search

blindnet-io / product-management

Repository dedicated for reporting bugs, ideas for improvements, and new features
6 stars 0 forks source link

Make Data Subject Identification Consistent with PRIV #1002

Open milstan opened 2 years ago

milstan commented 2 years ago

Current situation

naming consistency

PRIV defines a data-subject identity through 2 data elements:

In several parts of the DevKit we use wording that is not consistent with this, and I think we'd gain by hamronizing and having the same wording everywhere. PCE uses id and schema. Same is with the Demo application and the demo server.

e-mail schema interpretation cosnsistecy

In addition to the miscmatch of naming, there is a worse proble. PRIV defines few DSID schemas, none of which is called dsid.

The demo and the demo server use this value 

schema: 'dsid'

And as the value of the corresponding id parameter, they accept the raw e-mail of the user.

The only data subject id schema that comes close, that we have in PRIV, is email-sha-256 which accepts as dsid values the hashed e-mail, and as dsid-schema : email-sha-256.

Whant we want

We want PRIV and Devkit to be in sync => we must change one or the other (or both).

Regarding naming I am fine with changes either way, as long as we have a motive.

Regarding the absence of the schema using raw e-mail, I viable case might be made for adding one in PRIV(at least for the purposes of testing)

TheKinrar commented 2 years ago

The demo backend actually only knows about email addresses. This makes sense though, as it represents a third-party app that does not use PRIV for storing its data.

I believe that right now we basically only use the email addresses as an ID and don't have a concept of schema implemented. @m4rk055 can probably confirm this for the PCE side. At least that's how authentication currently works.

m4rk055 commented 2 years ago

Yes, schemas are only stored together with the user's id and carry no semantic.