psavva
commented
3 years ago @daniel-eder Anyways we can get a response for this?
Closed psavva closed 3 years ago
psavva
commented
3 years ago @daniel-eder Anyways we can get a response for this?
daniel-eder
commented
3 years ago @SchulzeStTSI can you chime in?
SchulzeStTSI
commented
3 years ago @psavva the mentioned feature is a signing of the business rule list provided by the national backend, means NB<-->Wallet/Verifier App. The other trust components are from gateway to national backend(Gateway<--->NB). So far I see it's currently not enabled in the apps, so the configuration of it is optional for the moment.
I am having trouble understanding what the usage of application-jks-signing.yml and if/why I should configure it.
In the EU DCC solution, we have the TLS Trust List, and the DGC Gateway which acts as the Trust Anchor. Why do we have the addition of the Trust-List in the above mentioned file?
The specific feature: https://github.com/eu-digital-green-certificates/dgca-businessrule-service/pull/22 mentions issue https://github.com/eu-digital-green-certificates/dgca-businessrule-service/issues/10 which again describe a technical requirement, and not really a business requirement, and why it should be included... "The responses of the following routes should include a header with a ECDSA signature"
Should the signature included not be that of the Trust-List, which is all ready defined in application.yml
Please help me understand this better as for us to configure it correctly for Cyprus.
Please note that the dockerfile has also not been updated to reflect the change introduced: \https://github.com/eu-digital-green-certificates/dgca-businessrule-service/blob/main/docker-compose.yml