Enhancement [CAT-FR-CO-05] On-Demand Asset Validation#38
Open
peleskek wants to merge 6 commits into
Open
Conversation
…itecture guide - Added Validation Result Storage to the building block view summary. - Detailed the PostgreSQL schema (`VALIDATION_RESULT` table) and data model for persisting on-demand credential validation outcomes. - Documented the REST API endpoints for retrieval and the graph re-projection mechanism for `FAILED` records during graph rebuilts.
* docs(CAT-FR-LM-04): document validation result lifecycle in schema validation service Add result storage and lifecycle rules (OutdatedReason enum, OUTDATED marking on update/revoke, cascade delete on asset delete). * feat(CAT-FR-LM-04): cleanup * feat(CAT-FR-LM-04): resolve comment --------- Co-authored-by: saackef <fabian.saacke@msg.group>
* [CAT-FR-CO-05] on demand validation docs
- Add On-Demand Asset Validation Service section: AssetValidationService,
ValidationStrategy pattern (ShaclValidationStrategy, JsonSchemaValidationStrategy,
XmlSchemaValidationStrategy), ShaclValidationExecutor shared engine,
multi-asset cardinality rules, max-assets-per-request and timeout config
- Document asset deletion cascade: AssetDeletedEvent -> ValidationResultCleanupListener
-> ValidationResultStore.deleteByAssetId (BEFORE_COMMIT atomicity)
- validator_type column lists SHACL, JSON_SCHEMA, XML_SCHEMA, TRUST_FRAMEWORK
- On-demand validation endpoint is POST /assets/validate
- ValidationResultStore class diagram includes findAll, syncToGraph, deleteByAssetId
- SchemaValidationService is scoped to the upload/revalidation path
- Admin table reflects JSON Schema and XML Schema wiring through AssetValidationService
- Component table refers to "asset validation"
- Verify Credential procedure (chapter 6): on-demand validation routes through
AssetValidationService (SHACL/JSON/XML); SchemaValidationService remains the
upload-flow path, gated by federated-catalogue.verification.schema
- Delete Participant sequence (chapter 6): note the AssetDeletedEvent cascade that
cleans up validation results before commit
- Input Parsing Security cross-cutting concept (chapter 8): XXE hardening
(FEATURE_SECURE_PROCESSING + empty external DTD/schema access), SSRF protection
via JSON $ref scheme allowlist, and SPARQL injection prevention via requireSafeIri
* [CAT-FR-CO-05] remove requirement ids
peleskek
changed the title
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
📦 [CAT-FR-CO-05] On-Demand Asset Validation — Architecture Documentation
🚀 Summary
Requirement: CAT-FR-CO-05 — On-Demand Asset Validation
This change is part of the Enhancement of XFSC Federated Catalogue. Details can be found here (permalink):
https://github.com/eclipse-xfsc/docs/blob/f3c6e6b6fbcc87732a1dfe83f060fa58a9a97873/federated-catalogue/src/docs/CAT%20Enhancement/CAT_Enhancement_Specifications%20v1.0.pdf
Documents the on-demand asset validation feature in the arc42 architecture — building block view, runtime view, and cross-cutting concepts.
✅ What's in this PR
Modified files:
05_building_block_view.adocOn-Demand Asset Validation Servicesection:AssetValidationServiceinterface andits
ValidationStrategySPI with three implementations (ShaclValidationStrategy,JsonSchemaValidationStrategy,XmlSchemaValidationStrategy);ShaclValidationExecutoras the shared SHACL engine (used by both upload verification and on-demand paths) with
configurable timeout (
federated-catalogue.validation.shacl.timeout-seconds, default 10 s)and pool size; single-asset vs multi-asset dispatch rules (multi-asset restricted to SHACL,
max
federated-catalogue.validation.max-assets-per-requestassets, default 20);POST /assets/validateendpoint reference (CAT-FR-CO-05)AssetStoreImplpublishesAssetDeletedEventon deletion;ValidationResultCleanupListenerdeletes all associated validation results atomically atBEFORE_COMMITviaValidationResultStore.deleteByAssetId()ValidationResultStoreclass diagram to reflect the full interface:findAll,syncToGraph,deleteByAssetIdvalidator_typevalues:SHACL,JSON_SCHEMA,XML_SCHEMA,TRUST_FRAMEWORKSchemaValidationServicescope: SHACL validation for the upload verificationand revalidation paths; cross-reference to the new on-demand section
AssetValidationService; OWL module toggle remains unwired06_runtime_view.adocAssetValidationService(SHACL, JSON Schema, XML Schema); upload-flowSchemaValidationServiceis gated by
federated-catalogue.verification.schemaand sharesShaclValidationExecutorwith the on-demand path
Note over AssetStorecaptures theAssetDeletedEventcascade that cleans up validation results before commit, with cross-reference to
_validation_result_storage08_concepts.adocInput Parsing Securitycross-cutting concept: XXE hardening(
FEATURE_SECURE_PROCESSING+ emptyACCESS_EXTERNAL_DTD/ACCESS_EXTERNAL_SCHEMA) inXmlSchemaValidationStrategyand XML parsers; SSRF protection via JSON$refschemeallowlist in
JsonSchemaValidationStrategy; SPARQL injection prevention viarequireSafeIriinSparqlGraphStore. Policy: every new validator or store acceptinguser-supplied content adopts the same posture and ships a security-path test
🔍 Related Issues
Related to PR federated-catalogue — CAT-FR-CO-05 On-Demand Asset Validation https://github.com/eclipse-xfsc/federated-catalogue/pull/43
Implements documentation for CAT-FR-CO-05 (On-Demand Asset Validation)
📋 Checklist