@twin.org/rights-management-models 0.0.2-next.12 → 0.0.2-next.13

package/dist/cjs/index.cjs

@@ -1,8 +1,6 @@
 'use strict';
 
 var core = require('@twin.org/core');
-var identityModels = require('@twin.org/identity-models');
-var standardsW3cDid = require('@twin.org/standards-w3c-did');
 
 // Copyright 2024 IOTA Stiftung.
 // SPDX-License-Identifier: Apache-2.0.
@@ -96,10 +94,6 @@ const RightsManagementNamespaces = {
  */
 // eslint-disable-next-line @typescript-eslint/naming-convention
 const RightsManagementTypes = {
-    /**
-     * Represents policy request.
-     */
-    PolicyRequest: "PolicyRequest",
     /**
      * Represents data access request.
      */
@@ -296,105 +290,6 @@ class OdrlPolicyHelper {
     }
 }
 
-// Copyright 2024 IOTA Stiftung.
-// SPDX-License-Identifier: Apache-2.0.
-/**
- * Helper methods for creating and verifying rights managements requests.
- */
-class RightsManagementTokenHelper {
-    /**
-     * The class name of the Rights Management Token Helper.
-     */
-    static CLASS_NAME = "RightsManagementTokenHelper";
-    /**
-     * Create the token for an object.
-     * @param identityConnector The identity connector to use for creating the token.
-     * @param verificationMethodId The verification method id to use for creating the token.
-     * @param item The item to create the token for.
-     * @param tokenTtlInSeconds The time-to-live (TTL) for the token in seconds.
-     * @returns The token.
-     * @throws GeneralError is the token creation fails.
-     */
-    static async createToken(identityConnector, verificationMethodId, item, tokenTtlInSeconds) {
-        core.Guards.object(RightsManagementTokenHelper.CLASS_NAME, "identityConnector", identityConnector);
-        core.Guards.stringValue(RightsManagementTokenHelper.CLASS_NAME, "verificationMethodId", verificationMethodId);
-        core.Guards.integer(RightsManagementTokenHelper.CLASS_NAME, "tokenTtlInSeconds", tokenTtlInSeconds);
-        const ttlMs = tokenTtlInSeconds * 1000;
-        const parts = identityModels.DocumentHelper.parseId(verificationMethodId);
-        const credential = await identityConnector.createVerifiableCredential(parts.id, verificationMethodId, undefined, item, {
-            expirationDate: new Date(Date.now() + ttlMs)
-        });
-        return credential.jwt;
-    }
-    /**
-     * Verify the token.
-     * @param identityConnector The identity connector to use for verifying the token.
-     * @param checkProperties Properties to compare against the subject to see if they match.
-     * @param token The token containing the necessary information.
-     * @param tokenTtlInSeconds The time-to-live (TTL) for the token in seconds.
-     * @returns The verifiable credential if the token is valid.
-     * @throws GeneralError is the token verification fails.
-     */
-    static async verifyToken(identityConnector, checkProperties, token, tokenTtlInSeconds) {
-        core.Guards.object(RightsManagementTokenHelper.CLASS_NAME, "identityConnector", identityConnector);
-        core.Guards.stringValue(RightsManagementTokenHelper.CLASS_NAME, "token", token);
-        try {
-            const result = await identityConnector.checkVerifiableCredential(token);
-            const verifiableCredential = result.verifiableCredential;
-            if (core.Is.empty(verifiableCredential)) {
-                throw new core.GeneralError(RightsManagementTokenHelper.CLASS_NAME, "tokenNoCredential");
-            }
-            const issuer = core.Is.stringValue(verifiableCredential.issuer)
-                ? verifiableCredential.issuer
-                : undefined;
-            if (core.Is.empty(issuer)) {
-                throw new core.GeneralError(RightsManagementTokenHelper.CLASS_NAME, "tokenNoIssuer");
-            }
-            for (const checkProperty of Object.keys(checkProperties)) {
-                if (core.ObjectHelper.propertyGet(checkProperties, checkProperty) !==
-                    core.ObjectHelper.propertyGet(verifiableCredential.credentialSubject, checkProperty)) {
-                    throw new core.GeneralError(RightsManagementTokenHelper.CLASS_NAME, "tokenItemMismatch", {
-                        property: checkProperty
-                    });
-                }
-            }
-            await RightsManagementTokenHelper.verifyIssuanceDate(standardsW3cDid.VerifiableCredentialHelper.getValidFrom(verifiableCredential), issuer, tokenTtlInSeconds);
-            return {
-                ...verifiableCredential,
-                issuer
-            };
-        }
-        catch (err) {
-            throw new core.GeneralError(RightsManagementTokenHelper.CLASS_NAME, "tokenFailed", undefined, err);
-        }
-    }
-    /**
-     * Verify that the token has an issuance date and that it is within the allowed time-to-live (TTL).
-     * @param issuanceDate The issuance date from the token.
-     * @param assignee The identity of the node performing the action.
-     * @param tokenTtlInSeconds The time-to-live (TTL) for the token in seconds.
-     * @throws GeneralError if the token is missing the issuance date or if it has expired.
-     */
-    static async verifyIssuanceDate(issuanceDate, assignee, tokenTtlInSeconds) {
-        core.Guards.stringValue(RightsManagementTokenHelper.CLASS_NAME, "assignee", assignee);
-        core.Guards.number(RightsManagementTokenHelper.CLASS_NAME, "tokenTtlInSeconds", tokenTtlInSeconds);
-        if (core.Is.empty(issuanceDate)) {
-            throw new core.GeneralError(RightsManagementTokenHelper.CLASS_NAME, "tokenMissingIssuanceDate", {
-                assignee
-            });
-        }
-        const tokenCreated = new Date(issuanceDate);
-        const now = Date.now();
-        const tokenTtlInMs = tokenTtlInSeconds * 1000;
-        // If the token has expired then we should reject it
-        if (tokenCreated.getTime() + tokenTtlInMs < now) {
-            throw new core.GeneralError(RightsManagementTokenHelper.CLASS_NAME, "tokenExpired", {
-                assignee
-            });
-        }
-    }
-}
-
 exports.LocatorHelper = LocatorHelper;
 exports.OdrlPolicyHelper = OdrlPolicyHelper;
 exports.PolicyDecision = PolicyDecision;
@@ -402,5 +297,4 @@ exports.PolicyDecisionStage = PolicyDecisionStage;
 exports.PolicyInformationAccessMode = PolicyInformationAccessMode;
 exports.RightsManagementContexts = RightsManagementContexts;
 exports.RightsManagementNamespaces = RightsManagementNamespaces;
-exports.RightsManagementTokenHelper = RightsManagementTokenHelper;
 exports.RightsManagementTypes = RightsManagementTypes;

package/dist/esm/index.mjs

@@ -1,6 +1,4 @@
-import { Is, Guards, GeneralError, ObjectHelper } from '@twin.org/core';
-import { DocumentHelper } from '@twin.org/identity-models';
-import { VerifiableCredentialHelper } from '@twin.org/standards-w3c-did';
+import { Is } from '@twin.org/core';
 
 // Copyright 2024 IOTA Stiftung.
 // SPDX-License-Identifier: Apache-2.0.
@@ -94,10 +92,6 @@ const RightsManagementNamespaces = {
  */
 // eslint-disable-next-line @typescript-eslint/naming-convention
 const RightsManagementTypes = {
-    /**
-     * Represents policy request.
-     */
-    PolicyRequest: "PolicyRequest",
     /**
      * Represents data access request.
      */
@@ -294,103 +288,4 @@ class OdrlPolicyHelper {
     }
 }
 
-// Copyright 2024 IOTA Stiftung.
-// SPDX-License-Identifier: Apache-2.0.
-/**
- * Helper methods for creating and verifying rights managements requests.
- */
-class RightsManagementTokenHelper {
-    /**
-     * The class name of the Rights Management Token Helper.
-     */
-    static CLASS_NAME = "RightsManagementTokenHelper";
-    /**
-     * Create the token for an object.
-     * @param identityConnector The identity connector to use for creating the token.
-     * @param verificationMethodId The verification method id to use for creating the token.
-     * @param item The item to create the token for.
-     * @param tokenTtlInSeconds The time-to-live (TTL) for the token in seconds.
-     * @returns The token.
-     * @throws GeneralError is the token creation fails.
-     */
-    static async createToken(identityConnector, verificationMethodId, item, tokenTtlInSeconds) {
-        Guards.object(RightsManagementTokenHelper.CLASS_NAME, "identityConnector", identityConnector);
-        Guards.stringValue(RightsManagementTokenHelper.CLASS_NAME, "verificationMethodId", verificationMethodId);
-        Guards.integer(RightsManagementTokenHelper.CLASS_NAME, "tokenTtlInSeconds", tokenTtlInSeconds);
-        const ttlMs = tokenTtlInSeconds * 1000;
-        const parts = DocumentHelper.parseId(verificationMethodId);
-        const credential = await identityConnector.createVerifiableCredential(parts.id, verificationMethodId, undefined, item, {
-            expirationDate: new Date(Date.now() + ttlMs)
-        });
-        return credential.jwt;
-    }
-    /**
-     * Verify the token.
-     * @param identityConnector The identity connector to use for verifying the token.
-     * @param checkProperties Properties to compare against the subject to see if they match.
-     * @param token The token containing the necessary information.
-     * @param tokenTtlInSeconds The time-to-live (TTL) for the token in seconds.
-     * @returns The verifiable credential if the token is valid.
-     * @throws GeneralError is the token verification fails.
-     */
-    static async verifyToken(identityConnector, checkProperties, token, tokenTtlInSeconds) {
-        Guards.object(RightsManagementTokenHelper.CLASS_NAME, "identityConnector", identityConnector);
-        Guards.stringValue(RightsManagementTokenHelper.CLASS_NAME, "token", token);
-        try {
-            const result = await identityConnector.checkVerifiableCredential(token);
-            const verifiableCredential = result.verifiableCredential;
-            if (Is.empty(verifiableCredential)) {
-                throw new GeneralError(RightsManagementTokenHelper.CLASS_NAME, "tokenNoCredential");
-            }
-            const issuer = Is.stringValue(verifiableCredential.issuer)
-                ? verifiableCredential.issuer
-                : undefined;
-            if (Is.empty(issuer)) {
-                throw new GeneralError(RightsManagementTokenHelper.CLASS_NAME, "tokenNoIssuer");
-            }
-            for (const checkProperty of Object.keys(checkProperties)) {
-                if (ObjectHelper.propertyGet(checkProperties, checkProperty) !==
-                    ObjectHelper.propertyGet(verifiableCredential.credentialSubject, checkProperty)) {
-                    throw new GeneralError(RightsManagementTokenHelper.CLASS_NAME, "tokenItemMismatch", {
-                        property: checkProperty
-                    });
-                }
-            }
-            await RightsManagementTokenHelper.verifyIssuanceDate(VerifiableCredentialHelper.getValidFrom(verifiableCredential), issuer, tokenTtlInSeconds);
-            return {
-                ...verifiableCredential,
-                issuer
-            };
-        }
-        catch (err) {
-            throw new GeneralError(RightsManagementTokenHelper.CLASS_NAME, "tokenFailed", undefined, err);
-        }
-    }
-    /**
-     * Verify that the token has an issuance date and that it is within the allowed time-to-live (TTL).
-     * @param issuanceDate The issuance date from the token.
-     * @param assignee The identity of the node performing the action.
-     * @param tokenTtlInSeconds The time-to-live (TTL) for the token in seconds.
-     * @throws GeneralError if the token is missing the issuance date or if it has expired.
-     */
-    static async verifyIssuanceDate(issuanceDate, assignee, tokenTtlInSeconds) {
-        Guards.stringValue(RightsManagementTokenHelper.CLASS_NAME, "assignee", assignee);
-        Guards.number(RightsManagementTokenHelper.CLASS_NAME, "tokenTtlInSeconds", tokenTtlInSeconds);
-        if (Is.empty(issuanceDate)) {
-            throw new GeneralError(RightsManagementTokenHelper.CLASS_NAME, "tokenMissingIssuanceDate", {
-                assignee
-            });
-        }
-        const tokenCreated = new Date(issuanceDate);
-        const now = Date.now();
-        const tokenTtlInMs = tokenTtlInSeconds * 1000;
-        // If the token has expired then we should reject it
-        if (tokenCreated.getTime() + tokenTtlInMs < now) {
-            throw new GeneralError(RightsManagementTokenHelper.CLASS_NAME, "tokenExpired", {
-                assignee
-            });
-        }
-    }
-}
-
-export { LocatorHelper, OdrlPolicyHelper, PolicyDecision, PolicyDecisionStage, PolicyInformationAccessMode, RightsManagementContexts, RightsManagementNamespaces, RightsManagementTokenHelper, RightsManagementTypes };
+export { LocatorHelper, OdrlPolicyHelper, PolicyDecision, PolicyDecisionStage, PolicyInformationAccessMode, RightsManagementContexts, RightsManagementNamespaces, RightsManagementTypes };

package/dist/types/index.d.ts

@@ -54,7 +54,6 @@ export * from "./models/pnp/IPolicyNegotiationAdminPointComponent";
 export * from "./models/pnp/IPolicyNegotiationPointComponent";
 export * from "./models/pnp/IPolicyNegotiator";
 export * from "./models/pnp/IPolicyRequester";
-export * from "./models/pnp/jsonLd/IPolicyRequest";
 export * from "./models/pxp/IPolicyExecutionAction";
 export * from "./models/pxp/IPolicyExecutionPointComponent";
 export * from "./models/rightsManagementContexts";
@@ -62,4 +61,3 @@ export * from "./models/rightsManagementNamespaces";
 export * from "./models/rightsManagementTypes";
 export * from "./utils/locatorHelper";
 export * from "./utils/odrlPolicyHelper";
-export * from "./utils/rightsManagementTokenHelper";

package/dist/types/models/api/dap/IDapCreateRequest.d.ts

@@ -1,3 +1,4 @@
+import type { IIdentityAuthenticationActionRequest } from "@twin.org/identity-authentication";
 import type { HeaderTypes, MimeTypes } from "@twin.org/web";
 import type { IDataAccessRequestWithObject } from "../../dap/jsonLd/IDataAccessRequestWithObject";
 /**
@@ -9,7 +10,7 @@ export interface IDapCreateRequest {
      */
     headers: {
         [HeaderTypes.Accept]?: typeof MimeTypes.JsonLd | typeof MimeTypes.Json;
-        [HeaderTypes.Authorization]: string;
+        [HeaderTypes.Authorization]?: string;
     };
     /**
      * The path parameters of the request.
@@ -24,4 +25,8 @@ export interface IDapCreateRequest {
      * The body parameters of the request.
      */
     body: IDataAccessRequestWithObject;
+    /**
+     * The action request used in the verifiable credential.
+     */
+    authentication: IIdentityAuthenticationActionRequest;
 }

package/dist/types/models/api/dap/IDapGetRequest.d.ts

@@ -1,3 +1,4 @@
+import type { IIdentityAuthenticationActionRequest } from "@twin.org/identity-authentication";
 import type { HeaderTypes, MimeTypes } from "@twin.org/web";
 /**
  * The request structure for getting an item with the DAP.
@@ -8,7 +9,7 @@ export interface IDapGetRequest {
      */
     headers: {
         [HeaderTypes.Accept]?: typeof MimeTypes.JsonLd | typeof MimeTypes.Json;
-        [HeaderTypes.Authorization]: string;
+        [HeaderTypes.Authorization]?: string;
     };
     /**
      * The path parameters of the request.
@@ -23,4 +24,8 @@ export interface IDapGetRequest {
          */
         id: string;
     };
+    /**
+     * The action request used in the verifiable credential.
+     */
+    authentication: IIdentityAuthenticationActionRequest;
 }

package/dist/types/models/api/dap/IDapQueryRequest.d.ts

@@ -1,3 +1,4 @@
+import type { IIdentityAuthenticationActionRequest } from "@twin.org/identity-authentication";
 import type { HeaderTypes, MimeTypes } from "@twin.org/web";
 import type { IDataAccessQuery } from "../../dap/jsonLd/IDataAccessQuery";
 /**
@@ -9,7 +10,7 @@ export interface IDapQueryRequest {
      */
     headers: {
         [HeaderTypes.Accept]?: typeof MimeTypes.JsonLd | typeof MimeTypes.Json;
-        [HeaderTypes.Authorization]: string;
+        [HeaderTypes.Authorization]?: string;
     };
     /**
      * The path parameters of the request.
@@ -24,4 +25,8 @@ export interface IDapQueryRequest {
      * The body parameters of the request.
      */
     body: IDataAccessQuery;
+    /**
+     * The action request used in the verifiable credential.
+     */
+    authentication: IIdentityAuthenticationActionRequest;
 }

package/dist/types/models/api/dap/IDapRemoveRequest.d.ts

@@ -1,3 +1,4 @@
+import type { IIdentityAuthenticationActionRequest } from "@twin.org/identity-authentication";
 import type { HeaderTypes, MimeTypes } from "@twin.org/web";
 /**
  * The request structure for removing an item with the DAP.
@@ -8,7 +9,7 @@ export interface IDapRemoveRequest {
      */
     headers: {
         [HeaderTypes.Accept]?: typeof MimeTypes.JsonLd | typeof MimeTypes.Json;
-        [HeaderTypes.Authorization]: string;
+        [HeaderTypes.Authorization]?: string;
     };
     /**
      * The path parameters of the request.
@@ -23,4 +24,8 @@ export interface IDapRemoveRequest {
          */
         id: string;
     };
+    /**
+     * The action request used in the verifiable credential.
+     */
+    authentication: IIdentityAuthenticationActionRequest;
 }

package/dist/types/models/api/dap/IDapUpdateRequest.d.ts

@@ -1,3 +1,4 @@
+import type { IIdentityAuthenticationActionRequest } from "@twin.org/identity-authentication";
 import type { HeaderTypes, MimeTypes } from "@twin.org/web";
 import type { IDataAccessRequestWithObject } from "../../dap/jsonLd/IDataAccessRequestWithObject";
 /**
@@ -9,7 +10,7 @@ export interface IDapUpdateRequest {
      */
     headers: {
         [HeaderTypes.Accept]?: typeof MimeTypes.JsonLd | typeof MimeTypes.Json;
-        [HeaderTypes.Authorization]: string;
+        [HeaderTypes.Authorization]?: string;
     };
     /**
      * The path parameters of the request.
@@ -28,4 +29,8 @@ export interface IDapUpdateRequest {
      * The body parameters of the updated.
      */
     body: IDataAccessRequestWithObject;
+    /**
+     * The action request used in the verifiable credential.
+     */
+    authentication: IIdentityAuthenticationActionRequest;
 }

package/dist/types/models/api/pnp/IPnpAgreementRequest.d.ts

@@ -1,3 +1,4 @@
+import type { IIdentityAuthenticationActionRequest } from "@twin.org/identity-authentication";
 import type { IIdsContractAgreementMessage } from "@twin.org/standards-ids-contract-negotiation";
 import type { HeaderTypes, MimeTypes } from "@twin.org/web";
 /**
@@ -9,7 +10,7 @@ export interface IPnpAgreementRequest {
      */
     headers: {
         [HeaderTypes.Accept]?: typeof MimeTypes.JsonLd | typeof MimeTypes.Json;
-        [HeaderTypes.Authorization]: string;
+        [HeaderTypes.Authorization]?: string;
     };
     /**
      * The path parameters of the request.
@@ -24,4 +25,8 @@ export interface IPnpAgreementRequest {
      * The body parameters of the request.
      */
     body: IIdsContractAgreementMessage;
+    /**
+     * The action request used in the verifiable credential.
+     */
+    authentication: IIdentityAuthenticationActionRequest;
 }

package/dist/types/models/api/pnp/IPnpAgreementVerificationRequest.d.ts

@@ -1,3 +1,4 @@
+import type { IIdentityAuthenticationActionRequest } from "@twin.org/identity-authentication";
 import type { IIdsContractAgreementVerificationMessage } from "@twin.org/standards-ids-contract-negotiation";
 import type { HeaderTypes, MimeTypes } from "@twin.org/web";
 /**
@@ -9,7 +10,7 @@ export interface IPnpAgreementVerificationRequest {
      */
     headers: {
         [HeaderTypes.Accept]?: typeof MimeTypes.JsonLd | typeof MimeTypes.Json;
-        [HeaderTypes.Authorization]: string;
+        [HeaderTypes.Authorization]?: string;
     };
     /**
      * The path parameters of the request.
@@ -24,4 +25,8 @@ export interface IPnpAgreementVerificationRequest {
      * The body parameters of the request.
      */
     body: IIdsContractAgreementVerificationMessage;
+    /**
+     * The action request used in the verifiable credential.
+     */
+    authentication: IIdentityAuthenticationActionRequest;
 }

package/dist/types/models/api/pnp/IPnpEventRequest.d.ts

@@ -1,3 +1,4 @@
+import type { IIdentityAuthenticationActionRequest } from "@twin.org/identity-authentication";
 import type { IIdsContractNegotiationEventMessage } from "@twin.org/standards-ids-contract-negotiation";
 import type { HeaderTypes, MimeTypes } from "@twin.org/web";
 /**
@@ -9,7 +10,7 @@ export interface IPnpEventRequest {
      */
     headers: {
         [HeaderTypes.Accept]?: typeof MimeTypes.JsonLd | typeof MimeTypes.Json;
-        [HeaderTypes.Authorization]: string;
+        [HeaderTypes.Authorization]?: string;
     };
     /**
      * The path parameters of the request.
@@ -24,4 +25,8 @@ export interface IPnpEventRequest {
      * The body parameters of the request.
      */
     body: IIdsContractNegotiationEventMessage;
+    /**
+     * The action request used in the verifiable credential.
+     */
+    authentication: IIdentityAuthenticationActionRequest;
 }

package/dist/types/models/api/pnp/IPnpNegotiateRequest.d.ts

@@ -1,3 +1,4 @@
+import type { IIdentityAuthenticationActionRequest } from "@twin.org/identity-authentication";
 import type { IIdsContractRequestMessage } from "@twin.org/standards-ids-contract-negotiation";
 import type { HeaderTypes, MimeTypes } from "@twin.org/web";
 /**
@@ -9,7 +10,7 @@ export interface IPnpNegotiateRequest {
      */
     headers: {
         [HeaderTypes.Accept]?: typeof MimeTypes.JsonLd | typeof MimeTypes.Json;
-        [HeaderTypes.Authorization]: string;
+        [HeaderTypes.Authorization]?: string;
     };
     /**
      * The path parameters of the request.
@@ -24,4 +25,8 @@ export interface IPnpNegotiateRequest {
      * The body parameters of the request.
      */
     body: IIdsContractRequestMessage;
+    /**
+     * The action request used in the verifiable credential.
+     */
+    authentication: IIdentityAuthenticationActionRequest;
 }

package/dist/types/models/api/pnp/IPnpNegotiationGetRequest.d.ts

@@ -1,3 +1,4 @@
+import type { IIdentityAuthenticationActionRequest } from "@twin.org/identity-authentication";
 import type { HeaderTypes, MimeTypes } from "@twin.org/web";
 /**
  * The request structure for requesting a contract negotiation.
@@ -8,7 +9,7 @@ export interface IPnpNegotiationGetRequest {
      */
     headers: {
         [HeaderTypes.Accept]?: typeof MimeTypes.JsonLd | typeof MimeTypes.Json;
-        [HeaderTypes.Authorization]: string;
+        [HeaderTypes.Authorization]?: string;
     };
     /**
      * The path parameters of the request.
@@ -19,4 +20,8 @@ export interface IPnpNegotiationGetRequest {
          */
         id: string;
     };
+    /**
+     * The action request used in the verifiable credential.
+     */
+    authentication: IIdentityAuthenticationActionRequest;
 }

package/dist/types/models/api/pnp/IPnpOfferRequest.d.ts

@@ -1,3 +1,4 @@
+import type { IIdentityAuthenticationActionRequest } from "@twin.org/identity-authentication";
 import type { IIdsContractOfferMessage } from "@twin.org/standards-ids-contract-negotiation";
 import type { HeaderTypes, MimeTypes } from "@twin.org/web";
 /**
@@ -9,7 +10,7 @@ export interface IPnpOfferRequest {
      */
     headers: {
         [HeaderTypes.Accept]?: typeof MimeTypes.JsonLd | typeof MimeTypes.Json;
-        [HeaderTypes.Authorization]: string;
+        [HeaderTypes.Authorization]?: string;
     };
     /**
      * The path parameters of the request.
@@ -24,4 +25,8 @@ export interface IPnpOfferRequest {
      * The body parameters of the request.
      */
     body: IIdsContractOfferMessage;
+    /**
+     * The action request used in the verifiable credential.
+     */
+    authentication: IIdentityAuthenticationActionRequest;
 }

package/dist/types/models/api/pnp/IPnpTerminateRequest.d.ts

@@ -1,3 +1,4 @@
+import type { IIdentityAuthenticationActionRequest } from "@twin.org/identity-authentication";
 import type { IIdsContractNegotiationTerminationMessage } from "@twin.org/standards-ids-contract-negotiation";
 import type { HeaderTypes, MimeTypes } from "@twin.org/web";
 /**
@@ -9,7 +10,7 @@ export interface IPnpTerminateRequest {
      */
     headers: {
         [HeaderTypes.Accept]?: typeof MimeTypes.JsonLd | typeof MimeTypes.Json;
-        [HeaderTypes.Authorization]: string;
+        [HeaderTypes.Authorization]?: string;
     };
     /**
      * The path parameters of the request.
@@ -24,4 +25,8 @@ export interface IPnpTerminateRequest {
      * The body parameters of the request.
      */
     body: IIdsContractNegotiationTerminationMessage;
+    /**
+     * The action request used in the verifiable credential.
+     */
+    authentication: IIdentityAuthenticationActionRequest;
 }

package/dist/types/models/dap/IDataAccessPointComponent.d.ts

@@ -1,6 +1,7 @@
 import type { IComponent } from "@twin.org/core";
 import type { IJsonLdNodeObject } from "@twin.org/data-json-ld";
 import type { EntityCondition } from "@twin.org/entity";
+import type { IIdentityAuthenticationActionRequest } from "@twin.org/identity-authentication";
 import type { IDataAccessHandler } from "./IDataAccessHandler";
 /**
  * Interface describing a Data Access Point (DAP) contract.
@@ -13,44 +14,44 @@ export interface IDataAccessPointComponent extends IComponent {
      * Create an item.
      * @param assetType The type of the item to create.
      * @param item The item to create.
-     * @param proofToken The proof provided by the requester to support the creation.
+     * @param actionRequest The action request used in the verifiable credential.
      * @returns The id of the item created, for some items this is supplied in the `item`.
      */
-    create(assetType: string, item: IJsonLdNodeObject, proofToken: string): Promise<string>;
+    create(assetType: string, item: IJsonLdNodeObject, actionRequest: IIdentityAuthenticationActionRequest): Promise<string>;
     /**
      * Get an item.
      * @param assetType The type of the item to retrieve.
      * @param id The ID of the item to retrieve.
-     * @param proofToken The proof provided by the requester to support the lookup.
+     * @param actionRequest The action request used in the verifiable credential.
      * @returns The item retrieved if the policies allow it.
      */
-    get(assetType: string, id: string, proofToken: string): Promise<IJsonLdNodeObject>;
+    get(assetType: string, id: string, actionRequest: IIdentityAuthenticationActionRequest): Promise<IJsonLdNodeObject>;
     /**
      * Update an item.
      * @param assetType The type of the item to update.
      * @param item The item to update.
-     * @param proofToken The proof provided by the requester to support the update.
+     * @param actionRequest The action request used in the verifiable credential.
      * @returns Nothing.
      */
-    update(assetType: string, item: IJsonLdNodeObject, proofToken: string): Promise<void>;
+    update(assetType: string, item: IJsonLdNodeObject, actionRequest: IIdentityAuthenticationActionRequest): Promise<void>;
     /**
      * Remove an item.
      * @param assetType The type of the item to remove.
      * @param id The id of the item to remove.
-     * @param proofToken The proof provided by the requester to support the removal.
+     * @param actionRequest The action request used in the verifiable credential.
      * @returns Nothing.
      */
-    remove(assetType: string, id: string, proofToken: string): Promise<void>;
+    remove(assetType: string, id: string, actionRequest: IIdentityAuthenticationActionRequest): Promise<void>;
     /**
      * Query for items.
      * @param assetType The type of the item to query.
      * @param conditions The conditions to apply to the query.
      * @param cursor The cursor for pagination.
      * @param options Additional options which might be supported by the handler.
-     * @param proofToken The proof provided by the requester to support the query.
+     * @param actionRequest The action request used in the verifiable credential.
      * @returns The items matching the query and cursor if there are more items.
      */
-    query(assetType: string, conditions: EntityCondition<IJsonLdNodeObject> | undefined, cursor: string | undefined, options: unknown | undefined, proofToken: string): Promise<{
+    query(assetType: string, conditions: EntityCondition<IJsonLdNodeObject> | undefined, cursor: string | undefined, options: unknown | undefined, actionRequest: IIdentityAuthenticationActionRequest): Promise<{
         items: IJsonLdNodeObject[];
         cursor?: string;
     }>;