Internet-Draft | DataRight+: Sharing Arrangement V1 | September 2024 |
Low & Kolera | Expires 25 March 2025 | [Page] |
This specification outlines the technical requirements related to the delivery of Sharing Arrangement V1.¶
The keywords "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 25 March 2025.¶
Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.¶
The scope of this specification is focused on describing the authorisation related components of establishing a CDR Sharing Arrangement. This specification unavoidably references ecosystem specific concepts (Australian CDR) due to the very nature of localised claim names. Sharing Arrangement V1 therefore is aligned with the definition of a CDR Arrangement as originally outlined within [CDS].¶
This specification uses the terms "Consumer", "Provider", "Initiator", "Personally Identifiable Information (PII)", "Pairwise Pseudonymous Identifier (PPID)", "Initiator", "CDR Sharing Arrangement" and "CDR Sharing Arrangement Identifier" as defined by [DATARIGHTPLUS-ROSETTA].¶
The following provisions apply to services delivered by Providers.¶
The Provider CDR Arrangement (PCARE) Revocation endpoint accepts a CDR Sharing Arrangement Identifier and immediately revokes the CDR Sharing Arrangement.¶
The PCARE endpoint SHALL be advertised using the cdr_arrangement_revocation_endpoint
attribute at the OpenID Connect Discovery 1.0 [OIDC-Discovery] endpoint.¶
The PCARE endpoint receives requests using the HTTP POST [RFC7231] method with parameters sent as application/x-www-form-urlencoded
data as defined in [W3C.REC-html5-20141028].¶
In addition to authentication credentials described in Section 2.2 of [RFC7523] the endpoint includes the CDR Sharing Arrangement Identifier as an additional parameter, specified as follows:¶
cdr_arrangement_id
: REQUIRED The CDR Sharing Arrangement Identifier previously provided in the token and introspection endpoint responses.¶
An example request to the Provider CDR Arrangement Revocation Endpoint is as follows:¶
POST https://data.provider.com.au/arrangements/revoke HTTP/1.1 Host: data.Provider.com.au Content-Type: application/x-www-form-urlencoded client_id=s6BhdRkqt3& client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer& client_assertion=eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjEyNDU2In0.ey ...& cdr_arrangement_id=5a1bf696-ee03-408b-b315-97955415d1f0¶
On receipt of a valid request the Provider authorisation server:¶
cdr_arrangement_id
relates to a valid CDR Sharing Arrangement and;¶
cdr_arrangement_id
belongs to validated client¶
If all of the above conditions are met the authorisation server:¶
In the event of a successful revocation, the authorisation server:¶
In the event of a failure to validate the CDR Arrangement conditions the authorisation server:¶
Retry-After
indicating the earliest retry time¶
The failure response body is an object with a single attribute of errors
containing an array of one object with the following fields:¶
code
with the value of urn:au-cds:error:cds-all:Authorisation/InvalidArrangement
¶
title
with the value of The arrangement could not be found.
¶
detail
with a value containing the provided cdr_arrangement_id
¶
A non-normative example of the payload is provided below:¶
{ "errors": [ { "code": "urn:au-cds:error:cds-all:Authorisation/InvalidArrangement", "title": "The arrangement could not be found.", "detail": "b3f0c9d0-457d-4578-b0cd-52e443ae13c5" } ] }¶
The following provisions apply to participants operating individual Initiators.¶
The Initiator CDR Arrangement (ICARE) Revocation endpoint accepts a CDR Sharing Arrangement Identifier and immediately revokes the CDR Sharing Arrangement.¶
The protected resource calls the ICARE endpoint using an HTTP POST [RFC7231] request with parameters sent as application/x-www-form-urlencoded
data as defined in [W3C.REC-html5-20141028].¶
cdr_arrangement_jwt
REQUIRED. A single signed [JWT] containing the following parameters:¶
cdr_arrangement_id
representing the CDR Sharing Arrangement Identifier previously provided in the introspection endpoint responses;¶
iss
: Provider ID issued by the Ecosystem Authority¶
sub
: Provider ID issued by the Ecosystem Authority¶
aud
: URI to the ICARE endpoint¶
jti
: A unique identifier for the token¶
exp
: Expiration time on or after the JWT must not be accepted¶
In addition, the client includes an Authorization
header parameter with a Bearer token containing a single signed [JWT] with the following parameters:¶
iss
: Provider ID issued by the Ecosystem Authority¶
sub
: Provider ID issued by the Ecosystem Authority¶
aud
: URI to the ICARE endpoint¶
jti
: A unique identifier for the token¶
exp
: Expiration time on or after the JWT must not be accepted¶
For example, a Provider may request CDR Arrangement revocation with the following request:¶
POST https://data.Initiator.com.au/arrangements/revoke HTTP/1.1 Host: data.Initiator.com.au Content-Type: application/x-www-form-urlencoded Authorization: Bearer eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjEyNDU2In0.ey … cdr_arrangement_jwt=eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjEyNDU2In0.ey ...&¶
The Initiator first validates the Provider credentials and then verifies whether the CDR Sharing Arrangement Identifier exists and was issued by the Provider making the CDR Arrangement Revocation request. If this validation fails, the request is refused and the Provider is informed of the error by the ICARE endpoint as described below.¶
In the next step, the Initiator invalidates the CDR Arrangement and SHOULD discard associated tokens. Data Minimisation events SHOULD also be triggered on receipt of this event.¶
In the event of a successful revocation, the Initiator:¶
In the event of a failure to validate the CDR Arrangement conditions the Initiator:¶
Retry-After
indicating the earliest retry time¶
The failure response body is an object with a single attribute of errors
containing an array of one object with the following fields:¶
code
with the value of urn:au-cds:error:cds-all:Authorisation/InvalidArrangement
¶
title
with the value of The arrangement could not be found.
¶
detail
with a value containing the provided cdr_arrangement_id
¶
A non-normative example of the payload is provided below:¶
{ "errors": [ { "code": "urn:au-cds:error:cds-all:Authorisation/InvalidArrangement", "title": "The arrangement could not be found.", "detail": "b3f0c9d0-457d-4578-b0cd-52e443ae13c5" } ] }¶
Where a Initiator, by way of the [Request Object], requests to update an existing authorisation grant through the supply of the cdr_arrangement_id
some ecosystems may apply additional expectations with respect to the authorisation flow. Within the Australian Consumer Data Right this is summarised within the CX Standards: Amending Authorisation section of the [CDS].¶
The CDR Sharing Arrangement Identifier SHALL NOT be guessable, derivable nor identify the Consumer.¶