Skip to content

EBL 3.0: SD-2543: Update issuanceManifestSignedContent description #569

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
HenrikHL merged 1 commit into from
Oct 17, 2025
Merged

EBL 3.0: SD-2543: Update issuanceManifestSignedContent description #569

HenrikHL merged 1 commit into from
Oct 17, 2025

Conversation

@HenrikHL
Copy link
Contributor

@HenrikHL HenrikHL commented Oct 17, 2025
edited by atlassian bot
Loading

User description

SD-2543: Update the description for issuanceManifestSignedContent to make it more clear

PR Type

Documentation

Description

  • Clarifies issuanceManifestSignedContent description for better understanding

  • Expands scope to include carrier agents as signers

  • Reformats description text for improved readability

Diagram Walkthrough

flowchart LR
  A["issuanceManifestSignedContent<br/>description"] -- "expanded to include<br/>carrier agents" --> B["Clarified signer<br/>scope"]
  A -- "reformatted for<br/>readability" --> C["Single paragraph<br/>format"]
Loading

File Walkthrough
Relevant files
Documentation
EBL_ISS_v3.0.2.yaml
Expand and clarify issuanceManifestSignedContent description

ebl/v3/issuance/EBL_ISS_v3.0.2.yaml

  • Updated issuanceManifestSignedContent description to clarify that
    payload can be signed by carrier or authorized agents
  • Reformatted multi-line description into single paragraph for better
    readability
  • Maintained all technical references to RFC 7515 and IssuanceManifest
    schema
 +1/-4     

@qodo-code-review
Copy link

qodo-code-review bot commented Oct 17, 2025

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
Input validation weakness

Description: The regex pattern for JWS (^[A-Za-z0-9_-]+.[A-Za-z0-9_-]+.[A-Za-z0-9_-]+$) excludes
base64url padding-less characters only and disallows periods in header/payload/signature
beyond the two separators, but does not enforce base64url character set for all cases
(acceptable) while also potentially allowing empty segments; verify that empty segments
cannot occur and that this lenient pattern is intended.
EBL_ISS_v3.0.2.yaml [315-315]

Referred Code 
  JWS content with compact serialization according to [RFC 7515](https://datatracker.ietf.org/doc/html/rfc7515#section-7.1). JWS-signed payload is defined in schema [IssuanceManifest](#/IssuanceManifest). This attribute is used to provide integrity of various parts of the payload that enable parties to validate whether a payload matches what the carrier issued originally. Accordingly, the payload is signed by the carrier or a party (typically an agent) acting on behalf of the carrier.
# TODO: Update example
Ticket Compliance
🟢
🎫 #SD-2543
🟢 Update the definition/description of issuanceManifestSignedContent to explicitly state it
is JWS content with compact serialization per RFC 7515 section 7.1.
Reference that the JWS-signed payload is defined in the `IssuanceManifest` schema.
Explain that the attribute provides integrity for parts of the payload so parties can
validate it matches what the carrier originally issued.
Clarify that the payload may be signed by the carrier or a party (typically an agent)
acting on behalf of the carrier.
Codebase Duplication Compliance
Codebase context is not defined

Follow the guide to enable codebase context checks.

Custom Compliance
No custom compliance provided

Follow the guide to enable custom compliance check.
Compliance status legend 🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

@HenrikHL HenrikHL merged commit 5996d9a into master Oct 17, 2025
1 check passed
@HenrikHL HenrikHL deleted the SD-2543_issuanceManifestSignedContent branch October 17, 2025 07:37
@qodo-code-review
Copy link

qodo-code-review bot commented Oct 17, 2025

PR Code Suggestions ✨

Explore these optional code suggestions:

CategorySuggestion                                                                                                                                    Impact
General
Improve readability of long description

To improve readability, use a YAML folded block scalar (>) for the long
description and wrap the text across multiple lines.

ebl/v3/issuance/EBL_ISS_v3.0.2.yaml [314-315]

-description: |
-  JWS content with compact serialization according to [RFC 7515](https://datatracker.ietf.org/doc/html/rfc7515#section-7.1). JWS-signed payload is defined in schema [IssuanceManifest](#/IssuanceManifest). This attribute is used to provide integrity of various parts of the payload that enable parties to validate whether a payload matches what the carrier issued originally. Accordingly, the payload is signed by the carrier or a party (typically an agent) acting on behalf of the carrier.
+description: >
+  JWS content with compact serialization according to [RFC 7515](https://datatracker.ietf.org/doc/html/rfc7515#section-7.1).
+  JWS-signed payload is defined in schema [IssuanceManifest](#/IssuanceManifest).
+  This attribute is used to provide integrity of various parts of the payload that enable parties to
+  validate whether a payload matches what the carrier issued originally.
+  Accordingly, the payload is signed by the carrier or a party (typically an agent) acting on behalf of the carrier.
  • Apply / Chat
Suggestion importance[1-10]: 4

__

Why: The suggestion correctly identifies a readability issue with a very long line and proposes a valid improvement using a YAML folded block scalar (>) to enhance maintainability.

Low
  • More

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Review effort 1/5

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@HenrikHL