We use proprietary and third party's cookies to improve your experience and our services, identifying your Internet Browsing preferences on our website; develop analytic activities and display advertising based on your preferences. If you keep browsing, you accept its use. You can get more information on our Cookie Policy
Cookies Policy
FIWARE.OpenSpecification.Security.Privacy.Open RESTful API Specification - FIWARE Forge Wiki

FIWARE.OpenSpecification.Security.Privacy.Open RESTful API Specification

From FIWARE Forge Wiki

Jump to: navigation, search

Contents

Privacy Open RESTful API Specification

WARNING: This page contains only a PRELIMINARY version of the Open RESTful API specification.

Services

Verification

Path: /protected/reset (POST)

Description: This method reloads the configuration of the webservice(s) and will completely wipe all storage of the webservice(s). Use with extreme caution!

Response status:

  • 200 - OK
  • 500 - ERROR

Path: /verifyTokenAgainstPolicy (POST)

Description: This method verifies a given presentation token against a given PresentationPolicyAlternatives.
This method will return a PresentationTokenDescription.
Response status:

  • 200 - OK (application/xml)
  • 500 - ERROR


Input type: PresentationPolicyAlternativesAndPresentationToken
Return type: PresentationTokenDescription


Path: /protected/presentationPolicyAlternatives/addCredentialSpecificationAlternative/{resource}/{policyUid} (POST)

Description: This method adds a credential specification alternative to a presentation policy inside PresentationPolicyAlternatives.
Path parameters:

  • resource - Resource URI
  • policyUID - UID of the presentation policy.


POST parameters:

  • al - Alias
  • cs - UID of the credential specification


Response status:

  • 200 - OK
  • 500 - ERROR
  • 404 - Either the alias, the resource or the presentation policy could not be found.

Path: /protected/presentationPolicyAlternatives/deleteCredentialSpecificationAlternative/{resource}/{policyUid} (POST)

Description: Deletes a credential specification alternative from a presentation policy inside a PresentationPolicyAlternatives.

Path parameters:

  • resource - Resource URI
  • policyUid - UID of the presentation policy


POST parameters:

  • al - Alias
  • cs - UID of the credential specification


Response status:

  • 200 - OK
  • 500 - ERROR
  • 404 - Either the alias, the resource or the presentation policy could not be found.

Path: /protected/presentationPolicyAlternatives/addIssuerAlternative/{resource}/{policyUid} (POST)

Description: Adds an issuer alternative to a presentation policy inside a PresentationPolicyAlternatives.

Path parameters:

  • resource - Resource URI
  • policyUid - UID of the presentation policy


POST parameters:

  • al - Alias
  • ip - UID of the issuer parameters


Response status:

  • 200 - OK
  • 500 - ERROR
  • 404 - Either the alias, the resource or the presentation policy could not be found.

Path: /protected/presentationPolicyAlternatives/deleteIssuerAlternative/{resource}/{policyUid} (POST)

Description: Deletes an issuer alternative from a presentation policy inside a PresentationPolicyAlternatives.

Path parameters:

  • resource - Resource URI
  • policyUid - UID of the presentation policy


POST parameters:

  • al - Alias
  • ip - UID of the issuer parameters


Response status:

  • 200 - OK
  • 500 - ERROR
  • 404 - Either the alias, the resource or the presentation policy could not be found.

Path: /protected/presentationPolicyAlternatives/addPolicyAlternative/{resource} (POST)

Description: Adds a presentation policy alternative to a PresentationPolicyAlternatives.

Path parameters:

  • resource - Resource URI


POST parameters:

  • puid - UID of the presentation policy


Response status:

  • 200 - OK
  • 500 - ERROR
  • 404 - Either the alias, the resource or the presentation policy could not be found.

Path: /protected/resource/create/{resource} (PUT)

Description: Creates a resource under the URI given as part of the path. This will create an empty PresentationPolicyAlternatives stored under the resource URI as the key.

Path parameters:

  • resource - Resource URI


PUT parameters:

  • redirectURI - Redirect URI (in almost all cases this will most likely be an URL of a website)


Response status:

  • 200 - OK
  • 500 - ERROR

Path: /protected/presentationPolicyAlternatives/addAlias/{resource}/{policyUid} (POST)

Description: Adds an alias to a presentation policy in a PresentationPolicyAlternatives.

Path parameters:

  • resource - Resource URI
  • policyUid - UID of the presentation policy


POST parameters:

  • al - Alias (must be a valid URI)


Response status:

  • 200 - OK
  • 500 - ERROR
  • 404 - Either the resource, the alias or the presentation policy could not be found.

Path: /protected/presentationPolicyAlternatives/deleteAlias/{resource}/{policyUid} (POST)

Description: Deletes an alias from a presentation policy inside a PresentationPolicyAlternatives.

Path parameters:

  • resource - Resource URI
  • policyUid - UID of the presentation policy


POST parameters:

  • al - Alias


Response status:

  • 200 - OK
  • 500 - ERROR
  • 404 - Either the resource, the alias or the presentation policy could not be found.

Path: /protected/presentationPolicyAlternatives/addPredicate/{resource}/{policyUid} (POST)

Description: Add a predicate to a presentation policy in a PresentationPolicyAlternatives.
The predicate p is a function (e.g. integer-less) with two argument. An attribute at as lvalue and a constant value (e.g. 123) as rvalue. This method does not allow comparing attributes with other attributes as of now.
Path parameters:

  • resource - Resource URI
  • policyUid - UID of the presentation policy


POST parameters:

  • cv - Constant Value
  • at - Attribute
  • p - Predicate
  • al - Alias


Response status:

  • 200 - OK
  • 500 - ERROR
  • 404 - Either the resource, the attribute, the alias or the presentation policy could not be found.

Path: /protected/systemParameters/store (PUT)

Description: Stores system parameters at this service.

Response status:

  • 200 - OK (application xml)
  • 500 - ERROR


Input type: SystemParameters


Path: /protected/issuerParameters/delete/{issuerParametersUid} (DELETE)

Description: Deletes issuer parameters.

Path parameters:

  • issuerParametersUid - UID of the issuer parameters to delet.


Response status:

  • 200 - OK
  • 500 - ERROR

Path: /protected/issuerParameters/store/{issuerParametersUid} (PUT)

Description: Stores issuer parameters at this service. The UID given as part of the path must match the UID of the passed issuer parameters.

Path parameters:

  • issuerParametersUid - UID of the issuer parameters to store


Response status:

  • 200 - OK
  • 409 - The issuerParemetersUid does not match the actual issuer parameters' UID.
  • 500 - ERROR


Input type: IssuerParameters


Path: /createPresentationPolicy/ (POST)

Description: Given a presentation policy template creates a presentation policy (while also embedding nonce bytes).

Response status:

  • 200 - OK (application/xml)
  • 500 - ERROR


Input type: PresentationPolicyAlternatives
Return type: PresentationPolicyAlternatives


Path: /protected/credentialSpecification/store/{credentialSpecificationUid} (PUT)

Description: Stores a credential specification at this service. The UID given as part of the path must match the UID of the passed credential specification.

Path parameters:

  • credentialSpecificationUid - UID of the credential specification to store.


Response status:

  • 200 - OK
  • 409 - UID given on the path does not match the actual UID.
  • 500 - ERROR


Input type: CredentialSpecification


Path: /protected/credentialSpecification/get/{credentialSpecificationUid} (GET)

Description: Retreive a credential specification stored at this service.

Path parameters:

  • credentialSpecificationUid - UID of the credential specification to retrieve.


Response status:

  • 200 - OK (application/xml)
  • 500 - ERROR
  • 404 - The credential specification could not be found.


Return type: CredentialSpecification


Path: /protected/credentialSpecification/delete/{credentialSpecificationUid} (DELETE)

Description: Deletes a credential specification.

Path parameters:

  • credentialSpecificationUid - UID of the credential specification to delete.


Response status:

  • 200 - OK
  • 500 - ERROR

Path: /protected/resource/delete/{resource} (DELETE)

Description: Deletes a resource. This means, it deletes the associated redirect URI and PresentationPolicyAlternatives.

Path parameters:

  • resource - Resource URI


Response status:

  • 200 - OK
  • 500 - ERROR

Path: /protected/presentationPolicyAlternatives/store/{resource} (PUT)

Description: Stores PresentationPolicyAlternatives using the resource URI as part of the path as the key (i.e. associates the PresentationPolicyAlternatives with the resource URI)

Path parameters:

  • resource - Resource URI


Response status:

  • 200 - OK
  • 500 - ERROR


Input type: PresentationPolicyAlternatives


Path: /protected/presentationPolicyAlternatives/get/{resource} (GET)

Description: Retrieves PresentationPolicyAlternatives.

Path parameters:

  • resource - Resource URI the PresentationPolicyAlternatives are associated with.


Response status:

  • 200 - OK
  • 500 - ERROR
  • 404 - PresentationPolicyAlternatives could not be found./


Return type: PresentationPolicyAlternatives


Path: /protected/presentationPolicyAlternatives/list (GET)

Description: Lists all presentation policies stored at this service.

Response status:

  • 200 - OK
  • 500 - ERROR


Return type: PresentationPolicyAlternativesCollection


Path: /protected/redirectURI/store/{resource} (PUT)

Description: Stores a redirect URI (URL) and associates it with a resource.

PathParam:

  • resource - Name/URI of the resource.


Response status:

  • 200 - OK
  • 500 - ERROR


Input type: String


Path: /protected/redirectURI/get/{resource} (GET)

Description: Retrieves a redirect URI.

Path parameters:

  • resource - Resource URI


Response status:

  • 200 - OK
  • 500 - ERROR


Return type: String


Path: /requestResource/{resource}

Description: First step for a user to request a resource. This method will look-up the corresponding presentation policy alternatives and return them for the user to create presentation tokens for.

Path parameters:

  • resource - Name/URI of the resource to request access to/for.


Response status:

  • 200 - OK
  • 500 - ERROR

Path: /requestResource2/{resource} (POST)

Description: The second step for a user to request access to a resource. This method will verify the presentation token for the user and if successful return the redirect URI and an access token.

Path parameters:

  • resource - Name/URI of the resource.


Input type: PresentationToken
Return type: String


Path: /verifyAccessToken (GET)

Description: Verifies that an access token is valid. This means, that a user successfully verified his credentials at this service for a resource. This method will return the name/URI of the resource the user requested. Once verified the access token is deleted.

GET parameters:

  • accesstoken - The access token to verify.


Response status:

  • 403 - Token not valid.
  • 200 - OK
  • 500 - ERROR


Return type: String


Path: /protected/loadSettings/ (POST)

Description: Download and load settings from an issuer or any settings provider. This method will cause the user service to make a GET request to the specified url and download the contents which must be valid Settings. DO NOT use this method with untrusted URLs or issuers (or any other settings providers) with DIFFERENT system parameters as this method will overwrite existing system parameters. (see {@link #getSettings()})

Query parameters:

  • url - a valid URL (String)


Response Status:

  • 200 - OK
  • 500 - ERROR

Path: /getSettings/ (GET)

Description: Returns the settings of the service as obtained from an issuance service. Settings includes issuer parameters, credential specifications and the system parameters. This method may thus be used to retrieve all credential specifications stored at the user service and their corresponding issuer parameters. The return type of this method is Settings.

The user service is capable of downloading settings from an issuer (or from anything that provides settings). To download settings use /loadSetting?url=... ({@link #loadSettings(String)}).

Response Status:

  • 200 - OK (application/xml)
  • 500 - ERROR


Return type: Settings


User

Path: /reset (POST)

Description: This method reloads the configuration of the webservice(s) and will completely wipe all storage of the webservice(s). Use with extreme caution!

Response status:

  • 200 - OK
  • 500 - ERROR

Path: /createPresentationToken/ (POST)

Description: This method, on input a presentation policy alternatives, returns an argument to be passed to the UI for choosing how to satisfy the policy, or returns an error if the policy cannot be satisfied (if the canBeSatisfied method would have returned false). For returning such an argument, this method will investigate whether the User has the necessary credentials and/or established pseudonyms to create one or more (e.g., by satisfying different alternatives in the policy, or by using different sets of credentials to satisfy one alternative) presentation tokens that satisfiy the policy.

The return value of this method should be passed to the User Interface (or to some other component that is capable of rendering a UiPresentationReturn object from a UiPresentationArguments object). The return value of the UI must then be passed to the method createPresentationToken(UiPresentationReturn) for creating a presentation token.

Response status:

  • 200 - OK (application/xml)
  • 500 - ERROR


Input type: PresentationPolicyAlternatives
Return type: UiPresentationArguments


Path: /createPresentationTokenUi/ (POST)

Description: Performs the next step to complete creation of presentation tokens. This method should be called when the user interface is done with its selection.

Response status:

  • 200 - OK (application/xml)
  • 500 - ERROR


Input type: UiPresentationReturn
Return type: PresentationToken


Path: /loadSettings/ (POST)

Description: Download and load settings from an issuer or any settings provider. This method will cause the user service to make a GET request to the specified url and download the contents which must be valid Settings. DO NOT use this method with untrusted URLs or issuers (or any other settings providers) with DIFFERENT system parameters as this method will overwrite existing system parameters. See also {@link #getSettings()}.

Query parameters:

  • url - a valid URL (String)


Response Status:

  • 200 - OK
  • 500 - ERROR

Path: /getSettings/ (GET)

Description: Returns the settings of the service as obtained from an issuance service. Settings includes issuer parameters, credential specifications and the system parameters. This method may thus be used to retrieve all credential specifications stored at the user service and their corresponding issuer parameters. The return type of this method is Settings.

The user service is capable of downloading settings from an issuer (or from anything that provides settings). To download settings use /loadSetting?url=... ({@link #loadSettings(String)}).

Response Status:

  • 200 - OK (application/xml)
  • 500 - ERROR


Return type: Settings


Path: /credential/list (GET)

Description: Returns all obtained credentials as a CredentialCollection.

Response Status:

  • 200 - OK (application/xml)
  • 500 - ERROR


Return type: CredentialCollection


Path: /credential/get/{credUid} (GET)

Description: Retrieve a credential.

Path parameters:

  • credUid - UID of the credential


Response status:

  • 200 - OK
  • 500 - ERROR
  • 404 - The credential could not be found.


Return type: Credential


Path: /issuanceProtocolStep/ (POST)

Description: This method performs one step in an interactive issuance protocol. On input an incoming issuance message im obtained from the Issuer, it either returns the outgoing issuance message that is to be sent back to the Issuer, an object that must be sent to the User Interface (UI) to allow the user to decide how to satisfy a policy (or confirm the only choice), or returns a description of the newly issued credential at successful completion of the protocol. In the first case, the Context attribute of the outgoing message has the same value as that of the incoming message, allowing the Issuer to link the different messages of this issuance protocol.

If this is the first time this method is called for a given context, the method expects the issuance message to contain an issuance policy, and returns an object that is to be sent to the UI (allowing the user to chose his preferred way of generating the presentation token, or to confirm the only possible choice).

This method throws an exception if the policy cannot be satisfied with the user's current credentials.

If this method returns an IssuanceMessage, that message should be forwarded to the Issuer. If this method returns a CredentialDescription, then the issuance protocol was successful. If this method returns a UiIssuanceArguments, that object must be forwarded to the UI (or to some other component that is capable of rendering a UiIssuanceReturn object from a UiIssuanceArguments object); the method issuanceProtocolStep(UiIssuanceReturn) should then be invoked with the object returned by the UI.

Response status:

  • 200 - OK (application/xml)
  • 500 - ERROR


Input type: IssuanceMessage
Return type: IssuanceReturn


Path: /issuanceProtocolStepUi/ (POST)

Description: This method performs the next step in the issuance protocol after the UI is done with its selection.

Response status:

  • 200 - OK (application/xml)
  • 500 - ERROR


Input type: UiIssuanceReturn
Return type: IssuanceMessage


Path: /credential/delete/{credentialUid} (DELETE)

Description: This method deletes the credential with the given identifier from the credential store. If deleting is not possible (e.g. if the referred credential does not exist) the method returns false, and true otherwise.

Path parameters:

  • credentialUid - UID of the Credential


Response status:

  • 200 - OK (application/xml)
  • 500 - ERROR


Return type: ABCEBoolean


Path: /credentialSpecification/store/{credentialSpecificationUid} (PUT)

Description: Stores a credential specification under the given UID.

Path parameters:

  • credentialSpecificationUid - UID of the credential specification


Response status:

  • 200 - OK (application/xml)
  • 500 - ERROR
  • 409 - credentialSpecificationUid does not match the actual UID or is invalid.

Path: /systemParameters/store (PUT)

Description: Store (and overwrite existing) system parameters at the service. This method returns true if the system parameters were successfully stored.
Response status:

  • 200 - OK (application/xml)
  • 500 - ERROR


Input type: SystemParameters
Return type: ABCEBoolean


Path: /issuerParameters/store/{issuerParametersUid} (PUT)

Description: Store (and overwrite existing) issuer parameters at the service (using the given identifier). This method returns true if the system parameters were successfully stored.
Response status:

  • 200 - OK (application/xml)
  • 500 - ERROR
  • 409 - issuerParametersUid does not match or is invalid.


Input type: IssuerParameters
Return type: ABCEBoolean


Path: /issuerParameters/delete/{issuerParametersUid} (DELETE)

Description: Deletes issuer parameters.

Path parameters:

  • issuerParamateresUid - UID of the issuer parameters to delete.


Response status:

  • 200 - OK
  • 500 - ERROR

Path: /extractIssuanceMessage/ (POST)

Description: This method extracts the IssuanceMessage from an IssuanceMessageAndBoolean and returns the IssuanceMessage.

Response status:

  • 200 - OK (application/xml)
  • 500 - ERROR


Input type: IssuanceMessageAndBoolean
Return type: IssuanceMessage


Issuance

Path: /protected/reset (POST)

Description: This method reloads the configuration of the webservice(s) and will completely wipe all storage of the webservice(s). Use with extreme caution!

Response status:

  • 200 - OK
  • 500 - ERROR

Path: /protected/status (GET)

Description: This method is available when the service is running.

Response status:

  • 200 - OK

Path: /testAuthentication (GET)
Description: This method can be used to test authentication by sending an authentication request.

Response status:

  • 200 - OK (Authentication successful)
  • 401 - Authentication was not successful.
  • 500 - ERROR


Input type: AuthenticationRequest


Path: /getSettings/ (GET)

Description: Returns the settings of this issuance service. Settings includes issuer parameters, credential specifications and the system parameters. This method is usually called by a user service or a verification service to download the settings.

Response status:

  • 200 - OK (application/xml)
  • 500 - ERROR


Return type: Settings


Path: /issuanceRequest/ (POST)

Description: This method is called by a user to initiate an issuance protocol. The user must provide an issuance request containing his authentication information and the UID of the corresponding credential specification. The issuer will then try to authenticate the user by using an authentication source (e.g. LDAP) and fetch the attributes required by the credential specification from an attribute source (e.g. LDAP) and initiates the round based issuance protocol.

If authentication of the user fails this method will return the status code FORBIDDEN. If the issuer is missing the credential specification, the issuance policy or the query rule this method will return status code NOT_FOUND.


This method will search for an issuance policy and a query rule using the UID of the credential specification as the key. If the issuance policy could not be found a default issuance policy will be used which asks the user to reveal nothing in particular.

Response status:

  • 200 - OK (application/xml)
  • 401 - Authentication failed
  • 404 - A resource needed to process the request was not found
  • 500 - ERROR


Input type: IssuanceRequest
Return type: IssuanceMessageAndBoolean


Path: /issuanceProtocolStep (POST)

Description: This method performs one step in an interactive issuance protocol. On input an incoming issuance message m received from the User, it returns the outgoing issuance message that is to be sent back to the User, a boolean indicating whether this is the last message in the protocol, and the UID of the stored issuance log entry that contains an issuance token together with the attribute values provided by the issuer to keep track of the issued credentials. The Context attribute of the outgoing message has the same value as that of the incoming message, allowing the Issuer to link the different messages of this issuance protocol.

Response status:

  • 200 - OK (application/xml)
  • 500 - ERROR


Input type: IssuanceMessage
Return type:: IssuanceMessageAndBoolean


Path: /protected/credentialSpecification/delete/{credentialSpecificationUid} (DELETE)

Description: Deletes a credential specification that was stored under the UID provided as part of the path.

Path parameters:

  • credentialSpecificationUid - UID of the credential specification to delete


Response status:

  • 200 - OK
  • 404 - Credential specification was not found.
  • 500 - ERROR

Path: /protected/credentialSpecification/deleteAttribute/{credentialSpecificationUid} (DELETE)

Description: Deletes an attribute from a credential specification.

Path parameters:

  • credentialSpecificationUid - UID of the credential specification to delete the attribute from.

Delete parameters:

  • i - Index of the attribute (in the credential specification) to delete.


Response status:

  • 200 - OK
  • 500 - ERROR
  • 404 - Credential specification was not found.

Path: /protected/credentialSpecification/deleteFriendlyDescriptionAttribute/{credentialSpecificationUid} (DELETE)

Description: Deletes a friendly description from an attribute of credential specification.

Path parameters:

  • credentialSpecificationUid - UID of the credential specification.


Delete parameters:

  • i - Index of the attribute the friendly description belongs to.
  • language - Language identifier of the friendly description to delete.


Response status:

  • 200 - OK
  • 404 - Credential specification could not be found.
  • 500 - ERROR

Path: /protected/credentialSpecification/addFriendlyDescriptionAttribute/{credentialSpecificationUid} (PUT)

Description: Adds a friendly description to an attribute of a credential specification.

Path parameters:

  • credentialSpecificationUid - UID of the credential specification.


Put parameters:

  • i - Index of the attribute to add the friendly description to.
  • language - Language identifier.
  • value - Value of the friendly description.


Response status:

  • 200 - OK
  • 404 - Credential specification could not be found.
  • 500 - ERROR

Path: /protected/credentialSpecification/store/{credentialSpecificationUid} (PUT)

Description: Store a credential specification at this service. The UID given as part of the path must match the UID of the passed credential specification.

Path parameters:

  • credentialSpecificationUid - UID of the credential specification.


Response status:

  • 200 - OK
  • 409 - The credentialSpecificationUid given on the path does not match the actual credential specification's UID
  • 500 - ERROR


Input type: CredentialSpecification


Path: /protected/credentialSpecification/get/{credentialSpecificationUid} (GET)

Description: Retrieve a credential specification.

Path parameters:

  • credentialSpecificationUid - UID of the credential specification


Response status:

  • 200 - OK (application/xml)
  • 404 - Credential specification was not found.


Return type: CredentialSpecification


Path: /protected/issuerParameters/generate/{credentialSpecificationUid} (POST)

Description: Generates issuer parameters for a specified credential specification. The generated issuer parameters will automatically be stored at this issuance service.

Path parameters:

  • credentialSpecificationUid - UID of the credential specification to generate the issuer parameters for.


Response status:

  • 200 - OK
  • 500 - ERROR

Path: /protected/issuerParameters/delete/{issuerParametersUid} (DELETE)

Description: Deletes issuer parameters.

Path parameters:

  • issuerParametersUid - UID of the issuer parameters to delete.


Response status:

  • 200 - OK
  • 500 - ERROR

Path: /protected/queryRule/store/{credentialSpecificationUid} (PUT)

Description: Stores a query rule and associates it with the specified credential specification. A query rule is stored at the issuance service with the given credential specification UID which the issuance service will use to look up the corresponding query rule.

Response status:

  • 200 - OK
  • 500 - ERROR


Input type: QueryRule


Path: /protected/queryRule/delete/{credentialSpecificationUid} (DELETE)

Description: Deletes a query rule.

Path parameters:

  • credentialSpecificationUid - UID of the credential specification the query rule is associated with.


Response status:

  • 200 - OK
  • 500 - ERROR

Path: /protected/queryRule/get/{credentialSpecificationUid} (GET)

Description: Retrieves a previously stored query rule.

Path parameters:

  • credentialSpecificationUid - UID of the credential specification the query rule is associated with.

Response status:

  • 200 - OK (application/xml)
  • 404 - Query rule could not be found.
  • 500 - ERROR


Return type: QueryRule


Path: /protected/queryRule/list (GET)

Description: Lists all query rules stored at this issuance service.

Response status:

  • 200 - OK (application/xml)
  • 500 - ERROR


Return type: QueryRuleCollection


Path: /protected/issuancePolicy/store/{credentialSpecificationUid} (PUT)

Description: Stores an issuance policy and associates it with a credential specification.

Path parameters:

  • credentialSpecificationUid - UID of the credential specification to associate the issuance policy with.


Response status:

  • 200 - OK
  • 500 - ERROR


Input type: IssuancePolicy


Path: /protected/issuancePolicy/get/{credentialSpecificationUid} (GET)

Description: Retrieve an issuance policy that was previously stored.

Path parameters:

  • credentialSpecificationUid - UID of the credential specification the issuance policy is associated with.


Response status:

  • 200 - OK (application/xml)
  • 404 - Issuance policy could not be found.
  • 500 - ERROR

Return type: IssuancePolicy


Path: /protected/attributeInfoCollection/{name} (GET)

Description: This method can be used to obtain information about attributes from the attribute source (i.e. LDAP, JDBC or something else). This method will return an AttributeInfoCollection that can be passed to {@link #generateCredentialSpecification(AttributeInfoCollection)}.

Path parameters:

  • name - Name identifies the entity from which to extract/gather attribute information. For LDAP name is an object class and for JDBC name is the name of a table in a database. Please be aware that name is ALWAYS provider specific.


Response status:

  • 200 - OK (application/xml)
  • 500 - ERROR


Return type: AtributeInfoCollection


Path: /protected/credentialSpecification/generate (POST)

Description: Generate a credential specification based on the supplied AttributeInfoCollection.

Response status:

  • 200 - OK (application/xml)
  • 500 - ERROR


Input type: AttributeInfoCollection
Return type: CredentialSpecification


Path: /protected/setupSystemParameters/ (POST)
Description:

This method generates a fresh set of system parameters for the given security level, expressed as the bitlength of a symmetric key with comparable security, and cryptographic mechanism. Issuers can generate their own system parameters, but can also reuse system parameters generated by a different entity. More typically, a central party (e.g., a standardization body) will generate and publish system parameters for a number of different key lengths that will be used by many Issuers. Security levels 80 and 128 MUST be supported; other values MAY also be supported.

Currently, the supported mechanism URIs are urn:abc4trust:1.0:algorithm:idemix for Identity Mixer

This method will overwrite any existing system parameters.

Response status:

  • 200 - OK
  • 500 - ERROR


Return type: SystemParameters


Path: /protected/setupIssuerParameters/ (POST)

Description:

This method generates a fresh issuance key and the corresponding Issuer parameters. The issuance key is stored in the Issuer's key store, the Issuer parameters are returned as output of the method. The input to this method specify the credential specification credspec of the credentials that will be issued with these parameters, the system parameters syspars, the unique identifier uid of the generated parameters, the hash algorithm identifier hash, and, optionally, the parameters identifier for any Issuer-driven Revocation Authority.

Currently, the only supported hash algorithm is SHA-256 with identifier urn:abc4trust:1.0:hashalgorithm:sha-256.


Response status:

  • 200 - OK (application/xml)
  • 500 - ERROR
  • 404 - Credential specification could not be found.


Input type: IssuerParametersInput
Return type: IssuerParameters


Personal tools
Create a book