FR-11: Subscribe to Relevant Events (1) #90
Description
Description:
The system shall allow MOs, OEMs, and CPOs to subscribe to specific events relevant to their operations. These could include certificate updates, revocations, contract data changes, or similar activities within the ecosystem.
Use Case:
An OEM wants to be notified when a contract certificate related to one of its EVs is created, updated, or deleted in any pool.
Current Status
The feature is flagged as “possible” in OPNC v1.0.
Event subscription appears to be supported via webhooks, although:
Details about event types, filtering, and security/authentication may not yet be fully defined in the spec.
Comments / Open Points
- Which events are relevant?
Current possibilities include:
Contract certificate created / updated / deleted
Root certificate added / revoked
Provisioning certificate activity
Certificate expiration reminders
A clear and curated event list should be proposed and aligned with IOP needs. - Filtering and scoping:
Subscriptions must be scoped to avoid unnecessary data leakage or load.
For example, an actor should only subscribe to events:
Related to their own OEM/EVs
Associated with specific PCIDs or EMAIDs
Or tied to contracts they are authorized to manage - Point-to-point vs broadcast:
In a pool-to-pool model, events are shared only between connected parties — no broadcast across the whole ecosystem.
Each actor should subscribe via the specific pool(s) they are integrated with. - Governance concern:
Who is allowed to subscribe to which events?
Is subscription open to any actor, or only to authenticated, pre-approved clients?
What limits or authorization layers exist?
Discussion Points
- Should OPNC define a standard set of events available for subscription?
- Should webhook message formats be standardized across all event types?
- How do we enforce access control for subscriptions to prevent data leaks?