Dit document is ook beschikbaar in dit niet-normatieve formaat: pdf
Dit document valt onder de volgende licentie:
Creative Commons Attribution 4.0 International Public License
Dit is een werkversie die op elk moment kan worden gewijzigd, verwijderd of vervangen door andere documenten. Het is geen door het TO goedgekeurde consultatieversie.
The CloudEvent-NL message format can be used when using different formats and protocols and patterns. In order to be able to use the GOV-NL profile properly in practice, agreements must also be made when and in what way a certain format, protocol or pattern is used.
The Serverless Working Group has described how the HTTP protocol can be used in a standardized way in combination with the CloudEvents message format: HTTP Protocol Binding for CloudEvents. The specification defines how the elements defined in the CloudEvents specification are to be used in HTTP 1.1 requests and response messages.
Similar to what happened in the NL GOV profile for the CloudEvents specification, this guideline makes recommendations about the use of the HTTP specification within the context of the Dutch government. These are intended to make use of the specification more unambiguous and to work towards standardisation in the long term.
Content-Type
header declares the media type.Content-Type
header value is:application/cloudevents(+xxxx)
: structured mode (xxx
denotes the used event format)application/cloudevents-batch
: batched modeContent-Type
header declares the media type.)application/cloudevents+json; charset=UTF-8
)ce-id
).application/cloudevents-batch+json; charset=UTF-8
)ce-
.At the moment there are no additional agreements about the use of the specification within the Dutch government.
Structured content mode: HTTP POST request with a JSON event format encoded event:
POST /myresource HTTP/1.1
Host: webhook.example.com
Content-Type: application/cloudevents+json; charset=utf-8
Content-Length: nnnn
{
"specversion": "1.0",
"type": "nl.overheid.zaken.zaakstatus-gewijzigd",
"source": "urn:nld:oin:00000001823288444000:systeem:BRP-component",
"id": "f3dce042-cd6e-4977-844d-05be8dce7cea",
... further attributes omitted ...
"data": {
... application data ...
}
}
Batched content mode: HTTP POST request with two JSON event format encoded events:
[
{
"specversion": "1.0",
"type": "nl.overheid.zaken.zaakstatus-gewijzigd",
"source": "urn:nld:oin:00000001823288444000:systeem:BRP-component",
"id": "f3dce042-cd6e-4977-844d-05be8dce7cea",
... further attributes omitted ...
"data": {
... application data ...
}
},
{
"specversion": "1.0",
"type": "nl.overheid.zaken.zaakstatus-gewijzigd",
"source": "urn:nld:oin:00000001823288444000:systeem:BRP-component",
"id": "1ca55552-bc4a-4f5d-8cc8-8106e3e883c1",
... further attributes omitted ...
"data": {
... application data ...
}
}
]
Binary content mode: HTTP POST request with context attributes mapped to HTTP-headers:
POST /myresource HTTP/1.1
Host: webhook.example.com
ce-specversion: 1.0
ce-type: nl.overheid.zaken.zaakstatus-gewijzigd
ce-id: f3dce042-cd6e-4977-844d-05be8dce7cea
ce-source: urn:nld:oin:00000001823288444000:systeem:BRP-component
... further attributes omitted ...
Content-Type: application/json; charset=utf-8
Content-Length: nnnn
{
... application data ...
}
The CloudEvent-NL message format can be used when using different formats and protocols and patterns. In order to be able to use the GOV-NL profile properly in practice, agreements must also be made when and in what way a certain format, protocol or pattern is used.
The Serverless Working Group has described how the JavaScript Object Notation (JSON) Data Interchange Format can be used in a standardized way in combination with the CloudEvents message format: JSON Event Format for CloudEvents.
Similar to what happened in the NL GOV profile for the CloudEvents specification, this guideline makes recommendations about the use of the JSON specification within the context of the Dutch government. These are intended to make use of the specification more unambiguous and to work towards standardisation in the long term.
The JSON Format for CloudEvents specification defines how events are expressed in JSON. The JSON syntax is not a specification of a complete data interchange. Meaningful data interchange requires agreement between a producer and consumer on the semantics attached to a particular use of the JSON syntax. What JSON does provide is the syntactic framework to which such semantics can be attached.
application/cloudevents+json
.data
data_base64
data_base64
member is present it indicates that its value is Base64 encoded binary data.application/cloudevents-batch+json
MUST be used.Event with an attribute 'geheimnummer' having a null value and a 'data' attribute with a JSON value:
{
"specversion": "1.0",
"type": "nl.overheid.zaken.zaakstatus-gewijzigd",
"source": "urn:nld:oin:00000001823288444000:systeem:BRP-component",
"subject": "123456789",
"id": "f3dce042-cd6e-4977-844d-05be8dce7cea",
"time": "2021-12-10T17:31:00Z",
"nlbrpnationaliteit": "0083",
"geheimnummer": null,
"dataref": "https://gemeenteX/api/persoon/123456789",
"sequence": "1234",
"sequencetype": "integer",
"datacontenttype": "application/json",
"data": {
"bsn": "1234567789",
"naam": "Jan Jansen",
"gecontroleerd": "ja"
}
}
Event with both the attribute 'datacontenttype' and 'data_base64' and a JSON string expression with Base64 encoded binary data as value of the 'data_base64' attribute:
{
"specversion": "1.0",
"type": "nl.overheid.zaken.zaakstatus-gewijzigd",
"source": "urn:nld:oin:00000001823288444000:systeem:BRP-component",
"id": "f3dce042-cd6e-4977-844d-05be8dce7cea",
"datacontenttype": "application/vnd.apache.thrift.binary",
"data_base64": "YWFwIG5vb3QgbWllcw=="
}
Event with only the attribute 'data_base64' and a JSON string expression with Base64 encoded binary data as value of the 'data_base64' attribute:
{
"specversion": "1.0",
"type": "nl.overheid.zaken.zaakstatus-gewijzigd",
"source": "urn:nld:oin:00000001823288444000:systeem:BRP-component",
"id": "f3dce042-cd6e-4977-844d-05be8dce7cea",
"data_base64" : "YWFwIG5vb3QgbWllcw=="
}
The CloudEvent-NL message format can be used when using different formats and protocols and patterns. In order to be able to use the GOV-NL profile properly in practice, agreements must also be made when and in what way a certain format, protocol or pattern is used.
The Serverless Working Group has described how the Webhook pattern can be used in a standardized way in combination with the CloudEvents message format: HTTP 1.1 Web Hooks for Event Delivery.
"Webhooks" are a popular pattern to deliver notifications between applications and via HTTP endpoints. Applications that make notifications available, allow for other applications to register an HTTP endpoint to which notifications are delivered. In spite of pattern usage being widespread, there is no formal definition for Web Hooks. The CloudEvents specification now provides such a definition for use with CNCF CloudEvents (but is considered generally usable beyond the scope of CloudEvents).
Similar to what happened in the 'NL GOV profile for the CloudEvents' specification, this guideline makes recommendations about the use of the drafted CloudEvents specification within the context of the Dutch government. These are intended to make use of the specification more unambiguous and to work towards standardisation in the long term.
The 'HTTP 1.1 Web Hooks for Event Delivery' specification prescribes rules constraining the use and handling of specific HTTP methods and headers and defines:
200 OK
or 200 Created
if delivery had been accepted and processed and response carries a payload201
Created or 204 No Content
when accepted and processed but carries no payload 202 Accepted
if accepted but not yet processed or processing status is unknown410 Gone
if delivery target has been retired429 Too Many Requests
when exceeding a request rate limit and MUST include the Retry-After header.415 Unsupported Media Type
when notification format is not understood.It must be prevented that notifications are sent to recipients who have not requested this themselves. A legitimate delivery target needs to indicate that it agrees with notifications being delivered to it. Reaching the delivery agreement is realized using a validation handshake:
A handshake can either be executed immediately at registration time or as a "pre-flight" request immediately preceding a delivery.
Delivery targets SHOULD support the abuse protection feature. If a target does not support the feature, the sender MAY choose not to send to the target, at all, or send only at a very low request rate.
The validation request uses the HTTP OPTIONS method with header fields:
The validation response MUST be sent if the delivery target does allow delivery of events with header fields:
Validation request:
OPTIONS /endpoint HTTP/1.1
Host: webhook.example.com
WebHook-Request-Origin: eventemitter.example.com
WebHook-Request-Callback: https://example.com/confirm?id=12345&key=...base64..
WebHook-Request-Rate: 120
Validation response:
HTTP/1.1 200 OK
Allow: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS
Access-Control-Allow-Origin: https://eventemitter.example.com
Access-Control-Allow-Methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS
Access-Control-Allow-Headers: Content-Type
WebHook-Allowed-Origin: eventemitter.example.com
WebHook-Allowed-Rate: 120
Delivery request:
POST /myresource HTTP/1.1
Host: server.example.com
Authorization: Bearer mF_9.B5f-4.1JqM
WebHook-Request-Origin: eventemitter.example.com
Content-Type: application/cloudevents+json; charset=utf-8
Content-Length: nnnn
{
"specversion": "1.0",
"type": "nl.overheid.zaken.zaakstatus-gewijzigd",
"source": "urn:nld:oin:00000001823288444000:systeem:BRP-component",
"id": "f3dce042-cd6e-4977-844d-05be8dce7cea",
... further attributes omitted ...
}
Delivery response:
HTTP/1.1 204 No Content
Naast onderdelen die als niet normatief gemarkeerd zijn, zijn ook alle diagrammen, voorbeelden, en noten in dit document niet normatief. Verder is alles in dit document normatief.