update branch (#231)

* ci: fix typo for file check workflow (#215)

* ci: fix typo

* ci: remove duplicated workflow trigger

* Update context.json (#216)

* replace odrl:offer/odrl:agreement with dspace:offer/dspace:agreement (#221)

* extend explanation on dspace-trust child resources (#222)

* Replace providerId/consumerId with odrl:assigner / odrl:assignee (#213)

* replace providerId/consumerId with odrl:assigner / odrl:assignee

* replace providerId/consumerId in contract.negotiation.protocol

* fix the ToC in contract.negotiation.binding.https

* Update model documents (#229)

* Add pagination and filter changes (#228)

* Add pagination and filter changes

* Change continuation tokens

* Adds auth description to common bindings document (#227)

* Add description

* Remove auth sections

* Remove auth sections from catalog

* Remove subchapter on Versioning (#225)

* remove subchapter on versioning from the https binding

* fix table of content

* Cleanup `EndpointProperty` inconsistencies and specify `authType` (#218)

* Specify auth type property; clarify authorization property and make case consistent; remove incorrect bearer prefix; remove non-normative S3 reference

* Add descriptions

* Remove S3 reference

* Remove S3 reference

* Revert releases folder change

* Emphazising that the spec does not cover the data transfer (#230)

* Highlighting the text by formatting
* Adding further explanation

---------

Co-authored-by: Julia Pampus <[email protected]>
Co-authored-by: Maarten Kollenstart <[email protected]>
Co-authored-by: sebbader-sap <[email protected]>
Co-authored-by: Jim Marino <[email protected]>

.github/workflows/prevent-file-changes.yml

@@ -2,13 +2,12 @@ name: Prevent Changes to Release Files
 
 on:
   pull_request:
-    types: [ opened ]
-  pull_request_target:
-    types: [ opened ]
+    branches: [ main ]
+    types: [opened, edited, synchronize, reopened, labeled, unlabeled]
 
 jobs:
   check:
-    runs-on: ubunut-latest
+    runs-on: ubuntu-latest
     steps:
       - name: Prevent file change
         uses: xalvarez/prevent-file-change-action@v1

README.md

@@ -39,10 +39,13 @@ The specifications are organized into the following documents:
 * [__*Transfer Process Protocol*__](./transfer/transfer.process.protocol.md) and [__*Transfer Process HTTPS Binding*__](./transfer/transfer.process.binding.https.md) documents that define how [Transfer Processes](./model/terminology.md#transfer-process) using a given data transfer protocol are governed via HTTPS
   endpoints.
 
-This specification does not cover the data transfer process as such.
-While the data transfer is controlled by the __*Transfer Process Protocol*__ mentioned above, e.g. the initation of the transfer channels or their decomissioning, the data transfer itself and especially the handling of technical exceptions is an obligation to the Transport Protocol.
-As an implication, the data transfer can be conducted in a separated process if required, as long as this process is to the specified extend controlled by the __*Transfer Process Protocol*__.
-
+> **This specification does not cover the data transfer process as such.**
+>
+> While the data transfer is controlled by the __*Transfer Process Protocol*__ mentioned above, e.g. the initation of the transfer channels or their decomissioning, the data transfer itself and especially the handling of technical exceptions is an obligation to the Transport Protocol.
+>
+> As an implication, the data transfer can be conducted in a separated process if required, as long as this process is to the specified extend controlled by the __*Transfer Process Protocol*__.
+>
+> Nevertheless, illustrative message examples are provided in the [__*Transfer Process Protocol section*__](./transfer/transfer.process.protocol.md#2-message-types). The best practices section may contain further non-normative examples and explanations.
 
 ### Context of this specification
 

catalog/catalog.binding.https.md

@@ -5,14 +5,12 @@ This specification defines a RESTful API over HTTPS for the [Catalog Protocol](.
 * [1 Introduction](#1-introduction)
   * [1.1 Prerequisites](#11-prerequisites)
   * [1.2 Catalog Error](#12-catalog-error)
-  * [1.3 Authorization](#13-authorization)
 * [2 Path Bindings](#2-path-bindings)
   * [2.1 The `catalog/request` Endpoint (Provider-side)](#21-the-catalogrequest-endpoint--provider-side-)
   * [2.2 The `catalog/datasets/:id` Endpoint (Provider-side)](#22-the-catalogdatasetsid-endpoint--provider-side-)
 * [3 Technical Considerations](#3-technical-considerations)
-  * [3.1 Versioning](#31-versioning)
-  * [3.2 Pagination](#32-pagination)
-  * [3.3 Compression](#33-compression)
+  * [3.1 Pagination](#31-pagination)
+  * [3.2 Compression](#32-compression)
 * [4 The Well-Known Proof Metadata Endpoint](#4-the-well-known-proof-metadata-endpoint)
 
 ## 1 Introduction
@@ -27,10 +25,6 @@ This specification defines a RESTful API over HTTPS for the [Catalog Protocol](.
 
 In the event of a request error, the [Catalog Service](../model/terminology.md#catalog-service) must return an appropriate HTTP code and a [Catalog Error](./catalog.protocol.md#33-error---catalog-error) in the response body.
 
-### 1.3 Authorization
-
-A [Catalog Service](../model/terminology.md#catalog-service) may require authorization. If the [Catalog Service](../model/terminology.md#catalog-service) requires authorization, requests must include an HTTP `Authorization` header with a token. The semantics of such tokens are not part of this specification.
-
 ## 2 Path Bindings
 
 | Endpoint                                  | Method | Description                |
@@ -60,7 +54,7 @@ Authorization: ...
 
 - The `Authorization` header is optional if the [Catalog Service](../model/terminology.md#catalog-service) does not require authorization. If present, the contents of the `Authorization` header are detailed in the [Authorization section](#13-authorization).
 
-- The `filter` property is optional. If present, the `filter` property can contain an implementation-specific filter expression or query to be executed as part of the [Catalog](../model/terminology.md#catalog) request.
+- The `filter` property is optional. If present, the `filter` property can contain an implementation-specific filter expression or query to be executed as part of the [Catalog](../model/terminology.md#catalog) request. If a filter expression is not supported by an implementation, it must return a HTTP 400 (Bad Request) response.
 
 ##### Response
 
@@ -94,16 +88,15 @@ If the request is successful, the [Catalog Service](../model/terminology.md#cata
 
 ## 3 Technical Considerations
 
-### 3.1 Versioning
+### 3.1 Pagination
 
-- Versioning will be done via URLs. TBD.
+A [Catalog Service](../model/terminology.md#catalog-service) may paginate the results of a [Catalog Request Message](./catalog.protocol.md#21-catalog-request-message). Pagination data must be specified using [Web Linking](https://datatracker.ietf.org/doc/html/rfc5988) and the HTTP `Link` header. The `Link` header will contain URLs for navigating to previous and subsequent results. Only the `next` and `previous` link relation types must be supported. 
+Note that the content and structure of the link query parameters is not defined by the current specification. 
 
-### 3.2 Pagination
-
-A [Catalog Service](../model/terminology.md#catalog-service) may paginate the results of a [Catalog Request Message](./catalog.protocol.md#21-catalog-request-message). Pagination data is specified using [Web Linking](https://datatracker.ietf.org/doc/html/rfc5988) and the HTTP `Link` header. The `Link` header will contain URLs for navigating to previous and subsequent results. The following request sequence demonstrates pagination:
+The following request sequence demonstrates pagination:
 
 ```http request
-Link: <https://provider.com/catalog?page=2&per_page=100>; rel="next"
+Link: <https://provider.com/catalog?continuationToken=f59892315ac44de8ab4bdc9014502d52>; rel="next"
 
 {
   "@context":  "https://w3id.org/dspace/v0.8/context.json",
@@ -115,8 +108,8 @@ Link: <https://provider.com/catalog?page=2&per_page=100>; rel="next"
 Second page response:
 
 ```http request
-Link: <https://provider.com/catalog?page=1&per_page=100>; rel="previous"
-Link: <https://provider.com/catalog?page=3&per_page=100>; rel="next"
+Link: <https://provider.com/catalog?continuationToken=a59779015bn44de8ab4bfc9014502d53>; rel="previous"
+Link: <https://provider.com/catalog?continuationToken=f59892315ac44de8ab4bdc9014502d52>; rel="next"
 
 {
    "@type": "dcat:Catalog",
@@ -127,18 +120,19 @@ Link: <https://provider.com/catalog?page=3&per_page=100>; rel="next"
 Last page response:
 
 ```http request
-Link: <https://provider.com/catalog?page=2&per_page=100>; rel="previous"
+Link: <https://provider.com/catalog?continuationToken=bn9556075bn44de8ab4bfc9014582t76>; rel="previous"
 
 {
    "@type": "dcat:Catalog",
    ...
 }
 ```
 
-### 3.3 Compression
+### 3.2 Compression
 
 [Catalog Services](../model/terminology.md#catalog-service) MAY compress responses to a [Catalog Request](./catalog.protocol.md#21-catalog-request-message) by setting the `Content-Encoding` header to `gzip` as described in the [HTTP 1.1 Specification](https://www.rfc-editor.org/rfc/rfc9110.html#name-gzip-coding).
 
+
 ## 4 The Well-Known Proof Metadata Endpoint
 
 When an implementation supports protected [Datasets](../model/terminology.md#dataset), it may offer a proof metadata endpoint clients can use to determine proof requirements. If the implementation offers a proof data endpoint, it must use the `dspace-trust` [Well-Known Uniform Resource Identifier](https://www.rfc-editor.org/rfc/rfc8615.html) at the top of the  path hierarchy:
@@ -149,4 +143,4 @@ When an implementation supports protected [Datasets](../model/terminology.md#dat
 
 The contents of the response is a JSON object defined by individual trust specifications and not defined here.
 
-Note that if multiple [Connectors](../model/terminology.md#connector--data-service-) are hosted under the same base URL, a path segment appended to the base well-known URL can be used, for example, `https://example.com/.well-known/dspace-trust/connector1.`
+Note that if multiple [Connectors](../model/terminology.md#connector--data-service-) are hosted under the same base URL, an arbitrary path segment appended to the base well-known URL can be used, for example, `https://example.com/.well-known/dspace-trust/connector1.` In this case, the document retrievable at the `dspace-trust` path segment must contain all the child paths.

catalog/catalog.protocol.md

@@ -101,7 +101,7 @@ All messages must be serialized in JSON-LD compact form as specified in the [JSO
 
 The Catalog Request Message is message sent by a [Consumer](../model/terminology.md#consumer) to a [Catalog Service](../model/terminology.md#catalog-service). The [Catalog Service](../model/terminology.md#catalog-service) must respond with a [Catalog](#31-ack---catalog), which is a valid instance of a [DCAT Catalog](https://www.w3.org/TR/vocab-dcat-3/#Class:Catalog).
 
-- The message may have a `filter` property which contains an implementation-specific query or filter expression type supported by the [Catalog Service](../model/terminology.md#catalog-service).
+- The message may have a `filter` property which contains an implementation-specific query or filter expression type supported by the [Catalog Service](../model/terminology.md#catalog-service). 
 
 - The [Catalog Service](../model/terminology.md#catalog-service) may require an authorization token. Details for including that token can be found in the protocol binding, e.g., [Catalog HTTPS Binding](./catalog.binding.https.md). Similarly, pagination may be defined in the protocol binding.
 
@@ -184,4 +184,4 @@ When a [Catalog](../model/terminology.md#catalog) contains protected [Datasets](
 
 ### 4.4 Catalog Brokers
 
-A [Dataspace](../model/terminology.md#dataspace) may include Catalog Brokers. A Catalog Broker is a [Consumer](../model/terminology.md#consumer) that has trusted access to 1..N upstream [Catalog Services](../model/terminology.md#catalog-service) and advertises their respective [Catalogs](../model/terminology.md#catalog) as a single [Catalog Service](../model/terminology.md#catalog-service). The broker is expected to honor upstream access control requirements.
+A [Dataspace](../model/terminology.md#dataspace) may include Catalog Brokers. A Catalog Broker is a [Consumer](../model/terminology.md#consumer) that has trusted access to 1..N upstream [Catalog Services](../model/terminology.md#catalog-service) and advertises their respective [Catalogs](../model/terminology.md#catalog) as a single [Catalog Service](../model/terminology.md#catalog-service). The broker is expected to honor upstream access control requirements.

common/common.binding.https.md

@@ -10,4 +10,8 @@ Each implementation must provide the version metadata endpoint, which must use t
 
 The contents of the response is a JSON object defined in the [Dataspace Protocol](./common.protocol.md#1-exposure-of-dataspace-protocol-versions).
 
-Note that if multiple [Connectors](../model/terminology.md#connector--data-service-) are hosted under the same base URL, a path segment appended to the base well-known URL can be used, for example, `https://example.com/.well-known/dspace-version/connector1.`
+Note that if multiple [Connectors](../model/terminology.md#connector--data-service-) are hosted under the same base URL, a path segment appended to the base well-known URL can be used, for example, `https://example.com/.well-known/dspace-version/connector1.`
+
+## 2 Authorization
+
+All requests to HTTPS endpoints should use the `Authorization` header to include an authorization token. The semantics of such tokens are not part of these specifications. The `Authorization` HTTP header is optional if the [Connector](../model/terminology.md#connector--data-service-) does not require authorization.

common/schema/context.json

@@ -17,39 +17,43 @@
     "dct:modified": { "@type": "xsd:dateTime" },
 
     "dcat:byteSize": { "@type": "xsd:decimal" },
+    "dcat:distribution": { "@container": "@set" },
     "dcat:theme": { "@type": "@id" },
     "dcat:conformsTo": { "@type": "@id" },
     "dcat:dataset": { "@container": "@set" },
     "dcat:endpointURL": { "@type": "xsd:anyURI" },
     "dcat:endpointDescription": { "@type": "xsd:anyURI" },
     "dcat:keyword": { "@container": "@set" },
+    "dcat:servesDataset": {"@container": "@set" },
     "dcat:service": { "@container": "@set" },
     "dcat:accessService": { "@container": "@set" },
 
     "dspace:agreementId": { "@type": "@id" },
     "dspace:dataset": { "@type": "@id" },
     "dspace:transportType": { "@type": "@id" },
     "dspace:state": { "@type": "@id" },
-    "dspace:providerId": { "@type": "@id" },
-    "dspace:consumerId": { "@type": "@id" },
     "dspace:reason": { "@container": "@set" },
     "dspace:catalog": { "@container": "@set" },
     "dspace:filter": { "@container": "@set" },
     "dspace:timestamp": { "@type": "xsd:dateTime" },
     "dspace:callbackAddress": { "@type": "xsd:anyURI" },
+    "dspace:endpointProperties": { "@container": "@set" },
 
     "foaf:homepage": { "@type": "xsd:anyURI" },
 
     "odrl:hasPolicy": { "@container": "@set" },
     "odrl:permission": { "@container": "@set" },
     "odrl:prohibition": { "@container": "@set" },
+    "odrl:obligation": { "@container": "@set" },
     "odrl:duty": { "@container": "@set" },
     "odrl:constraint": { "@container": "@set" },
     "odrl:action": { "@type": "@id" },
     "odrl:target": { "@type": "@id" },
     "odrl:leftOperand": { "@type": "@id" },
     "odrl:operator": { "@type": "@id" },
     "odrl:rightOperandReference": { "@type": "@id" },
-    "odrl:profile": { "@type": "@id" }
+    "odrl:profile": { "@container": "@set" }
+    "odrl:assigner": { "@type": "@id" },
+    "odrl:assignee": { "@type": "@id" }
   }
-}
+}

common/shape/odrl-shapes.ttl

@@ -60,20 +60,20 @@ dspace_shapes:AgreementShape
 	] ;
     sh:property [
 		a sh:PropertyShape ;
-        sh:path dspace:providerId ;
+        sh:path odrl:assigner ;
         sh:nodeKind sh:IRI ;
 		sh:maxCount 1 ;
 		sh:minCount 1 ;
 		sh:severity sh:Violation ;
-		sh:message "<https://raw.githubusercontent.com/International-Data-Spaces-Association/ids-specification/master/schemas/odrl-shape.ttl> (AgreementShape): An dspace:providerId property must point to exactly one Provider Node."@en ;
+		sh:message "<https://raw.githubusercontent.com/International-Data-Spaces-Association/ids-specification/master/schemas/odrl-shape.ttl> (AgreementShape): An odrl:assigner property must point to exactly one Provider Node."@en ;
 	] ;
     sh:property [
 		a sh:PropertyShape ;
-        sh:path dspace:consumerId ;
+        sh:path odrl:assignee ;
         sh:nodeKind sh:IRI ;
 		sh:maxCount 1 ;
 		sh:minCount 1 ;
 		sh:severity sh:Violation ;
-		sh:message "<https://raw.githubusercontent.com/International-Data-Spaces-Association/ids-specification/master/schemas/odrl-shape.ttl> (AgreementShape): An dspace:consumerId property must point to exactly one Consumer Node."@en ;
+		sh:message "<https://raw.githubusercontent.com/International-Data-Spaces-Association/ids-specification/master/schemas/odrl-shape.ttl> (AgreementShape): An odrl:assignee property must point to exactly one Consumer Node."@en ;
 	] ;
 .

model/m.dataspace.relationships.puml

@@ -9,8 +9,8 @@ agent ParticipantAgent
 agent CI as "Credential\nIssuer"
 agent IDP as "Identity\nProvider"
 agent Dataspace
-agent DataspaceAuthority as "Dataspace\nAuthority"
-agent Registry as "Dataspace\nRegistry"
+agent DataspaceAuthority as "Dataspace\nAuthority" #FAFAFA
+agent Registry as "Dataspace\nRegistry" #FAFAFA
 
 DataspaceAuthority -down-> Dataspace  : manages