Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access to increased privileged data: 2 approaches #87

Open
nasajoey opened this issue Jul 22, 2018 · 4 comments
Open

Access to increased privileged data: 2 approaches #87

nasajoey opened this issue Jul 22, 2018 · 4 comments
Assignees
@nasajoey
Labels
help wanted question TCL4 Issues to be addressed in update to API to support TCL4 testing. USS-API Track issues against the USS-API

Comments

@nasajoey
Copy link
Member

Some operational data have elements that are only accessible to those with increased privileges. There are at least two ways we can make this work.

  1. Based on the scope presented to existing endpoints, the USS providing data ensures the correct data elements in the model are in the response. This increases complexity of request handling, but keeps the number of endpoints at their current level.
  2. Have a parallel set of endpoints for enhanced requests. Makes each valid request receive the same data model and elements in response. This is at the cost of maintaining additional endpoints.

Would like to open conversation on this design choice. This is a brief description of the issue, happy to follow up with answers to any questions.
@nasajoey nasajoey added help wanted question USS-API Track issues against the USS-API TCL4 Issues to be addressed in update to API to support TCL4 testing. labels Jul 22, 2018
@nasajoey nasajoey self-assigned this Jul 22, 2018
@boguwei
Copy link

boguwei commented Jul 23, 2018

Some operational data have elements that are only accessible to those with increased privileges.

Can you provide an example of this?

@nasajoey
Copy link
Member Author

Sure.

In the current Position model hdop_gps isn't something that the PUBLIC would need to know, but may be helpful in some SAFETY related queries. Hence that data element is tagged with x-utm-data-accessibility: SAFETY

@boguwei
Copy link

boguwei commented Jul 23, 2018

Ah, thanks for the example.

Uber's preference is option 2. discussed so far, it seems the cost of maintaining additional endpoints is lower than the added complexity of filtering one set of endpoints on privilege.

@OrangeBean
Copy link

To add on @boguwei point: maintaining separate endpoints will allow mutate public and private models independently which might be required in the future.

@nasajoey nasajoey mentioned this issue Sep 27, 2018
Open
nasajoey added a commit that referenced this issue Nov 12, 2018
@nasajoey
#138. Adding initial draft for /enhanced/operations/{gufi}
74ba43e 
Will start discussion against this concrete implementation of the API.  Expect that feedback may aid in refining.  Targeting Sprint 4.

Note that this approach was suggested in #87 .  The thinking is that it is easier to have a separate endpoint than to have rules for models excessively dependent upon the access_token and data model.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nasajoey nasajoey

Labels
help wanted question TCL4 Issues to be addressed in update to API to support TCL4 testing. USS-API Track issues against the USS-API
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@OrangeBean @boguwei @nasajoey