Contract No.: 285248 Strategic Objective


Secure Storage Service Optional GE Open API Specification



Download 1.78 Mb.
Page42/54
Date28.01.2017
Size1.78 Mb.
#8871
1   ...   38   39   40   41   42   43   44   45   ...   54

22Secure Storage Service Optional GE Open API Specification

22.1Copyright


Copyright © 2012-2014 by Thales

22.2Legal notice


Please check the following Legal Notice to understand the rights to use these specifications.

22.3Introduction to the Secure Service Storage Optional GE API


Please check the FI-WARE Open Specifications Legal Notice to understand the rights to use FI-WARE Open Specifications.

22.3.1Overview


The Secure Storage Service provides a storage for labelled (i.e. XML-DSig protected) data. It comes with an application-level filter which authorizes read access in function of the identity of the authenticated requester (for example, a service provider) and in function of the sensitivity of the data.

file:overview_sss.jpg

Basic Concepts


XML-DSig (for XML Digital Signature) defines an XML syntax for digital signatures and is defined in the WC3 recommendation XML Signature Syntax and Processing. Functionally, it has much in common with PKCS#7 but is more extensible and geared towards signing XML documents. XML signatures can be used to sign data –a resource– of any type, typically XML documents, but anything that is accessible via a URL can be signed. An XML signature used to sign a resource outside its containing XML document is called a detached signature; if it is used to sign some part of its containing document, it is called an enveloped signature; if it contains the signed data within itself it is called an enveloping signature.

The data is labelled before being stored, i.e. it is previously protected by its owner. Moreover, the owner himself has initialised the sensitivity level of the different fields of his data (for example : mail address > private, main interest > public, job > public, etc...). Once the data are stored by SSS, the public fields (i.e. the fields that have been tagged 'public') can be read by anyone. The private one can be read by trusted service providers (SP) only. A trusted service is a service which is authenticated by a certificate which has been delivered by a dedicated Certification Authority.


22.3.2Intended Audience


This specification is intended for Service Consumers (with development skills) and Users. For the Service Consumers, this document provides a full specification of how to interoperate with the Secure Storage Service API. For the latter, this specification indicates the interface to be provided to the client application developers to provide the described functionalities. To use this information, the reader should firstly have a general understanding of the Optional Generic Enabler service Secure Storage . The API user should be familiar with:

  • RESTful web services

  • HTTP/1.1

  • XML data serialisation formats.

22.3.3API Change History


Current version is: Version 1.1.0, 27/05/2013

The most recent changes are described in the table below:



Revision Date

Changes Summary

May 27, 2013

  • Version 1.1 of the Secure Storage Service Optional GE API Guide.

22.3.4Additional Resources


More documentation related to the architecture is available at Secure Storage Service

22.4General SSS API Information

22.4.1SSS Optional GE API Core


  1. CreateUser(Credentials) is a RESTful method accessed via HTTPs that creates a user in the database. The method takes one parameter, the credentials.

  2. DeleteUser(Credentials, userID) is a RESTful method accessed via HTTPs that deletes a user on the SSS. The method takes two parameters; one for the credentials, and the second for the user ID.

  3. AddUserData(Credentials, userID, XML data) is a RESTful method accessed via HTTPs that stores files in a user storage. The method takes three parameters; one for the credentials the second for the user ID and the third for the file added in the user storage.

  4. UpdateUserData(Credentials, userID, UniqueID, File) is a RESTful method accessed via HTTPs that updates a user in the database. The method takes four parameters; one for the credentials, the second for the user ID, the third for the file UniqueId, the fourth for the new File.

  5. GetUserData(Credentials, userID, FilesList) is a RESTful method accessed via HTTPs that retrieves files in a user storage. The method takes three parameters; one for the credentials, the second for the user ID and the third for the files listed by their UniqueIDs in the FilesList.

  6. DeleteUserData(Credentials, userID, FilesList) is a RESTful method accessed via HTTPs that deletes files in a user storage. The method takes three parameters; one for the credentials, the second for the user ID and the third for the files listed by their UniqueIDs in the FilesList.

  7. AddUserServices(Credentials, userID, ServicesList) is a RESTful method accessed via HTTPs that adds new user’s registered services. The method takes three parameters; one for the credentials, the second for the user ID and the third for the list of new services associated to the UniqueIDs.

  8. GetUserServiceList(Credentials, userID) is a RESTful method accessed via HTTPs that retrieves the list of SPs which the user has subscribed to. The method takes two parameters; one for the credentials, and the second for the user ID.

  9. ActivateProfile(Credentials, userID, boolean) is a RESTful method accessed via HTTPs that (de)activates a profile. The method takes three parameters; one for the credentials, the second for the user ID and the third for the Boolean specifying whether the profile is (de)activated.


22.4.2Representation Format


The Secure Storage Service Optional GE API supports the transmission of XML files and Strings. Content-Type header and is required for operations that have a request body. The response format is always in plain text ("text/plain") or ("application/xml").

In order to manipulate the different XML elements of the SSS within the application, XML representations using JAXB (Java Annotation Xml Binding, see http://jaxb.java.net/ for more information) were used.


22.4.3Representation Transport


Resource representation is transmitted between client and server by using HTTPs 1.1 protocol. Both client and server may use as many HTTP headers as they consider necessary.

Download 1.78 Mb.

Share with your friends:
1   ...   38   39   40   41   42   43   44   45   ...   54




The database is protected by copyright ©ininet.org 2024
send message

    Main page