-
Notifications
You must be signed in to change notification settings - Fork 312
Add support for v1.5 API #663
Comments
I'll take this on next week. |
Is revoked in this case, a user initiated action or does that need to be run through a verification server? |
* remove free form pha claims * introduce v1.5 fields to verification claims * clairfy naming * mark transmission risk overrides as deprecated, but still used Part of google#680 Part of google#663
Some high level notes
Execution plan
|
Updates to verification server for new claims: |
The specification still states "The header must be exactly “EK Export v1” right-padded to 16 bytes with UTF-8 whitespaces." |
@flagxor @gurayAlsac - Can you answer the question about the header string? |
* Allow for v1.5+ early key release. Multiple keys can be provided that all have the same start interval * Add configuration params for this * Add tests for new pieces. 100% coverage on exposure model transform. * Add documentation. * add same day release as an optional feature to the generate server Fixes google#705 Part of google#663
When stable, I plan to promote the API version from v1alpha1 to v1beta1. |
* Allow for v1.5+ early key release. Multiple keys can be provided that all have the same start interval * Add configuration params for this * Add tests for new pieces. 100% coverage on exposure model transform. * Add documentation. * add same day release as an optional feature to the generate server Fixes #705 Part of #663
* Add key revision columns to exposure table * This includes capturing the health authority ID (if provided) * Keys can only be revised by the same health authority ID * Implement setting of Exposure fields based on the claims from the verification certificate * If a ReportType is present, set it in the Exposure.ReportType * Optionally, backfill the transmission risk, based on the report type * Calculate the days +/- sypmtom onset * the symptom onset interval can be provided in the API or from the verification certificate * stub out key revision * existing keys are read from the DB if they match the input * TODO: merge existing and input keys * TODO: implement transactional key revision * IterateExposures * add ability to select revised keys More work on google#663
* Add key revision columns to exposure table * This includes capturing the health authority ID (if provided) * Keys can only be revised by the same health authority ID * Implement setting of Exposure fields based on the claims from the verification certificate * If a ReportType is present, set it in the Exposure.ReportType * Optionally, backfill the transmission risk, based on the report type * Calculate the days +/- sypmtom onset * the symptom onset interval can be provided in the API or from the verification certificate * stub out key revision * existing keys are read from the DB if they match the input * TODO: merge existing and input keys * TODO: implement transactional key revision * IterateExposures * add ability to select revised keys More work on google#663
* Work on v1.5 * Add key revision columns to exposure table * This includes capturing the health authority ID (if provided) * Keys can only be revised by the same health authority ID * Implement setting of Exposure fields based on the claims from the verification certificate * If a ReportType is present, set it in the Exposure.ReportType * Optionally, backfill the transmission risk, based on the report type * Calculate the days +/- sypmtom onset * the symptom onset interval can be provided in the API or from the verification certificate * stub out key revision * existing keys are read from the DB if they match the input * TODO: merge existing and input keys * TODO: implement transactional key revision * IterateExposures * add ability to select revised keys More work on #663 * review comments * got/want fix * tabs
* remove free form pha claims * introduce v1.5 fields to verification claims * clairfy naming * mark transmission risk overrides as deprecated, but still used Part of google#680 Part of google#663
* Allow for v1.5+ early key release. Multiple keys can be provided that all have the same start interval * Add configuration params for this * Add tests for new pieces. 100% coverage on exposure model transform. * Add documentation. * add same day release as an optional feature to the generate server Fixes google#705 Part of google#663
* Work on v1.5 * Add key revision columns to exposure table * This includes capturing the health authority ID (if provided) * Keys can only be revised by the same health authority ID * Implement setting of Exposure fields based on the claims from the verification certificate * If a ReportType is present, set it in the Exposure.ReportType * Optionally, backfill the transmission risk, based on the report type * Calculate the days +/- sypmtom onset * the symptom onset interval can be provided in the API or from the verification certificate * stub out key revision * existing keys are read from the DB if they match the input * TODO: merge existing and input keys * TODO: implement transactional key revision * IterateExposures * add ability to select revised keys More work on google#663 * review comments * got/want fix * tabs
* Work on v1.5 * Add key revision columns to exposure table * This includes capturing the health authority ID (if provided) * Keys can only be revised by the same health authority ID * Implement setting of Exposure fields based on the claims from the verification certificate * If a ReportType is present, set it in the Exposure.ReportType * Optionally, backfill the transmission risk, based on the report type * Calculate the days +/- sypmtom onset * the symptom onset interval can be provided in the API or from the verification certificate * stub out key revision * existing keys are read from the DB if they match the input * TODO: merge existing and input keys * TODO: implement transactional key revision * IterateExposures * add ability to select revised keys More work on google#663 * review comments * got/want fix * tabs
* remove free form pha claims * introduce v1.5 fields to verification claims * clairfy naming * mark transmission risk overrides as deprecated, but still used Part of google#680 Part of google#663
* Allow for v1.5+ early key release. Multiple keys can be provided that all have the same start interval * Add configuration params for this * Add tests for new pieces. 100% coverage on exposure model transform. * Add documentation. * add same day release as an optional feature to the generate server Fixes google#705 Part of google#663
* Work on v1.5 * Add key revision columns to exposure table * This includes capturing the health authority ID (if provided) * Keys can only be revised by the same health authority ID * Implement setting of Exposure fields based on the claims from the verification certificate * If a ReportType is present, set it in the Exposure.ReportType * Optionally, backfill the transmission risk, based on the report type * Calculate the days +/- sypmtom onset * the symptom onset interval can be provided in the API or from the verification certificate * stub out key revision * existing keys are read from the DB if they match the input * TODO: merge existing and input keys * TODO: implement transactional key revision * IterateExposures * add ability to select revised keys More work on google#663 * review comments * got/want fix * tabs
* Publish API changes * Transform still validates the incoming request * If any of the uploaded keys have previously been seen, join and figure out changes * perform upsert over the new keys More work on google#663
We won't be changing the header string for this backwards compatible proto change. The header string would only change for a larger file format change (e.g., using a different proto, or something other than a proto) |
* Add new TEK metadata fields to generated exports * Add revised keys to output Work on google#663
* Implement ExposureKey revisions * Publish API changes * Transform still validates the incoming request * If any of the uploaded keys have previously been seen, join and figure out changes * perform upsert over the new keys More work on #663 * review comments
* Add new TEK metadata fields to generated exports * Add revised keys to output Work on google#663
* v1.5 export files * Add new TEK metadata fields to generated exports * Add revised keys to output Work on #663 * fix build errors * fix out of bounds w/ empty data * comments on new errors
/close Remaining work is in #717 |
@mikehelmick: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
TL;DR
v1.5 adds some additional fields attached to keys that need to be handled by the Key server.
Limited support for change of key status + revocation is supported in the API shape.
Design Goals
Additional fields need to be selected by the HA app:
The HA also has the opportunity to make a single revision to a previously published key:
Only some changes are allowed (enforced by the client, but server can also check):
Recursive -> Confirmed Test, Revoked, Clinical Diagnosis, Self-Report
Self-Report -> Confirmed Test, Revoked, Clinical Diagnosis
Clinical Diagnosis -> Confirmed Test, Revoked
To support these fields well the Diagnosis Key server will need to:
Revision + revocation will require dispensing some secret to the client to allow later revalidation to change a previously released key.
Revision + revocation support in the reference server is of secondary priority to supporting the new key fields.
Transmission risk is deprecated, but can be co-present with the other fields to support v1.0 clients.
The text was updated successfully, but these errors were encountered: