Minimal Management Interface Version
1.0
Committee Specification Draft 01
03 December 2015
Specification URIs
This version:
http://docs.oasis-open.org/coel/MMI/v1.0/csd01/MMI-v1.0-csd01.docx (Authoritative)
http://docs.oasis-open.org/coel/MMI/v1.0/csd01/MMI-v1.0-csd01.html
http://docs.oasis-open.org/coel/MMI/v1.0/csd01/MMI-v1.0-csd01.pdf
Previous version:
N/A
Latest version:
http://docs.oasis-open.org/coel/MMI/v1.0/MMI-v1.0.docx (Authoritative)
http://docs.oasis-open.org/coel/MMI/v1.0/MMI-v1.0.html
http://docs.oasis-open.org/coel/MMI/v1.0/MMI-v1.0.pdf
Technical Committee:
OASIS Classification of
Everyday Living (COEL) TC
Chairs:
David Snelling (David.Snelling@UK.Fujitsu.com),
Fujitsu Limited
Joss Langford (joss@activinsights.co.uk), Activinsights Ltd
Editor:
David Snelling (David.Snelling@UK.Fujitsu.com),
Fujitsu Limited
Related work:
This specification is related to:
·
Classification of Everyday Living Version 1.0. Edited by
Joss Langford. Latest version: http://docs.oasis-open.org/coel/COEL/v1.0/COEL-v1.0.html.
·
Roles, Principles, and Ecosystem Version 1.0. Edited by
Matthew Reed. Latest version: http://docs.oasis-open.org/coel/RPE/v1.0/RPE-v1.0.html.
·
Behavioural Atom Protocol Version 1.0. Edited by Joss
Langford. Latest version: http://docs.oasis-open.org/coel/BAP/v1.0/BAP-v1.0.html.
·
Identity Authority Interface Version 1.0. Edited by Paul
Bruton. Latest version: http://docs.oasis-open.org/coel/IDA/v1.0/IDA-v1.0.html.
·
Public Query Interface Version 1.0. Edited by David
Snelling. Latest version: http://docs.oasis-open.org/coel/PQI/v1.0/PQI-v1.0.html.
Abstract:
This document defines a minimal interface between the Data
Engine and other actors in the ecosystem, namely the Service Provider and the
Operator. The interface provides for registering and managing Operators,
Devices, and Consumers within a Data Engine. This interface represents the
minimal requirements of a Data Engine’s management interface, but does not
limit this interface to these capabilities.
Status:
This document was last revised or approved by the OASIS
Classification of Everyday Living (COEL) TC on the above date. The level of
approval is also listed above. Check the “Latest version” location noted above
for possible later revisions of this document. Any other numbered Versions and
other technical work produced by the Technical Committee (TC) are listed at https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=coel#technical.
TC members should send comments on this specification to the
TC’s email list. Others should send comments to the TC’s public comment list,
after subscribing to it by following the instructions at the “Send
A Comment button on the TC’s web page at https://www.oasis-open.org/committees/coel/.
For information on whether any patents have been disclosed
that may be essential to implementing this specification, and any offers of
patent licensing terms, please refer to the Intellectual Property Rights
section of the TC’s web page (https://www.oasis-open.org/committees/coel/ipr.php).
Citation format:
When referencing this specification the following citation
format should be used:
[COEL-MMI-v1.0]
Minimal Management Interface Version 1.0. Edited by David
Snelling. 03 December 2015. OASIS Committee Specification Draft 01. http://docs.oasis-open.org/coel/MMI/v1.0/csd01/MMI-v1.0-csd01.html. Latest version: http://docs.oasis-open.org/coel/MMI/v1.0/MMI-v1.0.html.
Copyright © OASIS Open 2015. All Rights Reserved.
All capitalized terms in the following text have the
meanings assigned to them in the OASIS Intellectual Property Rights Policy (the
"OASIS IPR Policy"). The full Policy may be
found at the OASIS website.
This document and translations of it may be copied and
furnished to others, and derivative works that comment on or otherwise explain
it or assist in its implementation may be prepared, copied, published, and
distributed, in whole or in part, without restriction of any kind, provided
that the above copyright notice and this section are included on all such
copies and derivative works. However, this document itself may not be modified
in any way, including by removing the copyright notice or references to OASIS,
except as needed for the purpose of developing any document or deliverable
produced by an OASIS Technical Committee (in which case the rules applicable to
copyrights, as set forth in the OASIS IPR Policy, must be followed) or as required
to translate it into languages other than English.
The limited permissions granted above are perpetual and will
not be revoked by OASIS or its successors or assigns.
This document and the information contained herein is
provided on an "AS IS" basis and OASIS DISCLAIMS ALL WARRANTIES,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY OWNERSHIP RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
OASIS requests that any OASIS Party or any other party that
believes it has patent claims that would necessarily be infringed by
implementations of this OASIS Committee Specification or OASIS Standard, to
notify OASIS TC Administrator and provide an indication of its willingness to
grant patent licenses to such patent claims in a manner consistent with the IPR
Mode of the OASIS Technical Committee that produced this specification.
OASIS invites any party to contact the OASIS TC
Administrator if it is aware of a claim of ownership of any patent claims that
would necessarily be infringed by implementations of this specification by a
patent holder that is not willing to provide a license to such patent claims in
a manner consistent with the IPR Mode of the OASIS Technical Committee that
produced this specification. OASIS may include such claims on its website, but
disclaims any obligation to do so.
OASIS takes no position regarding the validity or scope of
any intellectual property or other rights that might be claimed to pertain to
the implementation or use of the technology described in this document or the
extent to which any license under such rights might or might not be available;
neither does it represent that it has made any effort to identify any such rights.
Information on OASIS' procedures with respect to rights in any document or
deliverable produced by an OASIS Technical Committee can be found on the OASIS
website. Copies of claims of rights made available for publication and any
assurances of licenses to be made available, or the result of an attempt made
to obtain a general license or permission for the use of such proprietary
rights by implementers or users of this OASIS Committee Specification or OASIS
Standard, can be obtained from the OASIS TC Administrator. OASIS makes no
representation that any information or list of intellectual property rights
will at any time be complete, or that any claims in such list are, in fact,
Essential Claims.
The name "OASIS" is a trademark of OASIS, the owner and developer of this
specification, and should be used only to refer to the organization and its
official outputs. OASIS welcomes reference to, and implementation and use of,
specifications, while reserving the right to enforce its marks against
misleading uses. Please see https://www.oasis-open.org/policies-guidelines/trademark
for above guidance.
1 Introduction. 5
1.1 Terminology. 5
1.2 Normative References. 5
1.3 Non-Normative References. 5
2 Interface
Specification. 6
2.1 Authentication and Authorisation. 6
2.2 Service Provider: Create New
Operator 6
2.2.1 Request 7
2.2.2 Response. 7
2.3 Service Provider: Retrieve
Operator List 8
2.3.1 Request 8
2.3.2 Response. 8
2.4 Service Provider: Retrieve
Consumer List 8
2.4.1 Request 9
2.4.2 Response. 9
2.5 Service Provider: Forget Consumer 10
2.5.1 Request 10
2.5.2 Response. 10
2.6 Operator: Create New Consumer 11
2.6.1 Request 11
2.6.2 Response. 13
2.7 Operator: Assign a Device to a
Consumer 13
2.7.1 Request 13
2.7.2 Response. 14
3 Conformance. 16
Appendix A. Acknowledgments. 17
Appendix B. Revision History. 18
This document defines the Minimal Management Interface (MMI)
between the Data Engine and other actors in the ecosystem. It provides
operation definitions on the Data Engine for use by a Service Provider to
register a new Operator, to retrieve a list of existing Operators, to retrieve
a list of Consumers associated with a given Operator, and to forget a consumer.
It also provides operations definitions on the Data Engine for use by an
Operator to register a Consumer and to associate a device with a consumer..
This interface represents the minimal requirements of a Data
Engine’s management interface, but does not limit this interface to these
capabilities. High quality Data Engines may offer more comprehensive management
services.
The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL
NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in this
document are to be interpreted as described in [RFC2119].
[RFC2119] Bradner,
S., “Key words for use in RFCs to Indicate Requirement Levels”, BCP 14, RFC
2119, March 1997. http://www.ietf.org/rfc/rfc2119.txt.
[COEL_RPE-1.0] Roles,
Principles, and Ecosystem Version 1.0. Latest version: http://docs.oasis-open.org/coel/RPE/v1.0/RPE-v1.0.docx.
[COEL_IDA-1.0] Identity
Authority Interface Version 1.0. Latest version: http://docs.oasis-open.org/coel/IDA/v1.0/IDA-v1.0.docx
[Coelition] http://www.coelition.org
[Data to Life] Reed, M. & Langford, J.
(2013). Data to Life. Coelition, London. ISBN 978-0957609402
The Minimal Management Interface on the Data Engine is
divided into sections depending on which actor and function in a COEL ecosystem
is communicating with the Data Engine. The following sub-sections define these
interfaces.
To access all Service Provider functions of the Data Engine
MMI API, Service Providers need access credentials with two components:
·
A userid to identify the caller.
·
A password for authentication.
HTTP basic authentication SHALL be used to
authenticate calls to the API. Passwords SHOULD be 64 bytes in length and MUST
be supplied as an ASCII string. This MUST be prefixed with the userid followed
by a colon to form the token passed in the HTTP Authorisation Header.
Note that while Operators need to secure their connection to
the Data Engine with TLS, they do not need to Authenticate or Authorise.
Example:
"9abf5386-2ac6-4e61-abc4-6b809a85d6cb:J1dOeWJJOkd3akhnSn4ma007M
DtUMVAxISgyOn9jI2U9NHNdRi4hfiw9c2I8PURcVltNMWQkamsrfGR4T24vKA=="
If the userid is unrecognized, or the wrong
password is supplied a HTTP status code 401 Invalid username or password
SHALL be returned.
If a request is made with a userid that is
assigned a role that is not authorized to perform that action then the HTTP
status code 403 Unauthorised SHALL be returned.
Note: All Operator functions do not require
authentication or authorisation.
Create a new Operator within the Data Engine and associate
it with the requesting Service Provider. Completion of this operation allows
the Operator to register new Consumers.
|
API
|
Description
|
|
POST service-provider/operator
|
Create an Operator identity within the Data Engine permitting that
operator to create and register Consumers.
|
2.2.1 Request
|
Parameter Name
|
Description
|
Type
|
|
OperatorID
|
A Pseudonymous Key generated by an IDA and associated with the Operator
being registered.
|
String: Format defined in [COEL_IDA-1.0].
|
|
TimeStamp
|
Time stamp of the OperatorID indicating when the IDA created this Pseudonymous
Key.
|
DateTimeString:
Format defined in [COEL_IDA-1.0].
|
|
Signature
|
Signature proving that an IDA created this OperatorID.
|
String:
Format defined in [COEL_IDA-1.0].
|
|
|
|
|
|
Media type:
application/json, text/json
Sample:
{"OperatorID": "00000000-0000-0000-0000-000000000000",
"TimeStamp": "2011-02-14T00:00:00",
"Signature":
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
Returns true if the Operator is successfully registered and
false otherwise.
|
Parameter Name
|
Description
|
Type
|
|
Result
|
Boolean value representing success or otherwise of the operation.
|
Boolean:
|
Media type:
application/json, text/json
Sample:
{"Result":true}
A Service Provider uses this operation to retrieve a list of
all registered Operators registered to the requesting Service Provider.
|
API
|
Description
|
|
GET service-provider/operators
|
Retrieve a list of all Operators associated with the requesting Service
Provider.
|
The request is empty.
An array of Pseudonymous Keys each associated with an
Operator associated with the requesting Service Provider.
|
Parameter Name
|
Description
|
Type
|
|
OperatorIDs
|
An array of Pseudonymous Keys one for each of the Operators associated
with the requesting Service Provider.
|
Array of String: Format defined in [COEL_IDA-1.0].
|
Media type:
application/json, text/json
Sample:
{"OperatorIDs":
[
"00000000-0000-0000-0000-000000000000",
"00000000-0000-0000-0000-000000000001",
"00000000-0000-0000-0000-000000000002"]
}
A Service Provider uses this operation to retrieve a list of
all Consumers registered to a given Operator, which is in turn registered to
the requesting Service Provider.
|
API
|
Description
|
|
POST service-provider/consumers
|
Retrieve a list of all Consumers associated with a given Operator,
which is in turn associated with the requesting Service Provider.
|
|
Parameter Name
|
Description
|
Type
|
|
OperatorID
|
A Pseudonymous Key generated by an IDA and associated with an Operator
registered with the Data Engine.
|
String: Format defined in [COEL_IDA-1.0].
|
Media type:
application/json, text/json
Sample:
{"OperatorID":
"00000000-0000-0000-0000-000000000000"}
An array of Pseudonymous Keys each associated with a
Consumer registered with the given Operator which is in turn associated with
the requesting Service Provider.
|
Parameter Name
|
Description
|
Type
|
|
ConsumerIDs
|
An array of Pseudonymous Keys one for each of the Consumers associated
with given Operator.
|
Array of String: Format defined in [COEL_IDA-1.0].
|
Media type:
application/json, text/json
Sample:
{"ConsumerIDs":
[
"00000000-0000-0000-0000-000000000000",
"00000000-0000-0000-0000-000000000001",
"00000000-0000-0000-0000-000000000002"]
}
Delete a Consumer associated with the calling Service
Provider. The Data Engine MAY either delete all data associated with the
Consumer or render that data non-personal.
The Data Engine SHOULD keep a record of which consumers have been forgotten
(for audit purposes).
|
API
|
Description
|
|
POST operator/forget
|
Delete or render non-personal all data associated with the given
Consumer.
|
|
Parameter Name
|
Description
|
Type
|
|
ConsumerID
|
A Pseudonymous Key associated with the Consumer and generated by an
IDA.
|
String:
Format defined in [COEL_IDA-1.0].
|
Media type:
application/json, text/json
Sample:
{"ConsumerID": "00000000-0000-0000-0000-000000000000"}
Returns true if the Consumer’s data has been successfully
deleted or rendered non-personal and false otherwise.
|
Parameter Name
|
Description
|
Type
|
|
Result
|
Boolean value representing success or otherwise of the operation.
|
Boolean:
|
Media type:
application/json, text/json
Sample:
{"Result":true}
Create a new Consumer within the Data Engine and associate
it with the given Operator. Completion of this operation allows Behavioural
Atoms to be posted anonymously to the Data Engine and be associated with the
given Consumer. This function does not require authentication or uthorization.
|
API
|
Description
|
|
POST operator/consumer
|
Create a Consumer identity within the Data Engine associated with the
given Operator.
|
|
Parameter Name
|
Description
|
Type
|
|
OperatorID
|
A Pseudonymous Key associated with the Operator and generated by an
IDA.
|
String:
Format defined in [COEL_IDA-1.0].
|
|
ConsumerID
|
A Pseudonymous Key associated with the Consumer and generated by an
IDA.
|
String:
Format defined in [COEL_IDA-1.0].
|
|
TimeStamp
|
Time stamp of the ConsumerID indicating when the IDA created this Pseudonymous
Key.
|
DateTimeString:
Format defined in [COEL_IDA-1.0].
|
|
Signature
|
Signature proving that an IDA created this ConsumerID.
|
String:
Format defined in [COEL_IDA-1.0].
|
|
SegmentData
|
An OPTIONAL object containing (OPTIONALLY) residential time zone and
latitude, gender, and year of birth.
|
Object:
Composed of ResidentTimeZone, ResidentLatitude, Gender, and YearOfBirth.
|
|
ResidentTimeZone
|
The time zone in which the Consumer generally resides.
|
TimeZoneString:
As +/- hh:mm from UTC.
|
|
ResidentLatitude
|
The latitude (rounded to an integer) at which the Consumer generally
resides.
|
Integer:
Representing latitude rounded to an integer.
|
|
Gender
|
The gender of the Consumer.
|
String: One
of “Male” or “Female”
|
|
YearOfBirth
|
Year in which the Consumer was born.
|
Integer:
Representing year of birth.
|
Media type:
application/json, text/json
Sample:
{"OperatorID": "00000000-0000-0000-0000-000000000000",
"ConsumerID": "00000000-0000-0000-0000-000000000000",
"TimeStamp": "2011-02-14T00:00:00",
"Signature":
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=",
"SegmentData":
{"ResidentTimeZone":
"+03:00",
"ResidentLatitude":
51,
"Gender":
"Female",
"YearOfBirth":
1993
}
}
Returns true if the Consumer is successfully registered and
false otherwise.
|
Parameter Name
|
Description
|
Type
|
|
Result
|
Boolean value representing success or otherwise of the operation.
|
Boolean:
|
Media type:
application/json, text/json
Sample:
{"Result":true}
Assign a Pseudonymous Key representing a device to a
Consumer associated with the requesting Operator. All Atoms posted with this
Pseudonymous Key will be associated with the corresponding Consumer. Once
assigned to a Consumer, a Device MUST not be reassigned to another Consumer.
This function does not require authentication or uthorization.
|
API
|
Description
|
|
POST operator/device
|
Associate a device, identified by a Pseudonymous Key, to a registered
Consumer associated with the requesting Operator.
|
|
Parameter Name
|
Description
|
Type
|
|
|
DeviceID
|
A Pseudonymous Key associated with the Device and generated by an IDA.
|
String:
Format defined in [COEL_IDA-1.0].
|
|
TimeStamp
|
Time stamp of the DeviceID indicating when the IDA created this Pseudonymous
Key.
|
DateTimeString:
Format defined in [COEL_IDA-1.0].
|
|
Signature
|
Signature proving that an IDA created this DeviceID.
|
String:
Format defined in [COEL_IDA-1.0].
|
|
OperatorID
|
A Pseudonymous Key of the Operator to which the Consumer is associated.
|
String:
Format defined in [COEL_IDA-1.0].
|
|
ConsumerID
|
A Pseudonymous Key of the user to which the device is to be associated.
The user MUST already be associated with the requesting Operator.
|
String: Format defined in [COEL_IDA-1.0].
|
|
|
|
|
|
|
Media type:
application/json, text/json
Sample:
{"DeviceID": "00000000-0000-0000-0000-000000000000",
"TimeStamp": "2011-02-14T00:00:00",
"Signature":
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=",
"OperatorID": "00000000-0000-0000-0000-000000000001",
"ConsumerID": "00000000-0000-0000-0000-000000000002"
}
Returns true if the Device and Consumer association is
successfully established and false otherwise.
|
Parameter Name
|
Description
|
Type
|
|
Result
|
Boolean value representing success or otherwise of the operation.
|
Boolean:
|
Media type:
application/json, text/json
Sample:
{"Result":true}
An implementation is a conforming Minimal Management
Interface if the implementation meets the conditions set out in in Section 2 of
this document AND the conformance criteria in [COEL_RPE-1.0]
The following individuals have participated in the creation
of this specification and are gratefully acknowledged:
Participants:
Paul Bruton, Individual Member
Joss Langford, Activinsights
Matthew Reed, Coelition
David Snelling, Fujitsu
|
Revision
|
Date
|
Editor
|
Changes Made
|
|
1
|
21/08/2015
|
David Snelling
|
A few minor changes to test the revision process in Kavi.
|
|
2
|
21/09/2015
|
David Snelling
|
First complete version, based on submitted material.
|
|
3
|
25/09/2015
|
Paul Bruton
|
Added review comments
|
|
4
|
25/09/2015
|
Joss Langford
|
Review, spell correction and change of ‘sex’ to ‘gender’
in section 2.4
|
|
5
|
11/10/2015
|
David Snelling
|
Edits for issues: COEL-10 (Segment data), COEL-17
(Location of security), COEL-23 (Forget operation)
|
|
6
|
11/10/2015
|
David Snelling
|
Removed tracking
|
|
7
|
13/10/2015
|
Paul Bruton
|
Conformance includes reference to RPE document.
|
|
8
|
19/10/2015
|
David Snelling
|
COEL-13 and a few style and consistence issues.
|
|
9
|
23/10/2015
|
David Snelling
|
Adding OperatorID to New Consumer request.
|
|
10
|
30/10/2015
|
David Snelling
|
Removed text allowing reassignment of Devices by Operator.
|
|
11
|
31/102015
|
Joss Langford
|
Accept all changes, track changes off, check references
and style consistency.
|
|
12
|
02/11/2015
|
David Snelling
|
Final date change
|
|
13
|
03/11/2015
|
Paul Bruton
|
Corrected authorization and authentication description;
Spelling correction; Corrected description of TimeStamp and Signature
parameters in operator/device, also added OperatorID parameter since there
will be no authorization header in this request.
|
|
14
|
03/11/2015
|
Paul Bruton
|
Minor spelling correction.
|
|
15
|
25/11/2015
|
David Snelling
|
Fixed 45, 47, & 52.
|
|
16
|
25/11/2015
|
David Snelling
|
Fixed Revision History.
|
|
17
|
25/11/2015
|
Joss Langford
|
Changes accepted and track changes switched off.
|
|
18
|
25/11/2015
|
David Snelling
|
Set date for final publication.
|
