Open a-stacey opened 5 years ago
I think that when we create endpoint 2 described above that the endpoint should validate that the signature is valid which it can do because it can connect out to the OrgRegistry and get the public key for the corresponding GLN and then verify that the sig checks out.
For an MVP implementation we have decided that we will implment the manifest service as a separate service that sits along side the SCS and is access controlled via the EDAPI.
This will require a service with the following two end points for the MVP implementation: 1) Find manifests by
EventID
returning a [Tree] where the Tree is the manifest data. 2) Append to manifest usingSignature
as the primary key.