search

zigbee-alliance / distributed-compliance-ledger

DCL is a public permissioned ledger framework for certification of device models. The ledger is based on Cosmos SDK and CometBFT (Tendermint).
Apache License 2.0
89 stars 44 forks source link

Missing `familyId` for `compliance-info` endpoint #580

Open JohnnyTheTank opened 4 months ago

JohnnyTheTank commented 4 months ago

Description

The compliance-info endpoint is currently missing the familyId field in its response. This field is important for identifying the product family and is available on the CSA-IoT website.

Current Behavior

When querying the compliance-info endpoint, the familyId field is empty in the response.

Example request:

https://on.dcl.csa-iot.org/dcl/compliance/compliance-info/4874/80/6650/matter

Current response:

{
  "complianceInfo": {
    "vid": 4874,
    "pid": 80,
    "softwareVersion": 6650,
    "certificationType": "matter",
    "softwareVersionString": "3.2.1",
    "cDVersionNumber": 1,
    "softwareVersionCertificationStatus": 2,
    "date": "2023-06-15T00:00:00.000Z",
    "reason": "",
    "owner": "cosmos1mwzp8lqmsw2fxq8w9y583xe8h5l6kxq52tl649",
    "history": [],
    "cDCertificateId": "CSA23644MAT41157-24",
    "certificationRoute": "",
    "programType": "",
    "programTypeVersion": "",
    "compliantPlatformUsed": "",
    "compliantPlatformVersion": "",
    "transport": "",
    "familyId": "",
    "supportedClusters": "",
    "OSVersion": "",
    "parentChild": "",
    "certificationIdOfSoftwareComponent": ""
  }
}

Expected Response

The familyId should be included in the response. For instance, the familyId for cDCertificateId “CSA23644MAT41157-24” is FAM226004

Reference

The familyId is available on the CSA-IoT product database: https://csa-iot.org/csa-iot_products/?p_keywords=&p_type%5B%5D=14&p_certificate=CSA23644MAT41157-24&p_family=

Suggested Fix

Ensure that the familyId field is populated in the response of the compliance-info endpoint based on the corresponding cDCertificateId.

ashcherbakov commented 4 months ago

@JohnnyTheTank DCL includes the fields in the response exactly as-is they are set during creation/update. It seems in this case the familyID hasn't been filled in by the corresponding CertificationCenter (FYI @jcps07). I don't see any issues on the DCL side here. It seems what needs to be done is to update the corresponding Compliance Info entity by the Certification Center and include that field.

JohnnyTheTank commented 4 months ago

@ashcherbakov Thank you for your fast reply. Could you please guide me on the next steps I should take to resolve this?

jcps07 commented 4 months ago

@JohnnyTheTank That is true. The Matter Spec doesn’t define a Family ID parameter. For Family Certification, it was proposed to use the Family ID from the Certification team for the CD and DCL instead of the Certificate ID, this means that each entry from the family would have its own Certificate ID, but the Certification Declaration and Model-Versions in the DCL would share the same Certificate ID that would reference the Family ID, instead of the individual Certificate IDs, allowing multiple members of the Family to reuse the same Certification Declaration (CD) file across the family products by adding the family members in the 'product_id_array' field. This was proposed by Signify in collaboration with the Certification team (see https://groups.csa-iot.org/wg/matter-tsg/document/28500). If you have any questions about the Family certification and issuance, please reach out to the Certification team (certification@csa-iot.org)

Timac commented 4 months ago

@jcps07 I think there is some confusion about this ticket. The current APIs from DCL are working well for us, but we noticed that the familyId field in the DCL responses is left empty instead of containing the public Family ID value.

For example, the product in the following link was certified with the CertificateId CSA23644MAT41157-24 and Family ID FAM226004, but the familyId field is empty: https://on.dcl.csa-iot.org/dcl/compliance/compliance-info/4874/80/6650/matter

We would like the public Family ID value to be available in the familyId field.

ashcherbakov commented 4 months ago

@jcps07 Can CSA (Certification Center) update https://on.dcl.csa-iot.org/dcl/compliance/compliance-info/4874/80/6650/matter to include familyID for the given compliance info entry?

jcps07 commented 4 months ago

@Timac. I understand the ticket. As mentioned before, for Family ID, the current approach by the Certification team is to use the Certificate ID field in the DCL for the Family ID for it to match the Certificate ID in the Certification Declaration, because it'd have the Family ID as Certificate ID. I don't see a problem with duplicating the value in the FamilyID field from the DCL when the Family Certification is being used (as @ashcherbakov suggests), but I'd recommend a clear procedure defined in the Matter spec.

JohnnyTheTank commented 4 months ago

As an API consumer, I'm not familiar with the internal processes and politics. However, I would like to highlight the core issue again: the correct value for familyId is known and available, yet it is missing in the response. In theorie, this should be an easy fix, right?

JohnnyTheTank commented 3 months ago

It’s been three weeks since my last comment, and I haven’t received any updates. Could someone please provide an update on the current state of progress for this issue? Your assistance is greatly appreciated.

Thank you!

jcps07 commented 3 months ago

@JohnnyTheTank The Family ID is not defined in the Matter Specification hence it still can't be used in the DCL by the Alliance. This needs to be addressed in the Matter TSG for inclusion in the Specification. At the moment, the Family ID is set in the Certificate ID field, when Family Certification approach is used.