Profile data sharing¶
Important
Our work follows the mydata principle. This means that the user (guest, profile owner) is the owner of the profile data and is in control of his/her data, can view everything which is stored and decide who can access it. This has some implications on the functionality we offer to partners as well.
Access control¶
Under the hood we use the Data Governance. Each piece of data is carrying the information about who is allowed to access it. The main subjects which add to it are
- Entity type
- Profile (guest)
- Partner
- Role (licence)
Over the api a partner can only access data on which he is registered and together with a valid guest authentication. To access all the data a partner is allowed to access we offer the Profile Data Notification Service where a partner can register to a service bus and retrieve all data relevant for CRM purposes.
Shared data¶
Info
We plan to give the guest more individual control possibilities over his/her data in the future https://my.discover.swiss/#/shared-data
Shared between partners¶
An important question with an ongoing discussion is which partner is allowed to access which data of a user. The current state of affairs is:
Entity | description Entitiy | description |
---|---|---|
Person Party |
Shared with all partners who do have a relation to this guest: The guest logged in to one of the partners' sites. |
|
PartnerData Order Ticket |
All partners can only access data which was created in one of their own applications using their own subscription key. |
Shared between guests¶
A feature available is to allow a guest to share partner data with other guests.
Use case: A guest can create a list of favorites in a partner's app (stored in a PartnerData object) and then can share it using a link with other guests (friend).
Warning
This sharing is copying the partner data into the friends profile. The data is disconneted afterwards, but can be updated/refreshed using the same api calls any time.
Share a partnerData by name¶
see developer portal Share partnerdata object
PUT {{ profileUrl }}/partnerdata/meineFavoriten/share
{
"sharingIdentifier": "8b20238a-8ec4-eb8b-32de-88c24cff4f2f",
"importApiUrl": "{{ profileUrl }}/import/8b20238a-8ec4-eb8b-32de-88c24cff4f2f",
"shareObjectApiUrl": "{{ profileUrl }}/partnerdata/meineFavoriten/share"
}
Import shared data¶
Share partner-data can only get imported into another profile in the context of the same partner as it was shared.
see developer portal Import shared profile data
PUT {{ profileUrl }}/import/8b20238a-8ec4-eb8b-32de-88c24cff4f2f
{
"id": "5350bd74-0a5c-4fc7-aea9-eb8f41eead84",
"objectApiUrl": "http://localhost:7072/api/partnerdata/meineFavoriten-ga"
}
The name of the imported object is extended with the initials fo the sharing guest. This allows to import several partner data of the same "type", have no conflicts and still be able to access them all using the original name as a prefix.
remove share permission again¶
The guest can remove the permission in the my.discover.swiss portal any time. This functionality can be offered by the client application as well.
see developer portal Delete partnerdata share permission
DELETE {{ profileUrl }}/partnerdata/meineFavoriten/share
204 No Content
Shared Party between guests (Teams)¶
A feature available is to allow a guest to invite other guests to his party.
Use cases: A guest can create a party and invite members of its family to join this party, which later can be reused for ordering. A guest can create a party and invite friends to join the team. The team then can be used in Apps like the nordic buddy to achieve challenges as a team and play together.
Information
A party can contain a mix of referenced profiles (other guests) and regular travelers. For the referenced profiles only a reference to the profile is saved, so that means that the party will always contain the latest member data for this profile. The referenced profiles are marked as readonly. The referenced profile will contain the party as a reference. So the party they joined is available for them to see but not to change (readonly).
Invite members¶
During the invitation process a reference-origin-entry is added to the parties DataGovernance.
The reference-origin-entry in an origin with License = "ds_p_reference"
.
If it is present it is possible to join this party (with a valid token).
Information
Time to live of the invitation token is 24 hours.
The response of the invite endpoint is a JWT token which contains the necessary information for joining the party such as ID and it has an expiration time. Which means that when the token is expired it is necessary to create a new invitation token.
Important
The process of deactivating the sharing and activating it again has no influence on the tokens which were created before and are still valid. As long the token is not expired it can be used for joining the party. When the party has deactivated the sharing (no reference-origin-entry), it is not possible to join the party no matter if the token is still valid or not.
It is possible to create multiple invitation tokens for the same party.
POST {{ profileUrl }}/parties/{{ partyId }}/invite
{
"inviteToken" : "{{ JWT_INVITE_TOKEN }}",
"joinApiUrl" : "{{ profileUrl }}/parties/join",
"inviteObjectApiUrl" : "{{ profileUrl }}/parties/{{ partyId }}/invite"
}
Join the party¶
Joining the party is possible only while the reference-origin-entry is present in party.
When a guest is joined the party, a new referenced party is created in the database which belongs to the member-profile and is targeted to the original party, which means that referenced party cannot be updated by the members and its data is always up to date.
A member can leave the original party by deleting the referenced party in his profile.
PUT {{ profileUrl }}/parties/join
{
"inviteToken":"JWT_INVITE_TOKEN"
}
{
"identifier": "bf30e338-6496-453c-997a-91bf3d8cc999",
"name": "Test party",
"member": [
{
"identifier": "991f21c8-b0b1-4dea-ab12-7ccefe81f5c6",
"readonly": true
}
],
"readonly": false,
"@id": "{{ profileUrl }}/parties/bf30e338-6496-453c-997a-91bf3d8cc999",
"dataGovernance": {
"origin": [
{
"created": "2024-05-15T14:09:56.6222391+00:00",
"lastModified": "2024-05-15T14:09:56.6222398+00:00",
"provider": {
"acronym": "ds"
},
"source": {
"acronym": "ds"
},
"author": {
"identifier": "359b5558-7d1a-43bf-8730-973dbc2deeb4"
}
},
{
"sourceId": "bf30e338-6496-453c-997a-91bf3d8cc999",
"created": "2024-05-15T14:13:18.040375+00:00",
"lastModified": "2024-05-15T14:13:18.0403748+00:00",
"license": "ds_p_reference",
"provider": {
"acronym": "ds"
},
"source": {
"acronym": "ds"
},
"author": {
"identifier": "359b5558-7d1a-43bf-8730-973dbc2deeb4"
}
}
]
},
"createdDateTime": "2024-05-14T14:09:56.6233574+00:00",
"lastModified": "2024-05-14T14:09:56.6230761+00:00",
"lastModifiedBy": "359b5558-7d1a-43bf-8730-973dbc2deeb4"
}
Disable possibility to join¶
Disabling the possibility to join means that reference-origin-entry is removed from the party.
DELETE {{ profileUrl }}/parties/{{ partyId }}/invite
204 No Content