Standards Development

Scope

The scope of this pwi follows the requirements of module 8 in the standardisation request of the european commission.

In Scope:

- Definition of APIs for automating the management of the product passport throughout its lifecycle

- Rules on data providing and data request processes CRUD (Create, Read, Update, Delete) operations on products passports - also covering part of module 5

- remote queries on the products passports under their custodianship.

- syntax and semantics of the API interfaces;

- security and access control to the APIs;

- requirements on performance and response time;

- considerations on versioning and backward compatibility of API interfaces;

- message exchange patterns, for instance synchronous, asynchronous, request-response, fire-and-forget, publish and subscribe (concerning work of Module 5)

- availability and scalability;

- mechanisms to ensure the functional reliability of the data (in collaboration with module 7)

Out of Scope:

- European standard(s) on unique identifiers

- European standard(s) on data carriers and links between physical product and digital representation

- European standard(s) on access rights management, information, system security, and business confidentiality

- European standard(s) on interoperability (technical, semantic, organisation)

- European standard(s) on data exchange protocols and data formats

- European standard(s) on data storage, archiving, and data persistence

- European standard(s) on data authentication, reliability, integrity

Purpose

This proposal is in response to the Standardization Request from the European Comission for the Digital Product Passport, as seen in the latest version of document CEN/CLC/JTC 24 M-XXX DPP_N63_FINAL draft SReq DPP + Annexes - Document under CoS vote until 2024-04-01 (EN version) or https://ec.europa.eu/transparency/comitology-register/screen/documents/096100/1/consult?lang=en

As specified in annex 2 - part B - Section 8 - Standards on Application Programming Interfaces (APIs) for the product passport lifecycle management and searchability)

The standard(s) aim at harmonising the APIs for automating the management of the product passport throughout its lifecycle and serving remote queries coming from the product passport registry or applications from national authorities.

Custodians of product passports (either economic operators or service providers) shall make available APIs covering the following:

a) CRUD (Create, Read, Update, Delete) operations on products passports;

b) remote queries on the products passports under their custodianship. When developing the standard(s), at least the following aspects shall be adequately specified:

a) syntax and semantics of the API interfaces;

b) security and access control to the APIs;

c) performance and response time;

d) considerations on versioning and backward compatibility of API interfaces;

e) message exchange patterns, for instance synchronous, asynchronous, request-response, fire-and-forget, publish and subscribe;

f) availability and scalability;

g) mechanisms to ensure the authenticity, integrity and reliability of the data.

The Study: "APIs4DGov - Digital Government APIs. The Road to value-added Open-driven services” by the JRC (available at https://data.jrc.ec.europa.eu/collection/id-0097) shall be used in the design of the APIs. Furthermore, existing relevant standards shall be duly considered when drafting the new API standard(s). A non-exhaustive list is provided below:

 WS-* standards (available at https://www.oasis-open.org/specs/index.php)

 SOAP messaging framework (available at https://www.w3.org/TR/soap12/)

 REST (Representational state transfer) architectural style

 HTTP (available at https://datatracker.ietf.org/doc/html/rfc9112)

 ISO/IEC 21778:2017 - Information technology — The JSON data interchange syntax

 IETF RFC7515 on JSON Web Signature (available at: https://datatracker.ietf.org/doc/html/rfc7515)

 JSON-LD (available at: https://www.w3.org/TR/json-ld11/)

 eDelivery Building Blocks (available at https://ec.europa.eu/digital-building-blocks/wikis/display/DIGITAL/eDelivery)

 PEPPOL eDelivery (available at http://peppol.eu/downloads/the-peppol-edelivery-network-specifications/)

 ISO 15000-2:2021 : AS4 profile of ebXML Messaging v3

 ISO 22385: Guidelines for establishing a Framework for Trust and Interoperability

 ISO/IEC 24760: IT Security and Privacy - A framework for identity management

 ISO EN 301549:2015 Accessibility requirements suitable for public procurement of ICT products and services in Europe

 ISO/IEC 19845:2015 : Universal Business Language (UBL) v2.1

 ISO/IEC NP 18975: Encoding and resolving identifiers over HTTP

 OpenIDConnect (available at: https://openid.net/connect/)

 OpenID for Verifiable Credentials (available at: https://openid.net/sg/openid4vc/)

 OpenAPI Specification (available at: https://spec.openapis.org/oas/v3.0.3)

 JSON Web Token (available at: https://www.rfc-editor.org/rfc/rfc7519)

Besides the abovementioned standards from the Standardisation Request, the PWI will also take into account the following standards:

 ISO 15926 / ISO/TS 15926-4:2019 Industrial automation systems and integration — Integration of life-cycle data for process plants including oil and gas production facilities Part 4: Initial reference data https://www.iso.org/standard/73830.html

 ISO 23726 / ISO/CD 23726-3 Automation systems and integration — Ontology based interoperabilityPart 3: Industrial data ontology https://www.iso.org/standard/87560.html