A Management Session relies on the knowledge of a shared sessionId by the Local Agent and the Remote Agent. It is out of the scope of GP SERAM to explore how, when, and by whom this sessionId is generated and shared.
Nevertheless, it seems useful for GP SERAM ecosystem to provide a simple order provisioning interface example which may guides platform implementors or any further standardization efforts.
A Management Platform may implement an order provisioning endpoint which may be an HTTP REST endpoint.
| Endpoint | GP SERAM Step | Description |
|---|---|---|
| /order | Initialization Step | Management Session creation and remote management order provisioning |
The order provisioning interface consists of an HTTP request and response pair used to create a new Management Session.
The request may be an HTTP POST request on the Provisioning Endpoint with these optional parameters as JSON body :
- a list of
secureElement, - a
sessionID, - a
remoteManagementOrder.
To provide multiple orders the same sessionID should be used.
On success, the associated HTTP response should be an HTTP 201 response with a JSON body consisting of the sessionID if it is generated by the Management Platform, or with a null body if has been provided in the HTTP request.
All these objects are defined in HTTP REST Binding - OpenAPI specification (Viewer).
The order provisioning interface shall implement a security scheme as defined by OpenAPI.