What is role of whitelist and blacklist in OCHP-direct endpoint data ?

[simplerun]

What is the role of the whitelist and the blacklist when exchanging endpoints ?

Provider send ProviderEndpoint data and operator on the other side download this data. ProviderEndpoint type contains whitelist and blacklist of patterns that match all Contract_IDs.

If (qoute) "The operator authorises and trusts the provider to authorise their customers at the operator's charge points generally" why send whitelist and blacklist? What additional use would operator have ?

[mtdern]

1. The trust structure from the clearing house can be checked to enable mutual trust. Example: if a party tries to upload an endpoint containing a whitelist with an ID their credentials are not allowed to access (i.e. user for ID YYAAA tries to upload YYBBB% whitelist), this should be revoked by the clearing house.
2. The EMP or CPO can use this to exempt certain users/contracts or EVSEs from using OCHPdirect. Example: a CPO has 5 stations, but only wants 4 of those to be accessible through OCHPdirect (for whatever reason) they can either put those 4 on the whitelist or have a wildcard-whitelist plus one entry in the blacklist.