The operating model we are moving to, starting with upcoming protocol 0.6 is one where Authorized Agents identify themselves to PIP/CB with public key cryptography. In this model, there need not be a pre-exchange of shared secrets (see #58 for discussion around authentication for GET and rate-limiting) and so a centralized directory model would stream-line onboarding for new participants.
@kevinr and I have designed on some digital napkins a model for these directories which would be a move away from the domain-based discovery of GET /.well-known/data-rights.json:
AA directory
business registration information
business contact
technical contact
public key for signed requests
CB directory
business registration information
business contact
technical contact
either:
link to metadata discovery endpoint
metadata which used to be in data-rights.json:
API base endpoint
supported rights actions (?)
implemented protocol version
My first-pass idea is to just host these on github-pages in a repository with strong ACLs and review requirements, but we could have some other models for this as requirements develop. Creating this issue to link to for future conversations.
The operating model we are moving to, starting with upcoming protocol 0.6 is one where Authorized Agents identify themselves to PIP/CB with public key cryptography. In this model, there need not be a pre-exchange of shared secrets (see #58 for discussion around authentication for GET and rate-limiting) and so a centralized directory model would stream-line onboarding for new participants.
@kevinr and I have designed on some digital napkins a model for these directories which would be a move away from the domain-based discovery of
GET /.well-known/data-rights.json
:AA directory
CB directory
My first-pass idea is to just host these on github-pages in a repository with strong ACLs and review requirements, but we could have some other models for this as requirements develop. Creating this issue to link to for future conversations.