Verified Attributes
A personal data store can store and apply different levels of attribute assurances and verification underpinned by cryptographic techniques to provide an audit trail of activity. The different levels of attribute assurance and verification are as follows:-
| Data Connection Type | Attribute Assurance and Verification Action |
|---|---|
| Self asserted data provided directly by individuals through their own PDS front end | The time and date stamp of such entries and updates are recorded via an audit trail. |
| Data that is being captured via their Mydex browser extension i.e bookmarks, web snippets, browsing history | Time and date stamps and metadata for each of these transactional records is automatically generated. |
| Data collected from an existing third party service where they have an account that offers API based access e.g. social media services | The data is appended to their PDS and time and date stamped at point of addition. |
| Attributes delivered from Subscriber organisations and services within the Mydex Trust framework over secure connections | In most cases their attributes are transactional or state records written to the PDS by the attribute provider organisation and are time and date stamped and cannot be modified by the individual but may be accessed by the other connected Subscriber organisations subject to the consent of the individual concerned. These types of attributes are described as verified attributes or assured attributes and can be used to provide access to other services e.g. proof of identity, age, entitlement, status etc. These attributes can be updated automatically by the attribute provider or revoke them if they cease to be valid. The relying parties of an attribute can check that it is being maintained, understand the last time it was updated and inspect the certificate of authenticity and validate it for themselves. |
Verified attributes in the PDS
The following verified attribute actions occur only if the data comes from a trusted connection:-
- When data is added to the pds, a new certificate is created.
- When data is removed from the pds, the current certificate is invalidated.
- If data is updated in the pds:
- A new certificate is created for the new data.
- For non-transactional data, the certificate for the fields being overwritten is invalidated.
- For transactional data, if it is new data then there is no need to invalidate the other certificates.
- If updating an entry then the previous certificates for all fields for this entry id are invalidated.
These certificates can be queried using the below API requests.
Making an API request for Available Certificates
This returns an array of all available certificates within the pds.
Example API Request to the Sandbox Server
http://sbx-api.mydex.org/api/certificates/available ?uid=UID &key=KEY &api_key=API_KEY &con_id=CON_ID &source_type=connection
Replace the following with your own details: UID, KEY, API_KEY and CON_ID.
Example Response
{"result"
"22":{
"id":"22",
"instance":"0",
"source":"1111-2222",
"dataset":"ds_browsing_history",
"field":"browsing_history_url",
"ref_id":"1",
"version":"0"
"created":"1542976187"
},
"23":{
"id":"23",
"instance":"0",
"source":"1111-2222",
"dataset":"ds_browsing_history",
"field":"browsing_history_title",
"ref_id":"1",
"version":"0"
"created":"1542976187"
}
}
Making an API request for Verified Certificates
This returns verification of the certificate for the dataset and field selected.
Example API Request
curl
-X POST
-H 'Content-Type: application/json'
-d '{"FIELD_NAME":”VALUE”}'
'https://sbx-api.mydex.org/api/certificates/verify
?uid=UID
&key=KEY
&api_key=API_KEY
&con_id=CON_ID
&source_type=connection
&dataset=DATASET
&instance=0'
Replace the following with your own details: UID, KEY, API_KEY, CON_ID and FIELD NAME and corresponding VALUE of the required certficate.
Example Response
{“certificate valid”:”1”}
An unsuccessful request will return an error message explaining the problem.
Making an API request for Validated Certificates
This returns an array of validated certificates for the dataset and fields selected.
Example API Request
curl
-X POST
-H 'Content-Type: application/json’
-d '{
"FIELD_NAME":”VALUE”,
”FIELD_NAME”:”VALUE”
}'
'https://sbx-api.mydex.org/api/certificates/validate
?uid=UID
&key=KEY
&api_key=API_KEY
&con_id=CON_ID
&source_type=connection
&dataset=DATASET
&instance=0'
Replace the following with your own details: UID, KEY, API_KEY, CON_ID and FIELD NAME and corresponding VALUE of the required certficates.
Example Response
{
“ba_transaction_date”:”TRUE”,
”ba_transaction_type”:”TRUE”
}
An unsuccessful request will return an error message explaining the problem.