Skip to content
This repository has been archived by the owner on Jul 12, 2023. It is now read-only.

Commit

Permalink
Change key terminology to be more consistent, fixes #556 (#658)
Browse files Browse the repository at this point in the history
  • Loading branch information
@crwilcox
crwilcox authored Jun 23, 2020
1 parent d2b23e8 commit a83e144
Show file tree
Hide file tree
Showing 24 changed files with 122 additions and 122 deletions.
8 changes: 4 additions & 4 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
# Exposure Notification Reference Server
# Exposure Notification Reference Key Server

[COVID‑19 Exposure Notifications API](https://www.google.com/covid19/exposurenotifications/)

[Exposure Notification Reference Server Documentation](https://google.github.io/exposure-notifications-server/)
[Exposure Notification Reference Key Server Documentation](https://google.github.io/exposure-notifications-server/)

In our continued effort to help governments and health authorities during the
COVID-19 pandemic, we have authored an open source reference implementation of
an Exposure Notifications server.
an Exposure Notification Key Server.

The server reference in this repository implements the Exposure Notifications
API and provides reference code for working with Android and iOS apps that
Expand Down Expand Up @@ -40,7 +40,7 @@ The server is responsible for the following functions:
## Tutorials and reference documentation

You can read tutorials on deploying and using the reference Exposure Notification
Server here:
Key Server here:

* [Overview](https://google.github.io/exposure-notifications-server/)
* [Deployment Guide](https://google.github.io/exposure-notifications-server/getting-started/deploying)
Expand Down
2 changes: 1 addition & 1 deletion docs/_config.yml
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
title: Exposure Notifications Server
title: Exposure Notification Reference Key Server
theme: jekyll-theme-minimal
12 changes: 6 additions & 6 deletions docs/design/verification_protocol.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ layout: default
---
# Public Health Authority Diagnosis Verification Protocol

This design covers the exposure notifications server's ability to verify
This design covers the exposure notification key server's ability to verify
diagnosis certifications from public health authorities.

The actual process of issuing these certificates is not covered in this
Expand Down Expand Up @@ -51,7 +51,7 @@ health authority in the jurisdiction.

## JWT Verification + Accepted Claims

The exposure notifications server will accept this JWT in the current
The exposure notification key server will accept this JWT in the current
`verificationPayload` field in the exposure reporting API. When this is present,
device attestations should be disabled. In addition, the exposure publishing
API will also accept a new field `hmackey` to be used as the key for
Expand All @@ -64,21 +64,21 @@ First, using the standard claims.
* `iss` : The issuer will be used to determine which public key(s) are valid for
verification. This is to allow for key rotation.
* `aud` : The audience must be as configured for this installation of the
exposure notifications server. The operator of the exposure notifications server
exposure notification key server. The operator of the exposure notification key server
is the one to define this value and should be shared to all participating health
authorities.
* `iat` : The unix timestamp at which the token was issued.
* `exp` : The unix timestamp at which the token will expire.
* `nbf` : If present, the "not before" timestamp will be honored.

We also prescribe a set of private claims to transmit data from the PHA
verification server to the exposure notifications server.
verification server to the exposure notification key server.

* `tekhmac` : The HMAC of the TEKs that was presented to the PHA verification
server. This must be calculated in a specific way (see below).
* `phadata` : Contains a map of claims for the PHA to communicate back
to the mobile app and/or the exposure notifications server. This specific
implementation of the exposure notifications server will disregard and never
to the mobile app and/or the exposure notification key server. This specific
implementation of the exposure notification key server will disregard and never
save the `phadata`
* `trisk` : Contains an array of transmission risk overrides to enact when
importing the associated keys. If data is present in this field, it will
Expand Down
14 changes: 7 additions & 7 deletions docs/diagrams/compute_data_in.diagram
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,8 @@ elements {
# Compute Components
########################################
card cloud_run as tracing_key_ingestion {
name "Tracing Key Ingestion"
description "Intake of Tracing Keys"
name "Exposure Key Ingestion"
description "Intake of Exposure Keys"
}

card cloud_run as federated_ingestion {
Expand All @@ -24,22 +24,22 @@ elements {

card cloud_run as data_deletion {
name "Data Deletion"
description "Periodically delete old tracing keys"
description "Periodically delete old exposure keys"
}

card cloud_run as federation_api {
name "Federated Access"
description ""
}
card cloud_run as batch_keys {
name "Batch Tracing Keys"
name "Batch Exposure Keys"
description ""
}

card cdn
# Likely needed instead of CDN for non-gcp
# card cloud_run as cdn {
# name "Tracing Key Batch Server"
# name "Exposure Key Batch Server"
#}

########################################
Expand All @@ -55,12 +55,12 @@ elements {
# Storage Components
########################################
card gke_onprem as sql {
name "Tracing Key Database"
name "Exposure Key Database"
description ""
}

card gke_onprem as storage {
name "Tracing Key Batches"
name "Exposure Key Batches"
description ""
}

Expand Down
14 changes: 7 additions & 7 deletions docs/diagrams/compute_data_in.svg
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
14 changes: 7 additions & 7 deletions docs/diagrams/compute_data_out.diagram
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,8 @@ elements {
# Compute Components
########################################
card cloud_run as tracing_key_ingestion {
name "Tracing Key Ingestion"
description "Intake of Tracing Keys"
name "Exposure Key Ingestion"
description "Intake of Exposure Keys"
}

card cloud_run as federated_ingestion {
Expand All @@ -24,22 +24,22 @@ elements {

card cloud_run as data_deletion {
name "Data Deletion"
description "Periodically delete old tracing keys"
description "Periodically delete old exposure keys"
}

card cloud_run as federation_api {
name "Federated Access"
description ""
}
card cloud_run as batch_keys {
name "Batch Tracing Keys"
name "Batch Exposure Keys"
description ""
}

card cdn
# Likely needed instead of CDN for non-gcp
# card cloud_run as cdn {
# name "Tracing Key Batch Server"
# name "Exposure Key Batch Server"
#}

########################################
Expand All @@ -55,12 +55,12 @@ elements {
# Storage Components
########################################
card gke_onprem as sql {
name "Tracing Key Database"
name "Exposure Key Database"
description ""
}

card gke_onprem as storage {
name "Tracing Key Batches"
name "Exposure Key Batches"
description ""
}

Expand Down
Loading

0 comments on commit a83e144

Please sign in to comment.