Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deactivating registrations #293

Open
elf-pavlik opened this issue Jan 9, 2023 · 2 comments
Open

Deactivating registrations #293

elf-pavlik opened this issue Jan 9, 2023 · 2 comments
Assignees
@elf-pavlik
Labels
agent-registration data-authorization

Comments

@elf-pavlik
Copy link
Member

This issue should be considered along #278

In most cases registrations shouldn't be deleted but marked as deactivated.

Access Authorization

We need a clear way to deactivate authorizations. Since they are immutable, it most likely should be an Access Authorization which states that access was rejected. (related to #278)

Agent Registration

While Application Registration always should have an Access Grant, it is not required for Social Agent Registration.
I think we should answer if we only need an Access Grant that reflect mentioned above Access Authorization which gives not access. Possibly we want to make the whole registration as inactive, this could be used in #138 where user needs to select agents they want to grant access to. The deactivated ones would not appear in the list.

Data Registration

This one probably needs some clear use cases. I'm not sure what deactivating data registration would mean. Also what would happen if access is requested for shape tree registered in deactivated data registration.
@elf-pavlik
Copy link
Member Author

I'm going to implement interop:deactivatedAt this week

@elf-pavlik
Copy link
Member Author

elf-pavlik commented Jan 17, 2023
edited
Loading

We had initial working session today, starting from Access Authorization and Access Grant generated from it.

Discussed grantedAt and deniedAt timestamps felt less ergonomic than other discussed alternative.

  • createdAt - when the authorization gets created (no matter granted or denied)
  • granted - boolean (safer than denied boolan which in case of missing value might default to denied: false)
  • hasDataAuthorization (or Grant) - only present when granted: true

Please let me know what do you think

@angelaraya tomorrow we should wrap it up and make PRs to all the appropriate implementation repositories

There is also a question if we need a case where access is not granted (denied) but agent registration is not deactivated. How does it differ from case where agent registration is activated (assuming that this would always go in pair with denied authorization & grant)

We also currently plan to treat initial deny / rejection #278 the same as cases which have some previous positive grant.
History should be always available but in the current state (snapshot) I don't think there is a need for treating initial deny as some special case.

@elf-pavlik elf-pavlik mentioned this issue Feb 12, 2023
Closed
@elf-pavlik elf-pavlik self-assigned this Feb 27, 2023
@elf-pavlik elf-pavlik mentioned this issue Apr 4, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@elf-pavlik elf-pavlik

Labels
agent-registration data-authorization
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@elf-pavlik