Skip to content

Commit 6473dce

Browse files
DexagodDexagod
committed
Script output
1 parent a9b0e93 commit 6473dce

1 file changed

Lines changed: 68 additions & 54 deletions

File tree

output.txt

Lines changed: 68 additions & 54 deletions
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,7 @@ on the condition of the purpose of the request being "http://example.org/bariatr
5858
The doctor now tries to access the private smartwatch resource.
5959

6060
First, a resource request is done without authorization that results in a 403 response and accompanying UMA ticket in the WWW-Authenticate header according to the UMA specification:
61-
UMA realm="solid", as_uri="http://localhost:4000/uma", ticket="c3f62f9a-1919-4f23-b34d-ffab386c63b9"
61+
UMA realm="solid", as_uri="http://localhost:4000/uma", ticket="d7d26537-7dc4-4bd4-befb-80e4fa30fa15"
6262

6363
To the discovered AS, we now send a request for read permission to the target resource
6464

@@ -67,16 +67,20 @@ To the discovered AS, we now send a request for read permission to the target re
6767
'@context': 'http://www.w3.org/ns/odrl.jsonld',
6868
'@type': 'Request',
6969
profile: { '@id': 'https://w3id.org/oac#' },
70-
uid: 'http://example.org/HCPX-request/5b3d5567-5fd2-4fab-b86d-eebe0752a025',
70+
uid: 'http://example.org/HCPX-request/5d4dd7d0-6127-4aef-b2bc-d8ca5edbf431',
7171
description: "HCP X requests to read Alice's health data for bariatric care.",
72-
permission: {
73-
'@type': 'Permission',
74-
'@id': 'http://example.org/HCPX-request-permission/1535fc91-55fe-4f29-920f-973042c68c34',
75-
target: 'http://localhost:3000/ruben/medical/smartwatch.ttl',
76-
action: { '@id': 'https://w3id.org/oac#read' }
77-
},
72+
permission: [
73+
{
74+
'@type': 'Permission',
75+
uid: 'http://example.org/HCPX-request-permission/b6b3f04d-e924-4597-b146-43bde021a0a0',
76+
assigner: 'http://localhost:3000/ruben/profile/card#me',
77+
assignee: 'http://localhost:3000/alice/profile/card#me',
78+
action: [Object],
79+
target: 'http://localhost:3000/ruben/medical/smartwatch.ttl'
80+
}
81+
],
7882
grant_type: 'urn:ietf:params:oauth:grant-type:uma-ticket',
79-
ticket: 'c3f62f9a-1919-4f23-b34d-ffab386c63b9'
83+
ticket: 'd7d26537-7dc4-4bd4-befb-80e4fa30fa15'
8084
}
8185

8286
Based on the policy set above, the Authorization Server requests the following claims from the doctor:
@@ -87,7 +91,7 @@ Based on the policy set above, the Authorization Server requests the following c
8791

8892
- https://w3id.org/oac#LegalBasis
8993

90-
accompanied by an updated ticket: 9b01425b-56c0-48eb-89c0-d55edab13d00.
94+
accompanied by an updated ticket: 89f508e3-2d5d-49c5-807a-4526479a09b1.
9195

9296
The doctor's client now gathers the necessary claims (how is out-of-scope for this demo)
9397

@@ -114,42 +118,46 @@ Together with the UMA grant_type and ticket requirements, these are bundled as a
114118
"profile": {
115119
"@id": "https://w3id.org/oac#"
116120
},
117-
"uid": "http://example.org/HCPX-request/5ac9263a-2488-4277-9b68-e287dcbd61dc",
121+
"uid": "http://example.org/HCPX-request/de7cf6e2-192c-4f75-8d81-1d82b119c19c",
118122
"description": "HCP X requests to read Alice's health data for bariatric care.",
119-
"permission": {
120-
"@type": "Permission",
121-
"@id": "http://example.org/HCPX-request-permission/904b8a5f-29a2-4f7c-91ad-4bf509dfe67a",
122-
"target": "http://localhost:3000/ruben/medical/smartwatch.ttl",
123-
"action": {
124-
"@id": "https://w3id.org/oac#read"
125-
},
126-
"constraint": [
127-
{
128-
"@type": "Constraint",
129-
"@id": "http://example.org/HCPX-request-permission-purpose/8242ed33-3ddf-4bcf-883c-e06267cc038c",
130-
"leftOperand": "purpose",
131-
"operator": "eq",
132-
"rightOperand": {
133-
"@id": "http://example.org/bariatric-care"
134-
}
123+
"permission": [
124+
{
125+
"@type": "Permission",
126+
"@id": "http://example.org/HCPX-request-permission/b537acb7-1e8b-4017-8d30-3143a1d4ec8b",
127+
"target": "http://localhost:3000/ruben/medical/smartwatch.ttl",
128+
"action": {
129+
"@id": "https://w3id.org/oac#read"
135130
},
136-
{
137-
"@type": "Constraint",
138-
"@id": "http://example.org/HCPX-request-permission-purpose/b5ae825a-bfff-41a4-8863-3261c296a209",
139-
"leftOperand": {
140-
"@id": "https://w3id.org/oac#LegalBasis"
131+
"assigner": "http://localhost:3000/ruben/profile/card#me",
132+
"assignee": "http://localhost:3000/alice/profile/card#me",
133+
"constraint": [
134+
{
135+
"@type": "Constraint",
136+
"@id": "http://example.org/HCPX-request-permission-purpose/74e44ed2-b425-486a-ab16-4f899131e315",
137+
"leftOperand": "purpose",
138+
"operator": "eq",
139+
"rightOperand": {
140+
"@id": "http://example.org/bariatric-care"
141+
}
141142
},
142-
"operator": "eq",
143-
"rightOperand": {
144-
"@id": "https://w3id.org/dpv/legal/eu/gdpr#A9-2-a"
143+
{
144+
"@type": "Constraint",
145+
"@id": "http://example.org/HCPX-request-permission-purpose/ea563c10-d554-4a24-9ab9-e9e2406b981f",
146+
"leftOperand": {
147+
"@id": "https://w3id.org/oac#LegalBasis"
148+
},
149+
"operator": "eq",
150+
"rightOperand": {
151+
"@id": "https://w3id.org/dpv/legal/eu/gdpr#A9-2-a"
152+
}
145153
}
146-
}
147-
]
148-
},
154+
]
155+
}
156+
],
149157
"claim_token": "eyJhbGciOiJIUzI1NiJ9.eyJodHRwOi8vd3d3LnczLm9yZy9ucy9vZHJsLzIvcHVycG9zZSI6Imh0dHA6Ly9leGFtcGxlLm9yZy9iYXJpYXRyaWMtY2FyZSIsInVybjpzb2xpZGxhYjp1bWE6Y2xhaW1zOnR5cGVzOndlYmlkIjoiaHR0cDovL2xvY2FsaG9zdDozMDAwL2FsaWNlL3Byb2ZpbGUvY2FyZCNtZSIsImh0dHBzOi8vdzNpZC5vcmcvb2FjI0xlZ2FsQmFzaXMiOiJodHRwczovL3czaWQub3JnL2Rwdi9sZWdhbC9ldS9nZHByI0E5LTItYSJ9.nT55jaXNDsHgAo_zcRMsbJqcNj4FVdW_-xjcwNam-1M",
150158
"claim_token_format": "urn:solidlab:uma:claims:formats:jwt",
151159
"grant_type": "urn:ietf:params:oauth:grant-type:uma-ticket",
152-
"ticket": "9b01425b-56c0-48eb-89c0-d55edab13d00"
160+
"ticket": "89f508e3-2d5d-49c5-807a-4526479a09b1"
153161
}
154162

155163
Note: the ODRL Request constraints are not yet evaluated as claims, only the passed claim token is.
@@ -174,28 +182,34 @@ and the accompanying agreement:
174182
{
175183
"@context": "http://www.w3.org/ns/odrl.jsonld",
176184
"@type": "Agreement",
177-
"uid": "urn:uma:pacsoi:agreement:818cfd7f-2815-4a3b-a4b2-8e527b6d1ba6",
185+
"uid": "urn:uma:pacsoi:agreement:848bd5bc-9b88-4a44-a356-47f6b9130548",
178186
"http://purl.org/dc/terms/description": "Agreement for HCP X to read Alice's health data for bariatric care.",
179187
"https://w3id.org/dpv#hasLegalBasis": {
180188
"@id": "https://w3id.org/dpv/legal/eu/gdpr#eu-gdpr:A9-2-a"
181189
},
182-
"permission": {
183-
"@type": "Permission",
184-
"action": "https://w3id.org/oac#read",
185-
"target": "http://localhost:3000/ruben/medical/smartwatch.ttl",
186-
"assigner": "http://localhost:3000/ruben/profile/card#me",
187-
"assignee": "http://localhost:3000/alice/profile/card#me",
188-
"constraint": {
189-
"@type": "Constraint",
190-
"leftOperand": "purpose",
191-
"operator": "eq",
192-
"rightOperand": {
193-
"@id": "http://example.org/bariatric-care"
194-
}
190+
"permission": [
191+
{
192+
"@type": "Permission",
193+
"action": "https://w3id.org/oac#read",
194+
"target": "http://localhost:3000/ruben/medical/smartwatch.ttl",
195+
"assigner": "http://localhost:3000/ruben/profile/card#me",
196+
"assignee": "http://localhost:3000/alice/profile/card#me",
197+
"constraint": [
198+
{
199+
"@type": "Constraint",
200+
"leftOperand": "purpose",
201+
"operator": "eq",
202+
"rightOperand": {
203+
"@id": "http://example.org/bariatric-care"
204+
}
205+
}
206+
]
195207
}
196-
}
208+
]
197209
}
198210

211+
Future work: at a later stage, this agreements will be signed by both parties to form a binding contract.
212+
199213
Now the doctor can retrieve the resource:
200214

201215

0 commit comments

Comments
 (0)