feat: upgrade version endpoint #138
Conversation
arnoweiss
requested review from
jimmarino,
juliapampus,
mkollenstart and
ssteinbuss
artifacts/src/main/resources/common/protocol-version-schema.json
Outdated
Show resolved
Hide resolved
|
arnoweiss
force-pushed
the
feat/auth-metadata
branch
from
16168ef to
36733e5
Compare
| { | ||
| "version": "1.0", | ||
| "path": "/some/path/v1" | ||
| "version": "2025-1", |
There was a problem hiding this comment.
I appreciate the approach to provide more metadata. Actually, I miss one important mechanism that might be added here. So far, it is not possible to group multiple entries here to express that these entries are representing the same DSP service in different versions. That would be necessary to do proper version handling in case of multiple services managed by the same host.
There was a problem hiding this comment.
Are you thinking of something like a serviceId property?
There was a problem hiding this comment.
Yes, that sounds right, so multiple entries could have the same serviceId, indicating that they reference the same service, resp. will provide basically the same DataSets only with different versions.
jimmarino
merged commit 1694012
into
eclipse-dataspace-protocol-base:main
4 participants
What this PR changes/adds
This PR changes the setup of the common versioning endpoint.
Even in a distant future when there may be different bindings for DSP messages, it is reasonable to expect that the well-known HTTPS endpoint will be queried for which endpoints are relevant. A consumer has to start somewhere and it cannot be assumed that the DSP-binding a Provider uses is necessarily known.
authandbindingpropertiesThe
authproperty holds a string telling the Consumer how to authenticate to the Provider's DSP endpoints. This is necessary, especially if the catalog-endpoints are protected already. Thebindingproperty describes the DSP-protocol binding so the Consumer knows not just WHERE to ask but also HOW. This is relevant for forward-compatibility.Why it does that
Currently, the endpoint is neither useful (Consumer is likely unaware of authentication method) nor future-proof (introducing a new binding would render it useless).
Further notes
I'd like at least two concurring reviews as this is a consequential change. Despite that, it's backward compatible because (1) there is no binding apart from HTTPS and (2) all newly introduced properties are optional.
Closes #112
Please be sure to take a look at the contributing guidelines and our etiquette for pull requests.