Core DCI (Digital Convergence Initiative) infrastructure for OpenSPP. Implements SPDCI messaging protocol with HTTP signature authentication, Pydantic schemas for message validation, and cryptographic key management. Provides foundational components for building DCI-compliant registry integrations.
- Manage signing keys with Ed25519 and RSA-256 algorithms, state-based lifecycle (draft → active → revoked)
- Generate HTTP signatures following draft-cavage specification for outbound message authentication
- Verify incoming HTTP signatures using JWKS public key discovery
- Validate DCI message structure using Pydantic schemas (envelope, header, payload)
- Export standard identifier types (UIN, BRN, MRN, DRN) with DCI namespace URIs
- Build and sign DCI response envelopes with centralized helper functions
| Model | Description |
|---|---|
spp.dci.signing.key |
Cryptographic signing key with lifecycle state management |
Exported in spp_dci.schemas for import by DCI server/client modules:
- Envelope:
DCIEnvelope,DCIMessageHeader,DCICallbackHeader- Three-part message structure - Common:
Identifier,Name,Address,GeoLocation,Place,AdditionalAttribute,Period- Shared data types - Person/Group:
Person,RelatedPerson,DisabilityInfo,Group,Member- Registry entities - Search:
SearchRequest,SearchResponse,SearchCriteria,Pagination,Expression- Search operations - Subscription:
SubscribeRequest,SubscribeResponse,UnsubscribeRequest,TxnStatusRequest- Event subscriptions - Receipt:
ReceiptRequest,ReceiptResponse,BeneficiaryRef,ReceiptInformation- Delivery confirmations
After installing:
- Navigate to Settings > Technical > Parameters > System Parameters
- Set
dci.sender_idto your organization's DCI identifier (default:openspp) - Create signing keys at Settings > Technical > Database Structure > DCI Signing Keys
- Generate keypair, then activate the key for use in signatures
No standalone menu. Access signing keys via Settings > Technical > Database Structure > DCI Signing Keys.
| Group | Access |
|---|---|
base.group_system |
Full CRUD, view private keys |
base.group_user |
Read signing keys (no delete) |
- Inherit
spp.dci.signing.keyto add key rotation policies or HSM integration - Use
DCISigner(private_key, sender_id, key_id, algorithm)to sign outbound messages - Use
DCIVerifier(public_key, algorithm)to verify incoming signatures - Import schemas from
spp_dci.schemasfor message validation in custom endpoints - Override
get_sender_id(env)inresponse_helpersto customize sender identification - Use
build_signed_envelope()helper to construct DCI responses with proper headers and signatures
base, spp_registry
Important
This is an alpha version, the data model and design can change at any time without warning. Only for development or testing purpose, do not use in production.
Table of contents
- Initial migration to OpenSPP2
Bugs are tracked on GitHub Issues. In case of trouble, please check there if your issue has already been reported. If you spotted it first, help us to smash it by providing a detailed and welcomed feedback.
Do not contact contributors directly about support or help with technical issues.
- OpenSPP.org
Current maintainers:
This module is part of the OpenSPP/OpenSPP2 project on GitHub.
You are welcome to contribute.