ToIP Trust Registry (Query) Protocol v2 - Working Draft (2.0.0)

Download OpenAPI specification:Download

E-mail: darrell.odonnell@continuumloop.com License: Apache 2.0

Trust Registry capabilities

Allow querying for critical items in a digital trust ecosystem: Entities, Registries, and Resources that are required to operate in the ecosysystem.

Registry of Registries (RoR) capabilities.

RoR capabilities include:

Listing Registries that are known (to the registry being queried).
list the acknowledged trust registries that the RoR recognizes and what that may mean in the context of a particular governance framework.

registry

Queries about Entities, Registries, and Resources.

Returns Registry Information about a particular entity that is represented in the queried system.

Authorizations:

bearerAuth

path Parameters

entityid

required

string <uri> (Uri)

The URI-based identifier of a DID or X.509 Issuer. Allows reserved characters per RFC3986. Do NOT escape the URI.

query Parameters

authorizationVID

string <uri> (Uri)

The identifier of the Authorization that is being queried for this Entity.

Responses

Response samples

200
400
401
404

Content type

application/json

{"entityVID": "did:example:123",
"governanceFrameworkVID": "http://example.com",
"primaryTrustRegistryVID": "did:example:123",
"authorizations": {"identifier": "did:example:abc",
"simplename": "country:role"
},
"secondaryTrustRegistries": ["did:example:456"
],
"participatingNamepaces": [{"identifier": "did:example:123",
"canonicalString": "ca.issuer.driverlicense",
"egfURI": "did:example:GlobalDriverLicenseDID",
"description": "string"
}
],
"entityDataValidity": {"validFromDT": "2019-08-24T14:15:22Z",
"validUntilDT": "2019-08-24T14:15:22Z"
},
"registrationStatus": {"status": "current",
"detail": "string"
}
}

Determine whether an Entity has a particular Authorization.

Authorizations:

bearerAuth

path Parameters

entityVID

required

string <uri> (VID)

The VID-based identifier of a VID/DID/AID or X.509 Issuer. Allows reserved characters per RFC3986. Do NOT escape the URI.

query Parameters

authorizationVID

string <uri> (Uri)

The identifier of the Authorization that is being queried for this Entity.

Responses

Response samples

200
400
401
404

Content type

application/json

{"identifier": "did:example:abc",
"simplename": "country:role"
}

Determine whether an Entity has a particular Authorization.

Authorizations:

bearerAuth

path Parameters

entityVID

required

string <uri> (VID)

The VID-based identifier of a VID/DID/AID or X.509 Issuer. Allows reserved characters per RFC3986. Do NOT escape the URI.

Responses

Response samples

200
400
401
404

Content type

application/json

{"identifier": "did:example:abc",
"simplename": "country:role"
}

Query this Trust Registry about its recognition of another Trust Registry.

Authorizations:

bearerAuth

query Parameters

namespace-VID	string <uri> (VID) Filter in only the namespace requested - show all registries otherwise. The URI-based Verifiable Identifier (VID) (e.g. DID or X.509 VID). Allows reserved characters per RFC3986. Do NOT escape the URI.
EGF-VID	string <uri> (VID) Filter in only the registries under the specified EGF (by EGF DID). Defaults to be limited to the EGFURI that is being queried at the root. The URI-based Verifiable Identifier (VID) (e.g. DID or X.509 VID). Allows reserved characters per RFC3986. Do NOT escape the URI.

Responses

Response samples

200
400
401
404

Content type

application/json

[{"identifier": "did:example:123",
"name": "Professional Engineers Ontario",
"description": "Established on June 14, 1922, Professional Engineers Ontario (PEO) is the licensing and regulating body for professional engineering in the province.",
"primaryEGFURI": ["did:example:GlobalDriverLicenseDID"
],
"additionalEGFURIs": ["http://example.com"
],
"participatingNamepaces": [{"identifier": "did:example:123",
"canonicalString": "ca.issuer.driverlicense",
"egfURI": "did:example:GlobalDriverLicenseDID",
"description": "string"
}
],
"peerType": "peer"
}
]

Query this Trust Registry about its recognition of a specific Trust Registry. TODO: determine RoR (registry of registry) impacts here.

Authorizations:

bearerAuth

path Parameters

registryVID

required

string <uri> (VID)

The URI-based identifier of a DID or X.509 Issuer. Allows reserved characters per RFC3986. Do NOT escape the URI.

Responses

Response samples

200
400
401
404

Content type

application/json

[{"identifier": "did:example:123",
"name": "Professional Engineers Ontario",
"description": "Established on June 14, 1922, Professional Engineers Ontario (PEO) is the licensing and regulating body for professional engineering in the province.",
"primaryEGFURI": ["did:example:GlobalDriverLicenseDID"
],
"additionalEGFURIs": ["http://example.com"
],
"participatingNamepaces": [{"identifier": "did:example:123",
"canonicalString": "ca.issuer.driverlicense",
"egfURI": "did:example:GlobalDriverLicenseDID",
"description": "string"
}
],
"peerType": "peer"
}
]

Get resource data indicated by DID.

Authorizations:

bearerAuth

path Parameters

registryVID

required

string <uri> (VID)

The URI-based identifier of a DID or X.509 Issuer. Allows reserved characters per RFC3986. Do NOT escape the URI.

Responses

Response samples

200
400
401
404

Content type

application/json

Example

ResourceReferencedType

{"identifier": "did:example:123",
"lastupdated": "2019-08-24T14:15:22Z",
"datatype": "string",
"resourceURI": "http://example.com",
"integrity": {"hashtype": "sha2-256",
"hash": "64ee532ac8a4871e21ccf0397ac8154efb747ec37a2a116c35fc8b810cbf24bd"
}
}

lookups

Configuration and lookup operations.

Get a list of Rights that are used in this Trust Registry.

Authorizations:

bearerAuth

query Parameters

egfURI

required

string <uri> (Uri)

The URI-based identifier of a DID or X.509 Issuer. Allows reserved characters per RFC3986. Do NOT escape the URI.

Responses

Response samples

200
400
401
404

Content type

application/json

{"identifier": "did:example:abc",
"simplename": "country:role"
}

Get the namespaces that are supported in this trust Registry.

Authorizations:

bearerAuth

Responses

Response samples

200
400
401
404

Content type

application/json

[{"identifier": "did:example:123",
"canonicalString": "ca.issuer.driverlicense",
"egfURI": "did:example:GlobalDriverLicenseDID",
"description": "string"
}
]

Get a list of DID Methods that are supported by a particular Governance Framework.

Authorizations:

bearerAuth

query Parameters

required

Array of objects (VIDMethodListType)

Provides a list of DID-methods that are supported by this trust registry. MAY include Maximum Assurance Level that a DID Method is set at under the EGF.

Responses

Response samples

200
400
401
404

Content type

application/json

[{"identifier": "string",
"maximumAssuranceLevel": {"identifier": "did:example:123",
"name": "LOA2",
"description": "Level of Assurance 2 - see EGF for definition, terms, obligations,liabilities, and indemnity"
}
}
]

Get a list of the assurance levels that are in use by this Trust Registry (and its governing EGF).

Authorizations:

bearerAuth

query Parameters

egfURI

required

string <uri> (Uri)

The URI-based identifier of the Ecosystem Governance Framework that the assurance levels apply to. Allows reserved characters per RFC3986. Do NOT escape the URI.

Responses

Response samples

200
400
401
404

Content type

application/json

[{"identifier": "did:example:123",
"name": "LOA2",
"description": "Level of Assurance 2 - see EGF for definition, terms, obligations,liabilities, and indemnity"
}
]

metadata

Metadata operations.

Provides metadata object.

Metadata object.

Authorizations:

bearerAuth

Responses

Response samples

200
400
401
404

Content type

application/json

{"lastupdated": "2019-08-24T14:15:22Z",
"primaryEGFURI": ["did:example:GlobalDriverLicenseDID"
],
"additionalEGFURIs": ["http://example.com"
],
"participatingNamepaces": [{"identifier": "did:example:123",
"canonicalString": "ca.issuer.driverlicense",
"egfURI": "did:example:GlobalDriverLicenseDID",
"description": "string"
}
],
"languages": "en"
}

offline

Offline operations (i.e. prepare to go offline).

Access a full data file that can be used offline.

Allows querying to determine the status of an Issuer, as identified by their Identifier (unique), credential type, and EGF that they are operating under.

Authorizations:

bearerAuth

Responses

Response samples

200

Content type

application/json

{"extractdatetime": "2019-08-24T14:15:22Z",
"version": "string",
"validity": {"validFromDT": "2019-08-24T14:15:22Z",
"validUntilDT": "2019-08-24T14:15:22Z"
},
"lookups": {"VIDMethods": [{"identifier": "string",
"maximumAssuranceLevel": {"identifier": "did:example:123",
"name": "LOA2",
"description": "Level of Assurance 2 - see EGF for definition, terms, obligations,liabilities, and indemnity"
}
}
],
"AssuranceLevels": [{"identifier": "did:example:123",
"name": "LOA2",
"description": "Level of Assurance 2 - see EGF for definition, terms, obligations,liabilities, and indemnity"
}
],
"Authorizations": {"identifier": "did:example:abc",
"simplename": "country:role"
},
"Namespaces": [{"identifier": "did:example:123",
"canonicalString": "ca.issuer.driverlicense",
"egfURI": "did:example:GlobalDriverLicenseDID",
"description": "string"
}
]
},
"registries": [{"identifier": "did:example:123",
"name": "Professional Engineers Ontario",
"description": "Established on June 14, 1922, Professional Engineers Ontario (PEO) is the licensing and regulating body for professional engineering in the province.",
"primaryEGFURI": ["did:example:GlobalDriverLicenseDID"
],
"additionalEGFURIs": ["http://example.com"
],
"participatingNamepaces": [{"identifier": "did:example:123",
"canonicalString": "ca.issuer.driverlicense",
"egfURI": "did:example:GlobalDriverLicenseDID",
"description": "string"
}
],
"peerType": "peer"
}
],
"entities": [{"entityVID": "did:example:123",
"governanceFrameworkVID": "http://example.com",
"primaryTrustRegistryVID": "did:example:123",
"authorizations": {"identifier": "did:example:abc",
"simplename": "country:role"
},
"secondaryTrustRegistries": ["did:example:456"
],
"participatingNamepaces": [{"identifier": "did:example:123",
"canonicalString": "ca.issuer.driverlicense",
"egfURI": "did:example:GlobalDriverLicenseDID",
"description": "string"
}
],
"entityDataValidity": {"validFromDT": "2019-08-24T14:15:22Z",
"validUntilDT": "2019-08-24T14:15:22Z"
},
"registrationStatus": {"status": "current",
"detail": "string"
}
}
],
"resources": [{"identifier": "did:example:123",
"name": "Professional Engineers Ontario",
"description": "Established on June 14, 1922, Professional Engineers Ontario (PEO) is the licensing and regulating body for professional engineering in the province.",
"primaryEGFURI": ["did:example:GlobalDriverLicenseDID"
],
"additionalEGFURIs": ["http://example.com"
],
"participatingNamepaces": [{"identifier": "did:example:123",
"canonicalString": "ca.issuer.driverlicense",
"egfURI": "did:example:GlobalDriverLicenseDID",
"description": "string"
}
],
"peerType": "peer"
}
]
}

Access a full data file that can be used offline.

Allows querying to determine the status of an Issuer, as identified by their Identifier (unique), credential type, and EGF that they are operating under.

Authorizations:

bearerAuth

Responses

Response samples

200
400
401
404

Content type

application/json

{"TBD": "string"
}