search

ConsumerDataStandardsAustralia / standards-maintenance

This repository houses the interactions, consultations and work management to support the maintenance of baselined components of the Consumer Data Right API Standards and Information Security profile.
41 stars 9 forks source link

Add maxLength field sizes to field descriptions for Register APIs and SSA #621

Open markverstege opened 7 months ago

markverstege commented 7 months ago

Description

The Register API specifies maxLength constraints in the API swagger but these are not displayed in the online rendering of the standards. As a result, participants may not be aware of the maximum length constraints of the fields returned by the Register or sent in the SSA

Area Affected

Register APIs Software Statement Assertion

Change Proposed

Add the maxLength property values into the existing field description along the lines of "The maximum length of this field is X."

nils-work commented 2 months ago

The following values could be specified in the SSA Definition table as minimum field lengths that Data Holders could be required to support for DCR, as they are the limits of generated values and values accepted by the Register portal:

SSA field name Min. length Data Holders must support for DCR Group Comments
legal_entity_id 36 UUID Aligns to Register spec. for legalEntityId
legal_entity_name 200 Name field Aligns to Register spec. for legalEntityName
org_id 36 UUID Aligns to Register spec. for dataHolderBrandId
org_name 200 Name field Aligns to Register spec. for brandName
client_name 200 Name field Aligns to Register spec. for softwareProductName. (Register may currently only support 160 characters.) ***
client_description 4000 Variable string Aligns to Register spec. for softwareProductDescription
client_uri 1000 URI Aligns to other URIs
redirect_uris 2000 Array of URIs Limit defined in Register
sector_identifier_uri 2048 URI Limit defined in Register
logo_uri 1000 URI Aligns to Register spec. for logoUri
tos_uri 1000 URI Aligns to other URIs
policy_uri 1000 URI Aligns to other URIs
jwks_uri 1000 URI Aligns to other URIs
revocation_uri 1000 URI Aligns to other URIs
recipient_base_uri 1000 URI Aligns to other URIs
software_id 36 UUID Aligns to other UUIDs
Other fields included in the SSA for which a length may not be specified in the Standards, due to their potential to change over time include: SSA field name Current length Group Comments
software_roles 31 Variable string Currently only data-recipient-software-product is specified as a value
scope 496 Variable string String currently includes only two sectors among other values

*** The client_name/softwareProductName field also has a related constraint associated with the CSR 'Common Name (CN)' field which is currently limited to 64 characters.