Summary
Add client API support for endorsement and reference value distribution.
Details
Veraison is being expanded to support an endorsement distribution API alongside the existing endorsement provisioning and verification (challenge-response) APIs. At time of writing, this API is being developed in a coserv feature branch of Veraison services and is not mainline. Initially, it would make sense to create a corresponding coserv branch of this repo and put the client code there.
At time of writing, formal specs for the endorsement distribution API are still in development, but they are based on the CoSERV query language, which is defined in this IETF internet draft. A simple HTTP request-response API will be added to this specification, and this is the API that the Veraison service will expose.
There is a dependency on this issue in the corim-rs crate, which will provide the type-safe data model. The client API should use these types.
The API itself just consists of a single HTTP method as follows:
GET https://<veraison-host>:<veraison-port>/endorsement-distribution/v1/coserv/<base64url-encoded-CBOR-CoSERV-query>
On success, this returns an HTTP status code of 200, and the body contains the CBOR byte string of the result set.
The API client code needs to wrap this operation, performing the serialize/de-serialize steps.
Summary
Add client API support for endorsement and reference value distribution.
Details
Veraison is being expanded to support an endorsement distribution API alongside the existing endorsement provisioning and verification (challenge-response) APIs. At time of writing, this API is being developed in a coserv feature branch of Veraison services and is not mainline. Initially, it would make sense to create a corresponding
coservbranch of this repo and put the client code there.At time of writing, formal specs for the endorsement distribution API are still in development, but they are based on the CoSERV query language, which is defined in this IETF internet draft. A simple HTTP request-response API will be added to this specification, and this is the API that the Veraison service will expose.
There is a dependency on this issue in the
corim-rscrate, which will provide the type-safe data model. The client API should use these types.The API itself just consists of a single HTTP method as follows:
GET https://<veraison-host>:<veraison-port>/endorsement-distribution/v1/coserv/<base64url-encoded-CBOR-CoSERV-query>On success, this returns an HTTP status code of 200, and the body contains the CBOR byte string of the result set.
The API client code needs to wrap this operation, performing the serialize/de-serialize steps.