Open anant6767 opened 1 week ago
Thank you Anant for creating this issue. Could you please upload here the last version of LA created under the old provider and the first one created under the new provider (of course with anonymised private data). In particular I would like to see which identifiers are reused which allow to recognize this LA as the old one.
Thank you Anant for creating this issue. Could you please upload here the last version of LA created under the old provider and the first one created under the new provider (of course with anonymised private data). In particular I would like to see which identifiers are reused which allow to recognize this LA as the old one.
Updated the question with example, steps and questions
Question: Can Provider 2 assume that the LA is valid since they do not have the original approval or history?
Yes. This LA has all three signatures from proper persons. Provider does not matter (from the business point of view).
Question 2: Can this LA be further edited i.e. post first version? Since the sending institution has not changed their provider, they should not have any problems in updating their LA.
Yes, it can.
but Provider2 will not have any history of the action taken on learning agreement.
That's true, but will this be a problem? Can you show an example when this will matter.
How to the receiver knows that the LA received is genuine ?
Because it comes from the server covering the sending hEI.
What Anant meant is the genuineness of the receiver signature added on the LA by the sending HEI.
I understand that you mean this part of LA:
<la:first-version>
(..)
<la:receiving-hei-signature>
<la:signer-name>Test </la:signer-name>
<la:signer-position>tmkoc</la:signer-position>
<la:signer-email>sudeshna@qs.com</la:signer-email>
<la:timestamp>2024-05-09T11:54:36+00:00</la:timestamp>
<la:signer-app>Provider1</la:signer-app>
</la:receiving-hei-signature>
</la:first-version>
'signer-app' where the name of the Provider is given has no business value. If HEI get LA from the proper node, with the proper signer name, position, email, it can assume that this is the valid LA, the same as the one obtained from the other provider. In particular 'signer-app' is optional. In fact it would be interesting to know if any node processes this field in any way.
We have a case where the partner changed providers and then sent us the LA from First version onwards i.e. no changes proposal was present. Is this acceptable? Can they continue to make changes post the first version?
Steps
Question: Can Provider 2 assume that the LA is valid since they do not have the original approval or history? Question 2: Can this LA be further edited i.e. post first version? Since the sending institution has not changed their provider, they should not have any problems in updating their LA.