2.04 specifies that Authorized Agents SHOULD implement the status callback but does not talk rfc-2219-ly about what the PIP SHOULD or SHALL do in these scenarios.
In thinking about this, I wan to add something simple like
If a Data Rights Request specifies a status_callback field, the Privacy Infrastructure Provider SHALL use that mechanism to notify Authorized Agents of status updates.
along with explicit testing for this in consumer-reports-digital-lab/data-rights-protocol-cert would seem to be sufficient for this. but in the case that a PIP does not or chooses to not implement this POST mechanism, we should provide some fallback rate-limiting guidance for AAs to not overwhelm PIP infrastructure....
2.04 specifies that Authorized Agents SHOULD implement the status callback but does not talk rfc-2219-ly about what the PIP SHOULD or SHALL do in these scenarios.
In thinking about this, I wan to add something simple like
along with explicit testing for this in consumer-reports-digital-lab/data-rights-protocol-cert would seem to be sufficient for this. but in the case that a PIP does not or chooses to not implement this POST mechanism, we should provide some fallback rate-limiting guidance for AAs to not overwhelm PIP infrastructure....