOULD be “need_verification” | “none”
+ - If status == “in_progress”, response MUST contain "expires-at"
+ - If status == “denied”, reason SHOULD be “outside_jurisdiction”
+
- - The Privacy Infrastructure Provider SHALL validate the message is signed according to the guidance in section 3.07
+ 2.5. POST /v1/data-rights-request { action: “sale:opt_out”, regime: “ccpa” }
+
+ - Status: “open” | “in_progress”
+ - If status == “open”, reason SHOULD be “none”
+ - If status == “in_progress”, reason SHOULD be “need_verification” | “none”
+ - If status == “in_progress”, response MUST contain "expires-at"
+
- - All calls MUST return a Data Rights Status object for all actions listed in .well-known/data-rights.json
- - Values of fields may vary, see below
- - Test all supported permutations:
-
- - POST /v1/data-right-request/ { action: “access”, regime: “ccpa” }
- - POST /v1/data-right-request/ { action: “access”, regime: “voluntary” }
- - POST /v1/data-right-request/ { action: “deletion”, regime: “ccpa” }
- - POST /v1/data-right-request/ { action: “deletion”, regime: “voluntary” }
- - POST /v1/data-right-request/ { action: “sale:opt_out”, regime: “ccpa” }
- - POST /v1/data-right-request/ { action: “sale:opt_out”, regime: “voluntary” }
- - POST /v1/data-right-request/ { action: “sale:opt_in”, regime: “ccpa” }
- - POST /v1/data-right-request/ { action: “sale:opt_in”, regime: “voluntary” }
-
-
-
+
2.6. POST /v1/data-rights-request { action: “sale:opt_out”, regime: “voluntary” }
+
+ - Status: “open” | “in_progress” | “denied”
+ - If status == “open”, reason SHOULD be “none”
+ - If status == “in_progress”, reason SHOULD be “need_verification” | “none”
+ - If status == “in_progress”, response MUST contain "expires-at"
+ - If status == “denied”, reason SHOULD be “outside_jurisdiction”
+
+
-
- - Returns a Data Rights Status object
-
- - MUST contain field “request_id”
- - “request_id” is globally unique
- - MUST contain field “status”
- - “status” allowable values: [ "in_progress" | "open" | "fulfilled" | "revoked" | "denied" | "expired" ]
- - allowable status values vary with action; see below
- - MAY contain field “reason”
- - “reason” allowable values: "need_verification" | "suspected_fraud" | “insufficient_verification” | "no_match" | "claim_not_covered" | "too_many_requests" | "outside_jurisdiction" | "other" | “none”
- - allowable reason values vary with status; see below
- - MUST contain field “received_at”
- - “received_at” is an ISO 8601 string (ISO time format)
- - SHOULD contain field “expected_by”
- - “expected_by” is an ISO 8601 string (ISO time format)
- - MAY contain a field "processing_details", a text string - @RR is there a max character length?
- - MAY contain a field "user_verification_url"
- - "user_verification_url" must be a well formatted URI
- - "user_verification_url" must a valid endmpoint which correctly returns data about the request
- - MAY contain a field "expires_at"
- - "expires_at" should be an [ISO 8601]-encoded time
- - Additional optional/unknown fields - throw a warning
-
-
-
-
+
2.7. POST /v1/data-rights-request { action: “sale:opt_in”, regime: “ccpa” }
+
+ - Status: “open” | “in_progress”
+ - If status == “open”, reason SHOULD be “none”
+ - If status == “in_progress”, reason SHOULD be “need_verification” | “none”
+ - If status == “in_progress”, response MUST contain "expires-at"
+
+
-
2.1. POST /v1/data-right-request/ { action: “access”, regime: “ccpa” }
-
- - Status: “open” | “in_progress”
- - If status == “open”, reason SHOULD be “none”
- - If status == “in_progress”, reason SHOULD be “need_verification” | “none”
-
-
+
2.8. POST /v1/data-rights-request { action: “sale:opt_in”, regime: “voluntary” }
+
+ - Status: “open” | “in_progress” | “denied”
+ - If status == “open”, reason SHOULD be “none”
+ - If status == “in_progress”, reason SHOULD be “need_verification” | “none”
+ - If status == “in_progress”, response MUST contain "expires-at"
+ - If status == “denied”, reason SHOULD be “outside_jurisdiction”
+
+
-
2.2. POST /v1/data-right-request/ { action: “access”, regime: “voluntary” }
-
- - Status: “open” | “in_progress” | “denied”
- - If status == “open”, reason SHOULD be “none”
- - If status == “in_progress”, reason SHOULD be “need_verification” | “none”
- - If status == “denied”, reason SHOULD be “outside_jurisdiction”
-
-
-
2.3. POST /v1/data-right-request/ { action: “deletion”, regime: “ccpa” }
-
- - Status: “open” | “in_progress”
- - If status == “open”, reason SHOULD be “none”
- - If status == “in_progress”, reason SHOULD be “need_verification” | “none”
-
-
+
3. GET /v1/data-rights-request/{request_id} (“Data Rights Status” endpoint)
+
+ - Returns a Data Rights Status object
+ - Data Rights Status object MUST contain field “request_id”
+
+ - “request_id” value should match the value passed in
+
+
+ - Data Rights Status object SHOULD contain field “received_at”
+
+ - “received_at” is an ISO 8601 string (ISO time format)
+
+
+ - Data Rights Status object SHOULD contain field “expected_by”
+
+ - “expected_by” is an ISO 8601 string (ISO time format)
+
+
+ - Data Rights Status object MUST contain field “status”
+
+ - “status” allowable values: [ "in_progress" | "open" | "fulfilled" | "revoked" | "denied" | "expired" ]
+ - allowable status values vary with action; see below
+
+
+ - Data Rights Status object MAY contain “reason” field
+
+ - “reason” allowable values: “need_verification” | "suspected_fraud" | “insuf_verification” | "no_match" | "claim_not_covered" | "too_many_requests" | "outside_jurisdiction" | "other" | “none”
+ - allowable reason values vary with status; see below
+
+
+ - Data Rights Status object MAY contain field “processing_details”
+
+ - unconstrained text - @RR is the there a max character limit?
+
+
+ - Data Rights Status object MAY contain field “user_verification_url”
+
+ - “user_verification_url” is a well-formatted url
+ - “user_verification_url” is a an returns the correct data when called
+
+
+ - Data Rights Status object MAY contain field “expires_at”
+
+ - “expires_at” is an ISO 8601 string (ISO time format)
+
+
+
+ - Additional optional/unknown fields - throw a warning
+
+
-
2.4. POST /v1/data-right-request/ { action: “deletion”, regime: “voluntary” }
-
- - Status: “open” | “in_progress” | “denied”
- - If status == “open”, reason SHOULD be “none”
- - If status == “in_progress”, reason SHOULD be “need_verification” | “none”
- - If status == “denied”, reason SHOULD be “outside_jurisdiction”
-
-
+
3.1 GET /status fulfilled
+
+ - Additional fields: “results_url”, “expires_at”
+ - Final
+
+
-
2.5. POST /v1/data-right-request/ { action: “sale:opt_out”, regime: “ccpa” }
-
- - Status: “open” | “in_progress”
- - If status == “open”, reason SHOULD be “none”
- - If status == “in_progress”, reason SHOULD be “need_verification” | “none”
-
-
+
3.2 GET /status denied
+
+ - “reason” allowable values: "suspected_fraud" | “insuf_verification” | "no_match" | "claim_not_covered" | "too_many_requests" | "outside_jurisdiction" | "other" | “none”
+ - Additional fields: “processing_details”
+ - Final for all reasons except "too_many_requests"
+
+
-
2.6. POST /v1/data-right-request/ { action: “sale:opt_out”, regime: “voluntary” }
-
- - Status: “open” | “in_progress” | “denied”
- - If status == “open”, reason SHOULD be “none”
- - If status == “in_progress”, reason SHOULD be “need_verification” | “none”
- - If status == “denied”, reason SHOULD be “outside_jurisdiction”
-
-
+
3.3 GET /status expired
+
+ - The time is currently after “expires_at” in the request
+ - Final
+
+
-
2.7. POST /v1/data-right-request/ { action: “sale:opt_in”, regime: “ccpa” }
-
- - Status: “open” | “in_progress”
- - If status == “open”, reason SHOULD be “none”
- - If status == “in_progress”, reason SHOULD be “need_verification” | “none”
-
-
+
3.4 GET /status revoked
+
+
-
2.8. POST /v1/data-right-request/ { action: “sale:opt_in”, regime: “voluntary” }
-
- - Status: “open” | “in_progress” | “denied”
- - If status == “open”, reason SHOULD be “none”
- - If status == “in_progress”, reason SHOULD be “need_verification” | “none”
- - If status == “denied”, reason SHOULD be “outside_jurisdiction”
-
-
+
3.5 POST $status_callback (“Data Rights Status Callback” endpoint)
+
+ - SHOULD be implemented by Authorized Agents which will be exercising data rights for multiple Users
+ - The request body MUST adhere to the Exercise Status Schema
+ - THe PIP SHOULD make a best effort to ensure that a 200 response is issued for the most recent status update
+ - The body of the callback's response SHOULD be discarded and not be considered for parsing
+
+
-
3. GET /v1/data-rights-request/{request_id} (“Data Rights Status” endpoint)
-
+ 4 DELETE /v1/data-rights-request/{request_id} (“Data Rights Revoke” endpoint)
+
- Returns a Data Rights Status object
- Data Rights Status object MUST contain field “request_id”
- - “request_id” value should match the value passed in
+ - “request_id” value should match the value passed in
- - Data Rights Status object SHOULD contain field “received_at”
+
- Data Rights Status object MUST contain field “received_at”
- “received_at” is an ISO 8601 string (ISO time format)
- - Data Rights Status object SHOULD contain field “expected_by”
+
- Data Rights Status object MUST contain “status” field
- - “expected_by” is an ISO 8601 string (ISO time format)
-
-
- - Data Rights Status object MUST contain field “status”
-
- - “status” allowable values: [ "in_progress" | "open" | "fulfilled" | "revoked" | "denied" | "expired" ]
+ - “status” allowable values: [ "in_progress" | "open" | "revoked" | "denied" | "expired" ]
- allowable status values vary with action; see below
+ - Responses MUST contain the new revoked state - @RR this is underspecified, in what field is "revoked" contained?
- Data Rights Status object MAY contain “reason” field
-
- - “reason” allowable values: “need_verification” | "suspected_fraud" | “insufficient_verification” | "no_match" | "claim_not_covered" | "too_many_requests" | "outside_jurisdiction" | "other" | “none”
+
+ - “reason” allowable values: “need_verification” | "suspected_fraud" | “insuf_verification” | "no_match" | "claim_not_covered" | "too_many_requests" | "outside_jurisdiction" | "other" | “none”
- allowable reason values vary with status; see below
- - Data Rights Status object MAY contain field “processing_details”
-
- - unconstrained text - @RR is the there a max character limit?
-
-
- - Data Rights Status object MAY contain field “user_verification_url”
+
- Additional optional fields
- - “user_verification_url” is a well-formatted url
- - “user_verification_url” is a an returns the correct data when called
+ - TBD - enumerated in DRP spec, some have enumerated values for their fields
- - Data Rights Status object MAY contain field “expires_at”
-
- - “expires_at” is an ISO 8601 string (ISO time format)
-
-
-
- Additional optional/unknown fields - throw a warning
-
-
-
-3.1 GET /status fulfilled
-
- - Additional fields: “results_url”, “expires_at”
- - Final
-
-
-
-3.2 GET /status denied
-
- - “reason” allowable values: "suspected_fraud" | “insufficient_verification” | "no_match" | "claim_not_covered" | "too_many_requests" | "outside_jurisdiction" | "other" | “none”
- - Additional fields: “processing_details”
- - Final for all reasons except "too_many_requests"
-
-
-
-3.3 GET /status expired
-
- - The time is currently after “expires_at” in the request
- - Final
-
-
-
-3.4 GET /status revoked
-
-
-
-
-3.5 POST $status_callback (“Data Rights Status Callback” endpoint)
-
- - SHOULD be implemented by Authorized Agents which will be exercising data rights for multiple Users
- - The request body MUST adhere to the Exercise Status Schema
- - THe PIP SHOULD make a best effort to ensure that a 200 response is issued for the most recent status update
- - The body of the callback's response SHOULD be discarded and not be considered for parsing
-
-
-
-
-4 DELETE /v1/data-rights-request/{request_id} (“Data Rights Revoke” endpoint)
-
-
-
-5 POST /v1/agent/{agent-id} (“Pair-wise Key Setup” endpoint)
-
- - returns a JSON response
- - response has a field “agent-id”
- - “agent-id” key SHALL match the agent-id presented in the signed request
- - response has a field "token"
- - PIPs SHOULD generate this token using a cryptographically secure source such as libsodium's CSPRNG
- - if validation fails, the PIP SHALL return an HTTP 403 Forbidden response with no response body
-
-
-
-5.1 GET /v1/agent/{agent-id} (“Agent Information” endpoint)
-
- - does not need to return anything more than an empty JSON document and HTTP 200 response code
- - if the agent-id presented does not match the presented Bearer Token, the PIP MUST return a 403 Forbidden response
-
-
-
-
-
\ No newline at end of file
+