Skip to content
This repository has been archived by the owner on Jul 12, 2023. It is now read-only.

Add additional language to server requirement document #522

Merged
merged 1 commit into from
Jun 2, 2020
Merged

Add additional language to server requirement document #522

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 13 additions & 4 deletions docs/server_functional_requirements.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,8 @@ users to mobile devices.

When a user reports a diagnosis, it is reported using the publish API server.
In the reference server implementation, the data is encoded in JSON and sent
over HTTPS, however you can use any encoding and protocol.
over HTTPS, however you can use any encoding and protocol. None of the data
stored in the database is personally identifiable information (PII).

A given mobile application and server pair could agree upon additional
information to be shared. The information described in this section is the
Expand Down Expand Up @@ -81,7 +82,9 @@ Minimum required fields, followed by a JSON example:
* Description: 2 letter country to identify the region(s) a key is valid for.
* `appPackageName` (**REQUIRED**)
* Type: string
* Description: name of the application bundle that sent the request.
* Description: Name of the application being used to send the request. This
is used to determine what app is uploading keys and if it is an allowed
region for that app.
* `platform` (**DEPRECATED**)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let's drop the deprecated fields from the doc.

* Type: string
* Description: Mobile device platform this request originated from.
Expand All @@ -91,7 +94,8 @@ Minimum required fields, followed by a JSON example:
`verificationPayload`, which comes from a verification authority.
* `verificationPayload`
* Type: String
* Description: some signature / code confirming authorization by the verification authority.
* Description: verificationPayload is a signed certificate from a public
health authority, indicating a confirmed diagnosis
* `padding`
* Type: String
* Constraints:
Expand Down Expand Up @@ -119,7 +123,7 @@ The following snippet is an example POST request payload in JSON format.
* Required: A whitelist check for `appPackageName` and the regions in
which the app is allowed to report on.

* Recommended: The `transaction_id` in the payload should be the SHA256 hash of
* Recommended: The `transaction_id` in the payload should be the SHA 256 hash of
the concatenation of:

* `appPackageName`
Expand All @@ -136,6 +140,11 @@ analysis.

* Appropriate denial of service protection should be put in place.

* Recommended: Our overall security and privacy recommendation is to, from
the mobile application, periodically send chaff requests to the sever so that
ALL users appear to be reporting themselves as infected multiple times per
day.

### Batch creation and publishing

You should schedule a script that generates files for download over the HTTPS
Expand Down