data-security icon indicating copy to clipboard operation
data-security copied to clipboard

Published 20 hours ago verified publisher icon ga4gh

DO NOT MERGE: Craig's draft for v1.2 - still has work that should be brought across into 1.2

Open cdvoisin opened this issue 3 years ago • 5 comments

Introduce Self-Contained Passports

cdvoisin avatar Jul 19 '21 17:07 cdvoisin

In ver 1.2, do we want to introduce a mechanism (potentially based on RFC8707) to request a downscoped passport from a broker so no root passport becomes exposed to a client?

mikael-linden avatar Aug 06 '21 12:08 mikael-linden

These are great questions, thanks for reviewing and your suggestions. Let's take a lot of the feedback into the AAI/Passport discussions on Thursdays and see what will work given a set of community requirements like those coming from NIH.

On Fri, Aug 6, 2021 at 8:07 AM mikael-linden @.***> wrote:

In ver 1.2, do we want to introduce a mechanism (potentially based on RFC8707 https://datatracker.ietf.org/doc/html/rfc8707) to request a downscoped passport from a broker so no root passport becomes exposed to a client?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/ga4gh/data-security/pull/47#issuecomment-894214967, or unsubscribe https://github.com/notifications/unsubscribe-auth/AKEDCSG5R4ZJIV7D5YEBYC3T3PGAZANCNFSM5AUETVVQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&utm_campaign=notification-email .

cdvoisin avatar Aug 09 '21 14:08 cdvoisin

How is the in the Passport Endpoint Response different from the regular ga4gh_passport_v1 claim received from /userinfo?

mikael-linden avatar Aug 10 '21 11:08 mikael-linden

Are there going to be updates to the embedded access token (i.e. visa) polling section? I believe the RAS implementation has departed a bit from the spec in this respect by implementing a separate endpoint for visa (or even passport) validation and am wondering if that will be the approach in 1.2 as well.

dvoet avatar Sep 10 '21 19:09 dvoet

Yes this 1.2 PR is likely not valid from what’s being discussed now (4K passports)

On Fri, Sep 10, 2021 at 3:54 PM dvoet @.***> wrote:

Are there going to be updates to the embedded access token (i.e. visa) polling section? I believe the RAS implementation has departed a bit from the spec in this respect by implementing a separate endpoint for visa (or even passport) validation and am wondering if that will be the approach in 1.2 as well.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/ga4gh/data-security/pull/47#issuecomment-917171362, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAPYAMNVNGZSS6UPXU3MROLUBJO7XANCNFSM5AUETVVQ .

davidbernick avatar Sep 10 '21 20:09 davidbernick