API for Collections of Statements #9
Comments
|
So, for the integration with vCon example, subject="my-product-id" could simply be the vcon uuid? So, an audit trail of a particular vCon could be supplied by this API endpoint? |
|
Yup, exactly. Any issuer that wants to make a statement about the vCon would use the identifie, enabling filtering on statements for the vCon, from different issuers, and even different content-types |
|
Lets look at COAP / CORE / OSCORE / ACE for examples of good CBOR APIs, and copy them. |
|
Resolve signed statement has the baseline. Marking ready-for-pr to incorporate into a PR. |
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
APIs which enables users to find a collection of signed statements based on protected, or unprotected header properties
A client may send any known or custom header property, or combination
TODO:
Collection of Signed Statement Header Properties
REQUEST:
RESPONSE:
a paged collection of references to Signed Statements, and the possible payload locations
{ "signed-statements": [ { "protected-headers": { "cwt_claims": { "iss": "my-identity.me", "sub": "my-product-id" }, "content_type": "application/json", "alg": "1", "kid": "abc123", "location-hint": "service.storage/abc123", "detached-hash": "abc123...321cba" }, "unprotected-headers": { "registered": "sometime" } }, { "protected-headers": { "cwt_claims": { "iss": "my-identity.me", "sub": "my-product-id" }, "content_type": "application/spdx+json", "alg": "1", "kid": "abc123", "location-hint": "service.storage/def456", "detached-hash": "def246...642fed" }, "unprotected-headers": { "registered": "sometime+1" } } ] }The text was updated successfully, but these errors were encountered: