[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Review of COEL-42 changes: An Issue
· Operators receiving a failed validation code from the Data Engine MUST discard the Pseudonymous Key and request a new one from the IDA.
· If
the second attempt also fails, the Operator SHOULD try once more after
a short delay (1-2 seconds) before aborting the attempt to register.
The problem we have is that the IDA
uses the response body to indicate sucessful or failed validation, always
returning a 200 code and a body of {"Result": "true"}
or {"Result": "false"}. However we have removed
the response body Data Engine API (operator/consumer and operator/device)
so the Data Engine has no means to tell the Operator that their response
was valid, but the PseudonymousKey that was passed in cannot be used.
I think our best way to fix this is
NOT to use the response body to indicate an unsucessful validation, but
instead use an explicit HTTP Status code of '410: GONE':
Thus, the IDA Validation method would
return one of the following [changes from SPEC highlighted in *bold*]
*200: The operation was successful. The Pseudonymous Key is valid. *
400: The operation failed due to the request body being malformed.
401/403: The operation failed due to authentication or authorization failure. The caller should confirm its credentials and retry.
*410: The operation was successful (i.e. well formed response body) but the response key is no longer valid.*
500: Internal error, the caller should retry
The Data Engine operator/consumer method
will use the same pattern and return:
*200: The operation was successful. The Pseudonymous Key is valid and the Consumer has been registered *
400: The operation failed due to the request body being malformed. *(Could also be because some segment parameter is invalid: Reason field in the response will help)*
*410: The operation was successful (i.e. well formed response body) but the response key is no longer valid and the Consumer has NOT been registered *
500: Internal error, the caller should retry
We would implement the same pattern
for registering devices and operators.
I will upload some changed documents
today (a few minor spelling changes) but we should discuss this on Tuesday
next to agree a way forward. Obviously this impacts on implementations
but the newer approach is cleaner in my opinion. The 410 code is quite
appropriate because if we view the PseudonymousKey as a resource that the
IDA has created, then a request for its validation would return 404 if
we failed to find it (but please try again) whereas a 410 says it is permanently
gone (out of date, deleted etc).
Thanks
Paul
Tessella
Chadwick House, Birchwood Park, Warrington, WA3 6AE
E: Paul.Bruton@tessella.com,
T: +44 (0)7557 916535
www.tessella.com
Registered in England No. 1466429
Please consider the environment and do not print this e-mail unless you really need to.
This message is commercial in confidence and may be privileged. It is intended for the addressee only. Access to this message by anyone else is unauthorised and strictly prohibited. If you have received this message in error, please inform the sender immediately. Please note that messages sent or received by the Tessella e-mail system may be monitored and stored in an information retrieval system.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]