-
-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SPEC: GET /product
What query parameters should be supported?
#80
Comments
Yeah this is a good discussion. So here's how I envision the workflow to look like:
While this might not be an easy 'browseable' way to discover the artifacts, it would be relatively straight to do it programmatically. The key here is that we need to keep it universal. That's why I would suggest that the For instance, the above workflow works equally well with say a |
I think from the consumer side, they have a TEI and just want to reference that to find the product. Having the client understand different TEI types makes it too complex. Basically just treat the stuff after the host name as a string. The type is for syntax checking when needed and helpful. |
The question is really where the TEI originates. In the current API spec it's a server-side generated UUID. In your vision, is the TEI provided by the user when the product is created? |
GET /products
What query parameters should be supported?GET /product
What query parameters should be supported?
Let's be clear: a TEI is the entire URN - So the For the Now, TEI Specification does define |
So IMO, we have 3 options:
|
I honestly missed the document you're referring to @madpah. Good pointer. Having said that, I'm really confused by the SHA256 here. Is this a SHA of a collection object (e.g. a given SBOM)? Other than that, I don't have a strong opinion if we're using |
I would prefer to use path segments instead of
sounds better to me. Edit: Replaced |
I like the idea of a static version. That's a good argument for paths to me. |
Do you see any usage for the TYPE in the API? A single product can have many TEIs both of the same type and different types. I think we should handle them as opaque strings, just identifiers, in the API. |
Remember that a product can have multiple TEIs. The UUID of the product item is an identifier that is used after TEI resolution. Don't mix the UUID tei with the TEI in the product object. It can be the same, but doesn't have to be. The TEI is either created somewhere else and registred in the TEA database or created in the TEA service. I suspect it to be both. If I want to use my own article numbers in my ordering system, those IDs are created in that system. We likely want an API endpoint to manage the TEIs for a given product. |
I edited the comment to prepend the |
It would certainly be possible to allow for the UUID to be provided by the client, as long as there are server-side checks to ensure it's unique. My suggestion would be that the UUID is always generated server-side, and then you can attach metadata to this. For instance, you might want to have both a SKU and barcode, as well as a UUID. This is how the current API draft has been designed: In the real world, I don't think the UUID will be exposed to end users very frequently. You'd probably want to use one of the many other supported, more use friendly ways to identify your product (sku, barcode, purl etc). |
I think you are mixing the UUID for the product index object and the one used in the TEI. Those are two different entities (but can be the same). I don't want to limit a manufacturer to use UUID from another system in the TEI. I still think the way you have added stuff like "barcode" etc is wrong and not extensible. It needs to be simplified. |
See comment above, but in the current implementation, the various TYPEs are implemented as metadata (e.g. you can query with |
I still think that would lead to a massive API that always changes. We have to find another model for the metadata and not have it in the structure like that. Maybe key/value list if you persist in being able to query on PURL or other type values. |
Sure, we can make this user provided as an option -- but it still needs to be enforced to be unique.
Aren't these keys derived from the tei-types anyways and thus are per-defined? |
The UUID generated by the system for the product object needs to be enforced to be unique in the system, like the leaf, collection and other objects. But a single product can have multiple TEIs with different UUIDs. THat's another name space. We should not mix them. If you create a field called "bar code" you are assuming exactly one bar code per product, which I think is wrong. And you have to keep defining new fields for every single type we define. I would like as much as possible to decouple defining TEI Types from the API. From the API point of view it's basically a string, an identifier without any other meaning. If you want to be able to provide a lookup I suggest we create a key-value pair array with a key of "type" and then the "tei" as a value without parsing it further. The query would be |
I just realized, we are talking about two different endpoints here:
|
We have to separate a query for the
|
That's easily rectified by turning it into a dict. I have no to that.
Yes, but isn't that a fairly standard way to do it? Just like CycloneDX, each version of TEA would have a specification that the API version would implement. You'd just have to version the API to align with the TEA standard.
This doesn't really align with modern RESTful API design though and to me is a less clean implementation. We could go down the whole GraphQL route, but that would require a pretty big overhaul. |
How would a query based on type and value look into modern API? There are certainly solutions to query for key/value pairs that would work here too. |
We can't release a new ECMA TEA version for each type that we add. That's not doable. We really need to try to decouple TEI types from API. PURL is struggling with this as well and have decoupled PURL Core from PURL types for the same reason, not having to upgrade PURL core for very new type invented. |
From https://github.com/CycloneDX/transparency-exchange-api/pull/77/files#r1850138397
@madpah:
@vpetersson:
@madpah:
The text was updated successfully, but these errors were encountered: