You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: federated-catalogue/src/docs/architecture/chapters/05_building_block_view.adoc
+14-9Lines changed: 14 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1049,6 +1049,10 @@ Key IRI-based operations:
1049
1049
The `deleteAsset(hash)` and `changeLifeCycleStatus(hash, status)` methods are the deliberate exceptions — both remain hash-based to guarantee unambiguous single-row targeting.
1050
1050
See ADR 7, Hash-Based Mutation Operations Exception. `deleteAsset` publishes an `AssetDeletedEvent` after the row deletion, triggering cascade cleanup of associated validation results and provenance credentials (see <<_validation_result_storage>>).
1051
1051
1052
+
In addition to the hash-based path, the asset store exposes `deleteByAssetId(id)` — an idempotent cascade keyed by the asset IRI. It removes the live row, its human-readable companion, and (via the same `AssetDeletedEvent`) the validation-result and provenance-credential rows attached to the asset. A second call against the same identifier resolves to a no-op so that demo scripts and integration test fixtures can reset state without environment teardown. Cross-participant access is gated on the live row's issuer when present; an unknown identifier always succeeds with `204` and reveals nothing about the catalogue's contents. The underlying audit log of past content revisions is preserved.
1053
+
1054
+
The asset version counter is defined as the number of distinct content hashes observed across the entity's audit history. Saves that change non-content fields (linking a human-readable companion, lifecycle-status transitions, last-modified bookkeeping) reuse an existing hash and therefore do not advance the counter. This matches the SRS rule that linking a sub-resource to an asset must not produce a new asset version.
1055
+
1052
1056
The `IriGenerator` assigns IRIs before storage: it extracts IRIs from RDF content (`credentialSubject.id`, `@id`, ontology/shapes/vocabulary IRIs) or generates UUID URNs (RFC 4122) for non-RDF assets and as fallback. The `IriValidator` checks all assigned IRIs against supported formats (DIDs, UUID URNs, generic URNs, HTTP/HTTPS IRIs) — returning `true`/`false`. Callers decide how to handle invalid IRIs (fallback to UUID URN, or reject the request).
1053
1057
1054
1058
Asset metadata is persisted in the relational metadata store.
@@ -1575,17 +1579,18 @@ Two content-retrieval endpoints serve the linked counterpart from either directi
1575
1579
The linked asset IRI is surfaced in each side's metadata response under fields that identify the counterpart asset.
1576
1580
The OpenAPI specification is authoritative for the exact paths, request bodies, and error contracts.
1577
1581
1578
-
Accepted content types for human-readable representations:
1582
+
Accepted content types for human-readable representations are governed by a configurable two-layer scheme:
* an **allowlist** that admits broad MIME families typically used for human-facing attachments (textual formats, common office and document formats), and
1585
+
* a **denylist** that explicitly rejects scripting and active-content subtypes — `image/svg+xml`, JavaScript/ECMAScript/VBScript flavours, and similar — even when they would otherwise match the family allowlist.
1588
1586
1587
+
The same scheme is enforced for both `POST /assets/{mrId}/human-readable` and
1588
+
`PUT /assets/{mrId}/human-readable`.
1589
+
Validation is strict against the configured `Content-Type`
1590
+
header; unsupported or denylisted types are rejected with `400 Bad Request`.
1591
+
A missing
1592
+
`Content-Type` is treated as `application/octet-stream`, which is not accepted by default.
1593
+
The current default allowlist, denylist and the configuration keys that override them are documented in the OpenAPI specification.
1589
1594
The allowlist is operator-configurable and is enforced for both the create and replace operations on the human-readable link endpoint.
1590
1595
1591
1596
* PDF and DOCX cover the main document formats typically exchanged as human-facing attachments.
Copy file name to clipboardExpand all lines: federated-catalogue/src/docs/architecture/chapters/06_runtime_view.adoc
+11-3Lines changed: 11 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -788,11 +788,16 @@ sequenceDiagram
788
788
789
789
==== Attaching a Provenance Credential
790
790
791
-
Stores a W3C VC 2.0 JSON-LD or VC-JWT provenance credential against a specific asset version. The optional `?version=X` query parameter targets a historical version (1-based ordinal); omitting it targets the current version. The write does **not** produce a new Envers revision on the asset.
791
+
Stores a W3C VC 2.0 JSON-LD or VC-JWT provenance credential against a specific asset version. The optional `?version=X` query parameter targets a historical version (1-based ordinal); omitting it targets the current version. Attaching a provenance credential does **not** advance the asset's version counter — the counter reflects distinct content hashes, not metadata or sub-resource events.
792
792
793
-
`credentialSubject.id` in the VC must equal `{assetId}:v{N}` — any mismatch returns 400. VC 1.1 payloads and payloads using the CAT-internal namespace are also rejected with 400. A duplicate `credentialId` (VC `id` field) returns 409.
793
+
Two W3C-PROV-O credential shapes are accepted:
794
794
795
-
When a graph store is active, the corresponding PROV-O triple is written under the versioned asset IRI `{assetId}:v{N}` as a side-effect.
795
+
* **Entity-centric** — `credentialSubject.id` is the versioned asset IRI itself, and PROV-O predicates describe the asset as the subject (e.g. `prov:wasGeneratedBy`, `prov:wasDerivedFrom`).
796
+
* **Activity-centric** — `credentialSubject.id` is the activity's own IRI, and at least one PROV-O predicate (typically `prov:generated` or `prov:used`) points back at the versioned asset so the activity is reachable from it.
797
+
798
+
Each shape is projected to the graph under the IRI of its own `credentialSubject`.
799
+
The list of recognised PROV-O predicates and their accepted forms (compact or expanded) is documented in the OpenAPI specification.
800
+
VC 1.1 payloads and payloads using the CAT-internal namespace are rejected with 400; a duplicate `credentialId` (VC `id` field) returns 409.
796
801
797
802
[mermaid, width=2000]
798
803
....
@@ -1154,6 +1159,9 @@ When the graph store is disabled, queries are rejected with a "service unavailab
1154
1159
Only read queries are allowed.
1155
1160
Write queries (e.g., `CREATE`/`DELETE` in openCypher, `INSERT`/`DELETE` in SPARQL) are rejected.
1156
1161
1162
+
For SPARQL queries the response format is content-negotiated via the `Accept` header: the catalogue's own paginated envelope (`application/json`) remains the default, and the W3C SPARQL 1.1 Results JSON format (`application/sparql-results+json`) is offered as an alternative for SPARQL-tooling compatibility.
1163
+
Backends that cannot produce the standard format respond with HTTP 406 to the alternative request.
0 commit comments