Open SteveLasker opened 3 months ago
So, for the integration with vCon example, subject="my-product-id" could simply be the vcon uuid? So, an audit trail of a particular vCon could be supplied by this API endpoint?
Yup, exactly. Any issuer that wants to make a statement about the vCon would use the identifie, enabling filtering on statements for the vCon, from different issuers, and even different content-types
Lets look at COAP / CORE / OSCORE / ACE for examples of good CBOR APIs, and copy them.
APIs which enables users to find a collection of signed statements based on protected, or unprotected header properties
A client may send any known or custom header property, or combination
TODO:
Collection of Signed Statement Header Properties REQUEST:
RESPONSE: a paged collection of references to Signed Statements, and the possible payload locations