You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
* feat: recommend to use Backbone v7
* feat: remove approvedAt and approvedByDevice properties of IdentityDeletionProcess
* feat: rename status "Approved" of IdentityDeletionProcess to "Active"
* chore: run Excel script for updating use case metadata
Copy file name to clipboardExpand all lines: _docs_integrate/data-model-overview.md
+11-13Lines changed: 11 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -217,19 +217,17 @@ If you want to [delete your Identity]({% link _docs_integrate/delete-identities.
217
217
Up until then, the data about the deletion process is stored in an object called IdentityDeletionProcess.
218
218
It is possible to [cancel an IdentityDeletionProcess]({% link _docs_use-cases/use-case-transport-cancel-identitydeletionprocess.md %}) that hasn't reached the end of its grace period, yet.
219
219
Since cancelled IdentityDeletionProcesses are stored, you can reach a situation in which there are multiple IdentityDeletionProcesses associated with the same Identity.
220
-
Note, however, that at all times there can only be at most one **active IdentityDeletionProcess**, i.e. with `"Approved"` as `status`, per Identity.
| id |`string`| {% include descr_id class="IdentityDeletionProcess" prefix="IDP" %} ||
225
-
| status |`"Approved"`\|`"Cancelled"`| The status of the IdentityDeletionProcess. <br>{::nomarkdown}<ul><li>Approved: the IdentityDeletionProcess was <ahref="{% link _docs_use-cases/use-case-transport-initiate-identitydeletionprocess.md %}">initiated directly by the Identity itself</a> and is active. Unless it is cancelled, the Identity will be deleted by the end of the grace period.</li><li>Cancelled: the IdentityDeletionProcess was cancelled and is no longer active.</li></ul>{:/} ||
226
-
| createdAt |`string`\|`undefined`| {% include descr_createdAt class="IdentityDeletionProcess" %} ||
227
-
| createdByDevice |`string`\|`undefined`| {% include descr_createdByDevice class="IdentityDeletionProcess" %} ||
228
-
| approvedAt |`string`\|`undefined`| A timestamp that describes when the IdentityDeletionProcess was approved. ||
229
-
| approvedByDevice |`string`\|`undefined`| The ID of the Device that approved the IdentityDeletionProcess. ||
230
-
| gracePeriodEndsAt |`string`\|`undefined`| A timestamp that describes when the Identity will be permanently deleted. Up until this moment, it is possible to cancel the IdentityDeletionProcess. ||
231
-
| cancelledAt |`string`\|`undefined`| A timestamp that describes when the IdentityDeletionProcess was cancelled. ||
232
-
| cancelledByDevice |`string`\|`undefined`| The ID of the Device that cancelled the IdentityDeletionProcess. ||
220
+
Note, however, that at all times there can only be at most one **active IdentityDeletionProcess**, i.e. with `"Active"` as `status`, per Identity.
| id |`string`| {% include descr_id class="IdentityDeletionProcess" prefix="IDP" %} ||
225
+
| status |`"Active"`\|`"Cancelled"`| The status of the IdentityDeletionProcess. <br>{::nomarkdown}<ul><li>Active: the IdentityDeletionProcess was <ahref="{% link _docs_use-cases/use-case-transport-initiate-identitydeletionprocess.md %}">initiated directly by the Identity itself</a> and is active. Unless it is cancelled, the Identity will be deleted by the end of the grace period.</li><li>Cancelled: the IdentityDeletionProcess was cancelled and is no longer active.</li></ul>{:/} ||
226
+
| createdAt |`string`\|`undefined`| {% include descr_createdAt class="IdentityDeletionProcess" %} ||
227
+
| createdByDevice |`string`\|`undefined`| {% include descr_createdByDevice class="IdentityDeletionProcess" %} ||
228
+
| gracePeriodEndsAt |`string`\|`undefined`| A timestamp that describes when the Identity will be permanently deleted. Up until this moment, it is possible to cancel the IdentityDeletionProcess. ||
229
+
| cancelledAt |`string`\|`undefined`| A timestamp that describes when the IdentityDeletionProcess was cancelled. ||
230
+
| cancelledByDevice |`string`\|`undefined`| The ID of the Device that cancelled the IdentityDeletionProcess. ||
Copy file name to clipboardExpand all lines: _docs_integrate/delete-identities.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -36,8 +36,8 @@ However, Integrators of Connectors can still delete their Identity by using [Con
36
36
## IdentityDeletionProcesses
37
37
38
38
From a technical perspective, the process of Identity deletion is described by a data object of type [IdentityDeletionProcess]({% link _docs_integrate/data-model-overview.md %}#identitydeletionprocess). It can be uniquely identified by its `id`.
39
-
An IdentityDeletionProcess can have `"Approved"` or `"Cancelled"` as its `status`.
40
-
If an IdentityDeletionProcess has `"Approved"` as `status`, it is also referred to as an **active IdentityDeletionProcess**.
39
+
An IdentityDeletionProcess can have `"Active"` or `"Cancelled"` as its `status`.
40
+
If an IdentityDeletionProcess has `"Active"` as `status`, it is also referred to as an **active IdentityDeletionProcess**.
41
41
There can be at most one active IdentityDeletionProcess per Identity.
42
42
There are three [use cases]({% link _docs_integrate/use-cases.md %}) for getting one or more already existing [IdentityDeletionProcesses]({% link _docs_integrate/data-model-overview.md %}#identitydeletionprocess):
43
43
@@ -55,11 +55,11 @@ Whenever a new [IdentityDeletionProcess]({% link _docs_integrate/data-model-over
55
55
### Self-Initiated Identity Deletion
56
56
57
57
An Identity can actively trigger its own process of deletion by executing the [Initiate IdentityDeletionProcess]({% link _docs_use-cases/use-case-transport-initiate-identitydeletionprocess.md %}) use case.
58
-
Successful execution leads to the creation of an [IdentityDeletionProcess]({% link _docs_integrate/data-model-overview.md %}#identitydeletionprocess) with `"Approved"` as `status`.
58
+
Successful execution leads to the creation of an [IdentityDeletionProcess]({% link _docs_integrate/data-model-overview.md %}#identitydeletionprocess) with `"Active"` as `status`.
59
59
The Identity is immediately in deletion and will be irreversibly deleted from the Backbone once the end of the associated grace period of the IdentityDeletionProcess specified within its `gracePeriodEndsAt` property has been reached.
60
60
Within the grace period, the [Cancel IdentityDeletionProcess]({% link _docs_use-cases/use-case-transport-cancel-identitydeletionprocess.md %}) use case can be applied by the Identity if it no longer wants to be deleted.
61
61
In this case, the `status` of the IdentityDeletionProcess changes to `"Cancelled"`.
62
-
Trying to cancel an IdentityDeletionProcess that does not have `"Approved"` as `status` causes an error with `error.runtime.identityDeletionProcess.noApprovedIdentityDeletionProcess` as [error code]({% link _docs_integrate/error-codes.md %}) to be thrown.
62
+
Trying to cancel an IdentityDeletionProcess that does not have `"Active"` as `status` causes an error with `error.runtime.identityDeletionProcess.noApprovedIdentityDeletionProcess` as [error code]({% link _docs_integrate/error-codes.md %}) to be thrown.
63
63
Furthermore, please note that the use of the [Initiate IdentityDeletionProcess]({% link _docs_use-cases/use-case-transport-initiate-identitydeletionprocess.md %}) use case is not permitted if there is already an active IdentityDeletionProcess.
64
64
The corresponding [error code]({% link _docs_integrate/error-codes.md %}) is given by `error.runtime.identityDeletionProcess.activeIdentityDeletionProcessAlreadyExists`.
Copy file name to clipboardExpand all lines: _docs_integrate/migration-from-v6-to-v7.md
+7Lines changed: 7 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -41,6 +41,11 @@ The step-by-step instructions can be consulted to start the migration to version
41
41
- The `database.dbNamePrefix` field of the [database configuration]({% link _docs_operate/configuration.md %}#database) was removed. Before, it defaulted to `acc-`. If a database called `acc-connector` is to be accessed, the value of the `database.dbName` field must be set to `acc-connector` instead of `connector` only.
42
42
- To support additional authentication methods beyond API key authentication, the `apiKey` field was replaced by the `authentication.apiKey.keys.<key-id>.key` parameter of the [authentication configuration]({% link _docs_operate/configuration.md %}#authentication). The `authentication.apiKey.keys.<key-id>.scopes` field provides a convenient way to configure the permissions that apply when the API key identified by `<key-id>` is used.
43
43
- Additionally, the support for the `API_KEY`[environment variable]({% link _docs_operate/configuration.md %}#environment-variables) has been removed, that could be used to define an API key using a short environment variable. As an alternative, the `authentication.apiKey.keys.<key-id>.key` configuration property can be set using an environment variable.
44
+
- It must be ensured that a [Backbone](https://github.com/nmshd/backbone/tags) is used which is compatible with version 7 of the Connector.
45
+
Even though a Backbone of version 6 can still be used, it is recommended to update to version 7 of the Backbone due to the new features and bug fixes provided.
46
+
Appropriate Backbone credentials can be specified in the fields `transportLibrary.baseUrl`, `transportLibrary.platformClientId` and `transportLibrary.platformClientSecret` of the [Backbone configuration]({% link _docs_operate/configuration.md %}#transportlibrary).
47
+
The URL `<baseUrl of Backbone>/api/v2/version` can be accessed to validate the version of the Backbone.
48
+
Please note that version 7 of the Backbone only supports version 2 of its API and no longer version 1.
44
49
45
50
### Removed and Changed Data Structures
46
51
@@ -60,6 +65,8 @@ The step-by-step instructions can be consulted to start the migration to version
60
65
The property `reference` was introduced to group the property `truncated` with the additional property `url`, improving structure and better organizing related data.
61
66
- The `title` property of the [File]({% link _docs_integrate/data-model-overview.md %}#file) became optional and should no longer be relied upon to be set.
62
67
- The `ownershipToken` property of the [TransferFileOwnershipRequestItem]({% link _docs_integrate/data-model-overview.md %}#transferfileownershiprequestitem) became mandatory. This ensures that the ownership of the original File on the Backbone is transferred instead of applying a copy-based workaround. If the ownership of a [File]({% link _docs_integrate/data-model-overview.md %}#file) ought to be transferred, that doesn't have an `ownershipToken` yet, it will need to be [regenerated]({% link _docs_use-cases/use-case-transport-regenerate-file-ownership-token.md %}).
68
+
- The properties `approvedAt` and `approvedByDevice` of the [IdentityDeletionProcess]({% link _docs_integrate/data-model-overview.md %}#identitydeletionprocess) have been removed.
69
+
Furthermore, renaming `"Approved"` to `"Active"` resulted in a change of an IdentityDeletionProcess `status`.
63
70
- All data structures around the Attribute listener feature, including the LocalAttributeListener, the RegisterAttributeListenerRequestItem, and the RegisterAttributeListenerAcceptResponseItem, were removed.
Copy file name to clipboardExpand all lines: _docs_operate/backbone-security-considerations.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -91,8 +91,8 @@ There is no authorization set up. So if you have the API-Key, you can access all
91
91
92
92
The Consumer API supports configuring quotas on different write-actions to limit how often a user can execute those. These quotas can be defined per identity. However, there are some endpoints that allow anonymous access and that therefore cannot be rate limited by quotas. These endpoints currently are:
93
93
94
-
-`POST /api/v1/Challenges`
95
-
-`POST /api/v1/Identities`
94
+
-`POST /api/v2/Challenges`
95
+
-`POST /api/v2/Identities`
96
96
97
97
When operating the Backbone's Consumer API, you should make sure that the endpoints mentioned above are not abused by malicious users by implementing rate limiting on the network level.
0 commit comments