OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

coel message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] (COEL-164) "Unique" Pseudonymous Keys

    [ https://issues.oasis-open.org/browse/COEL-164?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=67126#comment-67126 ] 

Paul Bruton commented on COEL-164:

Yes, we are relying on the low-clash rates for UUIDs. Although extremely unlikely that we will encounter a clash, it is possible and we ought to mention it.

There are two cases as I see it:

1: The IDA generates a UUID, but the Data Engine already has a record with that UUID (which could be for any entity: consumer, device, operator, service provider). This clash could be detected at the point that the UUID is to be used in the Data Engine to create the new entity.

2: The IDA generates a UUID that has already been used in another Data Engine. This will only be detected if the data stores for these Data Engines are merged at some point in the future.

Case 1 can be addressed in the 'create' operation by the DE returning a 410 (Gone) to the caller: This is the same code that is returned if the incoming PseudonymousKey is invalid and will force the caller to request a new one from the IDA. 

Case 2 is harder: We must assume that the UUID has been used already, say, as a ConsumerID for two different people. Clearly one or both needs a new ID and the allocation of these new ConsumerIDs should be managed, but outside the spec?

> "Unique" Pseudonymous Keys 
> ---------------------------
>                 Key: COEL-164
>                 URL: https://issues.oasis-open.org/browse/COEL-164
>             Project: OASIS Classification of Everyday Living (COEL) TC
>          Issue Type: Improvement
>         Environment: Whole document
>            Reporter: Joss Langford
> Can we guarantee uniqueness of keys issued by the IDA unless it holds records (which it does not)? The Data Engine can guarantee uniqueness as it does hold the records and you should not be able to register the same key twice (although I haven’t tested this and I don’t think we have specified it). I think we are relying on the standard low clash rates for GUIDs - but is this clear?

This message was sent by Atlassian JIRA

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]