search

PLATOONProject / PLATOON_DATA_USAGE

Open Source Data Usage Control Module created within the PLATOON H2020 project funded by the European Comission (Grant 872592)
Apache License 2.0
1 stars 3 forks source link

Usage Policy Not Supported #4

Open tharindupr opened 1 month ago

tharindupr commented 1 month ago

Hi,

I was trying to use Platoon Usage control with True Connector. Although the integration and deployment are successful, I'm getting an error saying that the policy is not supported. Following are the relevant logs from services:

ecc-provider | 16-07-2024 22:39:38.446 [qtp390243513-47] INFO i.e.i.b.s.i.DapsTokenProviderServiceImpl - Requesting token ecc-provider | 16-07-2024 22:39:38.555 [qtp390243513-47] INFO i.e.i.b.p.c.ContractAgreementProcessor - Uploading policy... uc-dataapp-provider | 16-07-2024 22:39:38.831 [https-jsse-nio-8080-exec-3] INFO com.tecnalia.datausage.api.ContractAgreementApiController - PolicyApiController received request ecc-provider | 16-07-2024 22:39:39.045 [qtp390243513-47] WARN i.e.i.b.p.c.ContractAgreementProcessor - Policy not uploaded - 400 : [Policy is not supported] ecc-provider | 16-07-2024 22:39:39.047 [qtp390243513-47] INFO i.e.i.b.s.i.RejectionMessageServiceImpl - Creating rejection message of reason https://w3id.org/idsa/code/NOT_AUTHORIZED ecc-provider | 16-07-2024 22:39:39.056 [qtp390243513-47] INFO i.e.i.m.p.MultipartMessageProcessor - Boundary from the multipart message is: --Eraa4WSlSHwOtMjh6DLZvP7rsPLAwKFegNg ecc-provider | 16-07-2024 22:39:39.176 [qtp390243513-47] INFO i.e.i.b.p.r.ReceiverSendDataToBusinessLogicProcessor - Sending response to Data Consumer ecc-consumer | 16-07-2024 22:39:39.186 [qtp1178721317-53] INFO i.e.i.b.s.i.SendDataToBusinessLogicServiceImpl - status code of the response message is: 200

Following is the contract corresponding to the resource requested:

{ "@context": { "ids": "https://w3id.org/idsa/core/", "idsc": "https://w3id.org/idsa/code/" }, "@type": "ids:ContractAgreement", "@id": "https://w3id.org/idsa/autogen/contractAgreement/fc9620bd-964a-4f26-9915-deb044b62081", "ids:consumer": { "@id": "http://w3id.org/engrd/connector/consumer" }, "ids:contractStart": { "@value": "2024-07-16T16:24:00.585Z", "@type": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" }, "ids:contractDate": { "@value": "2024-07-16T16:24:00.585Z", "@type": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" }, "ids:provider": { "@id": "http://w3id.org/engrd/connector/provider" }, "ids:permission": [ { "@type": "ids:Permission", "@id": "https://w3id.org/idsa/autogen/permission/2bb622f7-f142-4309-b8a5-fe71c68fe2cd", "ids:action": [ { "@id": "https://w3id.org/idsa/code/USE" } ], "ids:constraint": [ { "@type": "ids:Constraint", "@id": "https://w3id.org/idsa/autogen/constraint/43e06bfe-37a6-48b1-883f-f6c6adeb8f17", "ids:leftOperand": { "@id": "https://w3id.org/idsa/code/POLICY_EVALUATION_TIME" }, "ids:operator": { "@id": "https://w3id.org/idsa/code/AFTER" }, "ids:rightOperand": { "@value": "2024-07-16T16:24:00.585Z", "@type": "http://www.w3.org/2001/XMLSchema#dateTimeStamp" } } ], "ids:title": [ { "@value": "Example Usage Policy POSTMAN", "@type": "http://www.w3.org/2001/XMLSchema#string" } ], "ids:description": [ { "@value": "provide-access", "@type": "http://www.w3.org/2001/XMLSchema#string" } ], "ids:target": { "@id": "http://w3id.org/engrd/connector/artifact/postman" } } ] }

What could be the reason? Do you have any sample usage control polices that I can try out ?

Thanks.

idoiamurua commented 1 month ago

The problem is that the ids:Permission included in the ids:ContractAgreement is not correctly built. The code is expecting 2 ids:constraint objects when it is a POLICY_EVALUATION_TIME. Here you have an example:

{
  "@context" : {
    "ids" : "https://w3id.org/idsa/core/",
    "idsc" : "https://w3id.org/idsa/code/"
  },
  "@type" : "ids:ContractAgreement",
  "@id" : "https://w3id.org/idsa/autogen/contractAgreement/52272512-dcbd-4b15-8f1f-f409327a4a9a",
  "ids:permission" : [ {
    "@type" : "ids:Permission",
    "@id" : "https://w3id.org/idsa/autogen/permission/59b0a20a-11bd-4276-8341-af40c8960e98",
    "ids:target" : {
      "@id" : "https://w3id.org/idsa/autogen/artifact/8e3a5056-1e46-42e1-a1c3-37aa08b2aedd"
    },
    "ids:title" : [ {
      "@value" : "Example Usage Policy",
      "@type" : "http://www.w3.org/2001/XMLSchema#string"
    } ],
    "ids:description" : [ {
      "@value" : "provide-access",
      "@type" : "http://www.w3.org/2001/XMLSchema#string"
    } ],
    "ids:action" : [ {
      "@id" : "idsc:USE"
    } ],
    "ids:constraint" : [ {
      "@type" : "ids:Constraint",
      "@id" : "https://w3id.org/idsa/autogen/constraint/0b7c4ca7-1f9e-4e30-8fa1-7551700c1980",
      "ids:rightOperand" : {
        "@value" : "2020-07-11T00:00:00Z",
        "@type" : "xsd:dateTimeStamp"
      },
      "ids:operator" : {
        "@id" : "idsc:AFTER"
      },
      "ids:leftOperand" : {
        "@id" : "idsc:POLICY_EVALUATION_TIME"
      }
    }, {
      "@type" : "ids:Constraint",
      "@id" : "https://w3id.org/idsa/autogen/constraint/9f2e0197-2ad9-442b-806b-5bb4951a2943",
      "ids:rightOperand" : {
        "@value" : "2021-07-11T00:00:00Z",
        "@type" : "xsd:dateTimeStamp"
      },
      "ids:operator" : {
        "@id" : "idsc:BEFORE"
      },
      "ids:leftOperand" : {
        "@id" : "idsc:POLICY_EVALUATION_TIME"
      }
    } ] 
  } ],
  "ids:provider" : {
    "@id" : "https://w3id.org/idsa/autogen/baseConnector/7b934432-a85e-41c5-9f65-669219dde4ea"
  },
  "ids:consumer" : {
    "@id" : "https://w3id.org/idsa/autogen/baseConnector/7b934432-a85e-41c5-9f65-669219dde4ea"
  },
  "ids:contractDate" : {
    "@value" : "2021-02-18T10:15:21.137Z",
    "@type" : "http://www.w3.org/2001/XMLSchema#dateTimeStamp"
  },
  "ids:contractStart" : {
    "@value" : "2021-02-18T10:15:21.137Z",
    "@type" : "http://www.w3.org/2001/XMLSchema#dateTimeStamp"
  },
  "ids:contractEnd" : {
    "@value" : "2022-02-18T10:15:21.137Z",
    "@type" : "http://www.w3.org/2001/XMLSchema#dateTimeStamp"
  }
}
tharindupr commented 1 month ago

Thanks a lot for this. It works.

tharindupr commented 1 month ago

And can you please provide me with some more examples? Examples: ROLE_RESTRICTIONS, NUMBER_OF_USAGES and etc.

idoiamurua commented 1 month ago

Yes, sure.

DURATION:

{
  "@context" : {
    "ids" : "https://w3id.org/idsa/core/",
    "idsc" : "https://w3id.org/idsa/code/"
  },
  "@type" : "ids:ContractAgreement",
  "@id" : "https://w3id.org/idsa/autogen/contractAgreement/52272512-dcbd-4b15-8f1f-f409327a4a9a",
  "ids:permission" : [ {
    "@type" : "ids:Permission",
    "@id" : "https://w3id.org/idsa/autogen/permission/59b0a20a-11bd-4276-8341-af40c8960e98",
    "ids:target" : {
      "@id" : "https://w3id.org/idsa/autogen/artifact/8e3a5056-1e46-42e1-a1c3-37aa08b2aedd"
    },
    "ids:title" : [ {
      "@value" : "Example Usage Policy",
      "@type" : "http://www.w3.org/2001/XMLSchema#string"
    } ],
    "ids:description" : [ {
      "@value" : "provide-access",
      "@type" : "http://www.w3.org/2001/XMLSchema#string"
    } ],
    "ids:action" : [ {
      "@id" : "idsc:USE"
    } ],
    "ids:constraint" : [ {
      "@type" : "ids:Constraint",
      "@id" : "https://w3id.org/idsa/autogen/constraint/a5aa4243-432f-4360-aff4-c95da99eb266",
      "ids:rightOperand" : {
        "@value" : "PT4H",
        "@type" : "xsd:duration"
      },
      "ids:operator" : {
        "@id" : "idsc:SHORTER_EQ"
      },
      "ids:leftOperand" : {
        "@id" : "idsc:ELAPSED_TIME"
      }
    } ]
  } ],
  "ids:provider" : {
    "@id" : "https://w3id.org/idsa/autogen/baseConnector/7b934432-a85e-41c5-9f65-669219dde4ea"
  },
  "ids:consumer" : {
    "@id" : "https://w3id.org/idsa/autogen/baseConnector/7b934432-a85e-41c5-9f65-669219dde4ea"
  },
  "ids:contractDate" : {
    "@value" : "2021-02-18T10:15:21.137Z",
    "@type" : "http://www.w3.org/2001/XMLSchema#dateTimeStamp"
  },
  "ids:contractStart" : {
    "@value" : "2021-02-18T10:15:21.137Z",
    "@type" : "http://www.w3.org/2001/XMLSchema#dateTimeStamp"
  },
  "ids:contractEnd" : {
    "@value" : "2022-02-18T10:15:21.137Z",
    "@type" : "http://www.w3.org/2001/XMLSchema#dateTimeStamp"
  }
}

N TIMES:

{
  "@context" : {
    "ids" : "https://w3id.org/idsa/core/",
    "idsc" : "https://w3id.org/idsa/code/"
  },
  "@type" : "ids:ContractAgreement",
  "@id" : "https://w3id.org/idsa/autogen/contractAgreement/52272512-dcbd-4b15-8f1f-f409327a4a9a",
  "ids:permission" : [ {
    "@type" : "ids:Permission",
    "@id" : "https://w3id.org/idsa/autogen/permission/59b0a20a-11bd-4276-8341-af40c8960e98",
    "ids:target" : {
      "@id" : "https://w3id.org/idsa/autogen/artifact/8e3a5056-1e46-42e1-a1c3-37aa08b2aedd"
    },
    "ids:title" : [ {
      "@value" : "Example Usage Policy",
      "@type" : "http://www.w3.org/2001/XMLSchema#string"
    } ],
    "ids:description" : [ {
      "@value" : "provide-access",
      "@type" : "http://www.w3.org/2001/XMLSchema#string"
    } ],
    "ids:action" : [ {
      "@id" : "idsc:USE"
    } ],
    "ids:constraint" : [ {
      "@type" : "ids:Constraint",
      "@id" : "https://w3id.org/idsa/autogen/constraint/2030a8f2-f03d-4af9-bce5-b9222e129dce",
      "ids:rightOperand" : {
        "@value" : "5",
        "@type" : "xsd:double"
      },
      "ids:operator" : {
        "@id" : "idsc:LTEQ"
      },
      "ids:leftOperand" : {
        "@id" : "idsc:COUNT"
      },
      "ids:pipEndpoint" : {
        "@id" : "http://localhost:8080/platoontec/PlatoonDataUsage/1.0/admin/api/access/"
      }
    } ]
  } ],
  "ids:provider" : {
    "@id" : "https://w3id.org/idsa/autogen/baseConnector/7b934432-a85e-41c5-9f65-669219dde4ea"
  },
  "ids:consumer" : {
    "@id" : "https://w3id.org/idsa/autogen/baseConnector/7b934432-a85e-41c5-9f65-669219dde4ea"
  },
  "ids:contractDate" : {
    "@value" : "2021-02-18T10:15:21.137Z",
    "@type" : "http://www.w3.org/2001/XMLSchema#dateTimeStamp"
  },
  "ids:contractStart" : {
    "@value" : "2021-02-18T10:15:21.137Z",
    "@type" : "http://www.w3.org/2001/XMLSchema#dateTimeStamp"
  },
  "ids:contractEnd" : {
    "@value" : "2022-02-18T10:15:21.137Z",
    "@type" : "http://www.w3.org/2001/XMLSchema#dateTimeStamp"
  }
}

PURPOSE:

{
  "@context" : {
    "ids" : "https://w3id.org/idsa/core/",
    "idsc" : "https://w3id.org/idsa/code/"
  },
  "@type" : "ids:ContractAgreement",
  "@id" : "https://w3id.org/idsa/autogen/contractAgreement/52272512-dcbd-4b15-8f1f-f409327a4a9a",
  "ids:permission" : [ {
    "@type" : "ids:Permission",
    "@id" : "https://w3id.org/idsa/autogen/permission/59b0a20a-11bd-4276-8341-af40c8960e98",
    "ids:target" : {
      "@id" : "https://w3id.org/idsa/autogen/artifact/8e3a5056-1e46-42e1-a1c3-37aa08b2aedd"
    },
    "ids:title" : [ {
      "@value" : "Example Usage Policy",
      "@type" : "http://www.w3.org/2001/XMLSchema#string"
    } ],
    "ids:description" : [ {
      "@value" : "provide-access",
      "@type" : "http://www.w3.org/2001/XMLSchema#string"
    } ],
    "ids:action" : [ {
      "@id" : "idsc:USE"
    } ],
    "ids:constraint" : [ {
      "@type" : "ids:Constraint",
      "@id" : "https://w3id.org/idsa/autogen/constraint/constraint7",             
      "ids:rightOperandReference":{
        "@id": "http://example.com/ids-purpose:Marketing"
      },
      "ids:operator" : {
        "@id" :  "idsc:SAME_AS"
      },
      "ids:leftOperand" : {
        "@id" : "idsc:PURPOSE"
      },
      "ids:pipEndpoint" : {
        "@id": "http://localhost:8085/DataUsage/Pip/1.0/admin/api/purpose/"
      }
    } ]
  } ],
  "ids:provider" : {
    "@id" : "https://w3id.org/idsa/autogen/baseConnector/7b934432-a85e-41c5-9f65-669219dde4ea"
  },
  "ids:consumer" : {
    "@id" : "https://w3id.org/idsa/autogen/baseConnector/7b934432-a85e-41c5-9f65-669219dde4ea"
  },
  "ids:contractDate" : {
    "@value" : "2021-02-18T10:15:21.137Z",
    "@type" : "http://www.w3.org/2001/XMLSchema#dateTimeStamp"
  },
  "ids:contractStart" : {
    "@value" : "2021-02-18T10:15:21.137Z",
    "@type" : "http://www.w3.org/2001/XMLSchema#dateTimeStamp"
  },
  "ids:contractEnd" : {
    "@value" : "2022-02-18T10:15:21.137Z",
    "@type" : "http://www.w3.org/2001/XMLSchema#dateTimeStamp"
  }
}

ROLE:

{
  "@context" : {
    "ids" : "https://w3id.org/idsa/core/",
    "idsc" : "https://w3id.org/idsa/code/"
  },
  "@type" : "ids:ContractAgreement",
  "@id" : "https://w3id.org/idsa/autogen/contractAgreement/52272512-dcbd-4b15-8f1f-f409327a4a9a",
  "ids:permission" : [ {
    "@type" : "ids:Permission",
    "@id" : "https://w3id.org/idsa/autogen/permission/59b0a20a-11bd-4276-8341-af40c8960e98",
    "ids:target" : {
      "@id" : "https://w3id.org/idsa/autogen/artifact/8e3a5056-1e46-42e1-a1c3-37aa08b2aedd"
    },
    "ids:title" : [ {
      "@value" : "Example Usage Policy",
      "@type" : "http://www.w3.org/2001/XMLSchema#string"
    } ],
    "ids:description" : [ {
      "@value" : "provide-access",
      "@type" : "http://www.w3.org/2001/XMLSchema#string"
    } ],
    "ids:action" : [ {
      "@id" : "idsc:USE"
    } ],
     "ids:constraint" : [ {
      "@type" : "ids:Constraint",
      "@id" : "https://w3id.org/idsa/autogen/constraint/constraint6",             
      "ids:rightOperandReference":{
         "@id": "http://example.com/ids-role:riskManager"
       },
       "ids:operator" : {
         "@id" : "idsc:HAS_MEMBERSHIP"
       },
       "ids:leftOperand" : {
         "@id" : "idsc:USER"
       },
       "ids:pipEndpoint" : {
         "@id": "http://localhost:8085/DataUsage/Pip/1.0/admin/api/role/"
       }
    } ]
  } ],
  "ids:provider" : {
    "@id" : "https://w3id.org/idsa/autogen/baseConnector/7b934432-a85e-41c5-9f65-669219dde4ea"
  },
  "ids:consumer" : {
    "@id" : "https://w3id.org/idsa/autogen/baseConnector/7b934432-a85e-41c5-9f65-669219dde4ea"
  },
  "ids:contractDate" : {
    "@value" : "2021-02-18T10:15:21.137Z",
    "@type" : "http://www.w3.org/2001/XMLSchema#dateTimeStamp"
  },
  "ids:contractStart" : {
    "@value" : "2021-02-18T10:15:21.137Z",
    "@type" : "http://www.w3.org/2001/XMLSchema#dateTimeStamp"
  },
  "ids:contractEnd" : {
    "@value" : "2022-02-18T10:15:21.137Z",
    "@type" : "http://www.w3.org/2001/XMLSchema#dateTimeStamp"
  }
}

INTERVAL and N-TIMES

{
  "@context" : {
    "ids" : "https://w3id.org/idsa/core/",
    "idsc" : "https://w3id.org/idsa/code/"
  },
  "@type" : "ids:ContractAgreement",
  "@id" : "https://w3id.org/idsa/autogen/contractAgreement/52272512-dcbd-4b15-8f1f-f409327a4a9a",
  "ids:permission" : [ {
    "@type" : "ids:Permission",
    "@id" : "https://w3id.org/idsa/autogen/permission/59b0a20a-11bd-4276-8341-af40c8960e98",
    "ids:target" : {
      "@id" : "https://w3id.org/idsa/autogen/artifact/8e3a5056-1e46-42e1-a1c3-37aa08b2aedd"
    },
    "ids:title" : [ {
      "@value" : "Example Usage Policy",
      "@type" : "http://www.w3.org/2001/XMLSchema#string"
    } ],
    "ids:description" : [ {
      "@value" : "provide-access",
      "@type" : "http://www.w3.org/2001/XMLSchema#string"
    } ],
    "ids:action" : [ {
      "@id" : "idsc:USE"
    } ],
    "ids:constraint" : [ {
      "@type" : "ids:Constraint",
      "@id" : "https://w3id.org/idsa/autogen/constraint/0b7c4ca7-1f9e-4e30-8fa1-7551700c1980",
      "ids:rightOperand" : {
        "@value" : "2020-07-11T00:00:00Z",
        "@type" : "xsd:dateTimeStamp"
      },
      "ids:operator" : {
        "@id" : "idsc:AFTER"
      },
      "ids:leftOperand" : {
        "@id" : "idsc:POLICY_EVALUATION_TIME"
      }
    }, {
      "@type" : "ids:Constraint",
      "@id" : "https://w3id.org/idsa/autogen/constraint/9f2e0197-2ad9-442b-806b-5bb4951a2943",
      "ids:rightOperand" : {
        "@value" : "2021-07-11T00:00:00Z",
        "@type" : "xsd:dateTimeStamp"
      },
      "ids:operator" : {
        "@id" : "idsc:BEFORE"
      },
      "ids:leftOperand" : {
        "@id" : "idsc:POLICY_EVALUATION_TIME"
      }
    } ] 
  },
  {
    "@type" : "ids:Permission",
    "@id" : "https://w3id.org/idsa/autogen/permission/59b0a20a-11bd-4276-8341-af40c8960e99",
    "ids:target" : {
      "@id" : "https://w3id.org/idsa/autogen/artifact/8e3a5056-1e46-42e1-a1c3-37aa08b2aedd"
    },
    "ids:title" : [ {
      "@value" : "Example Usage Policy",
      "@type" : "http://www.w3.org/2001/XMLSchema#string"
    } ],
    "ids:description" : [ {
      "@value" : "provide-access",
      "@type" : "http://www.w3.org/2001/XMLSchema#string"
    } ],
    "ids:action" : [ {
      "@id" : "idsc:USE"
    } ],
    "ids:constraint" : [ {
      "@type" : "ids:Constraint",
      "@id" : "https://w3id.org/idsa/autogen/constraint/2030a8f2-f03d-4af9-bce5-b9222e129dcf",
      "ids:rightOperand" : {
        "@value" : "5",
        "@type" : "xsd:double"
      },
      "ids:operator" : {
        "@id" : "idsc:LTEQ"
      },
      "ids:leftOperand" : {
        "@id" : "idsc:COUNT"
      },
      "ids:pipEndpoint" : {
        "@id" : "http://localhost:8080/platoontec/PlatoonDataUsage/1.0/admin/api/access/"
      }
    } ]
  }],
  "ids:provider" : {
    "@id" : "https://w3id.org/idsa/autogen/baseConnector/7b934432-a85e-41c5-9f65-669219dde4ea"
  },
  "ids:consumer" : {
    "@id" : "https://w3id.org/idsa/autogen/baseConnector/7b934432-a85e-41c5-9f65-669219dde4ea"
  },
  "ids:contractDate" : {
    "@value" : "2021-02-18T10:15:21.137Z",
    "@type" : "http://www.w3.org/2001/XMLSchema#dateTimeStamp"
  },
  "ids:contractStart" : {
    "@value" : "2021-02-18T10:15:21.137Z",
    "@type" : "http://www.w3.org/2001/XMLSchema#dateTimeStamp"
  },
  "ids:contractEnd" : {
    "@value" : "2022-02-18T10:15:21.137Z",
    "@type" : "http://www.w3.org/2001/XMLSchema#dateTimeStamp"
  }
}
tharindupr commented 1 month ago

Great. Thanks a lot. Sure this will benefit the community using Platoon Usage Control.

tharindupr commented 1 month ago

I have a couple of more questions if it doesn't bother you.

  1. Where is the "ids:pipEndpoint" pointed to?
  2. And how does the usage control service at the provider end will get the information required to enforce the policy? (For example, the "user role" of the user at the consumer end who is requesting the resource if it has a Role-based policy. )

Sorry If I'm asking stupid questions. Just trying to understand the usage control workflow.

Thanks

idoiamurua commented 1 month ago

The "ids:pipEndpoint" is a REST service that should be implemented somewhere in the dataspace. This endpoint will be different depending on the constraint. E.g.: the pipEndpoint for the PURPOSE constraint will return the purpose for which the consumer is consuming data. Moreover, this purpose should be the same that the one indicated in the constraint, "Marketing" in the previous example, so that the constraint is fulfilled correctly,.

tharindupr commented 1 month ago

Thank you for the response. I got it. Is there a format for the REST service responses? I would appreciate it if you could provide me with the payload template that the usage control will consume. Or point me to documentation if you have any.

idoiamurua commented 1 month ago

You can check the code at https://github.com/PLATOONProject/PLATOON_DATA_USAGE/blob/master/src/main/java/io/dataspaceconnector/services/usagecontrol/PolicyInformationService.java#L70 , where it invokes the HTTP pipEndpoint to get the Role and Purpose information by using this other function: https://github.com/PLATOONProject/PLATOON_DATA_USAGE/blob/master/src/main/java/com/tecnalia/datausage/utils/HttpUtils.java#L49 . It expects to arrive the Role and Purpose as plain text (MIME type: "text/plain").

tharindupr commented 1 month ago

Thanks. Really appriciate it.

tharindupr commented 1 week ago

Hi, I successfully implemented a Policy Information Point (PIP) service. However, I have a question regarding its practicability. How will the PIP capture information regarding the consumer? For example suppose the role of the consumer is "User". Given that pipEndpoint is defined by the provider during the resource registration I assume that PIP is a service at providers end. During a data transfer how the particular consumer's user role is captured in PIP as its at the provider end? I hope you can understand the question.