Safe Paths HA Awareness Proposal

Owned by Jacob Jaffe (Deactivated)
May 26, 2020
2 min read

Overview

The goal of this document is to propose how the SafePaths mobile client can become aware of the various SafePlaces servers and be able to use their API’s for inbound (published) and outbound (e2e transmission for contact tracing) data.

Current Solution

Currently, the SafePaths mobile client requests a statically hosted yaml file hosted on GitHub as the source of truth on available HA’s.

export const AUTHORITIES_LIST_URL = 'https://raw.githubusercontent.com/Path-Check/safeplaces-frontend/develop/healthcare-authorities.yaml';

An example format for that file is:

Authorities: - Mairie de PAP/MSSP: - {url: "https://vault.tripleblind.app/safe_path/5673742378205184/"} - bounds: { "ne": { "latitude": 20.312764055951195, "longitude": -70.45445121262883}, "sw": { "latitude": 17.766025040122642, "longitude": -75.49442923997258}} - Example Health Authority for Testing: - {url: "https://raw.githack.com/tripleblindmarket/safe-places/develop/examples/safe-paths.json"}

Currently, this file serves only the HA’s name, Publish URL, and bounds.
The Publish URL (url in the yaml file) is for the inbound published data – there is currently no way for the mobile client to be aware of other public API’s the HA is hosting.

Proposed Solution

Keeping with the old file structure, we can use the configUrl to query all public info on the HA. We can continue to include data that is immediately used for HA selection in this list so the mobile client can filter by location without a request per HA.

Authorities: - Mairie de PAP/MSSP: - configUrl: {configUrl} - bounds: { "ne": { "latitude": 20.312764055951195, "longitude": -70.45445121262883}, "sw": { "latitude": 17.766025040122642, "longitude": -75.49442923997258}}

where configUrl is the GET /organization/configuration endpoint SPL API Specification v1 (For MVP1) | to be confirmed: GET /organization/configuration

this also allows the HA list to be abstracted from the notion of an “org id”, as this will be supplied by the config endpoint if needed.

Open Questions

  1. Do we need to include this meta data as part of the safe_paths.json of the publish endpoint if iit is included in the config endpoint / in this yaml file?

  2. Is other data needed immediately by the mobile client for filtering HA’s, (besides name & bounds), so that calls to the config endpoint are not needed until an HA is selected?

  3. Will the config endpoint provide a baseUrl for specifying the root for the public url endpoints?