common.member

io.token.proto.common.member common/src/main/proto/member.proto


syntax = "proto3";
package io.token.proto.common.member;

option java_outer_classname = "MemberProtos";
option csharp_namespace = "Tokenio.Proto.Common.MemberProtos";

import "address.proto";
import "alias.proto";
import "security.proto";
import "extensions/field.proto";
import "extensions/message.proto";

// Adds member key to the directory.
message MemberAddKeyOperation {
  io.token.proto.common.security.Key key = 1; // Key to add
}

// Removes member key from the directory.
message MemberRemoveKeyOperation {
  string key_id = 1; // ID of key to remove
}

// Adds/removes member alias to/from the directory.
message MemberAliasOperation {
  // Hash of alias to add/remove
  // https://developer.token.io/sdk/esdoc/class/src/Util.js~Util.html#static-method-hashAndSerializeAlias
  string alias_hash = 1;
  string realm = 2  [deprecated = true]; // Realm of alias to add/remove
  string realm_id = 3;
}

// Sets recovery rules for member. Overrides all previously set rules.
// https://developer.token.io/sdk/?java#recovery-rules
message MemberRecoveryRulesOperation {
  RecoveryRule recovery_rule = 1;
}

// Provides an agent signature authorizing the recovery operation. Multiple authorizations
// might be required in order to initiate the recovery process.  The number of required signatures
// is governed by Recovery Rules associated with the member.
message MemberRecoveryOperation {
  Authorization authorization = 1;
  // Java SDK Member.authorizeRecovery can generate signature
  // https://developer.token.io/sdk/javadoc/io/token/Member.html#authorizeRecovery-io.token.proto.common.member.MemberProtos.MemberRecoveryOperation.Authorization-
  io.token.proto.common.security.Signature agent_signature = 2;

  message Authorization {
    string member_id = 1;
    string prev_hash = 2;
    io.token.proto.common.security.Key member_key = 3;
  }
}

message MemberDeleteOperation {}

message MemberPartnerOperation {}

message MemberRealmPermissionOperation {
  repeated RealmPermission permissions = 1;
}

message MemberOperation {
   oneof operation {
     MemberAddKeyOperation add_key = 1;
     MemberRemoveKeyOperation remove_key = 2;
     MemberAliasOperation remove_alias = 4;
     MemberAliasOperation add_alias = 5;
     MemberAliasOperation verify_alias = 6;
     MemberRecoveryRulesOperation recovery_rules = 7;
     MemberRecoveryOperation recover = 8;
     MemberDeleteOperation delete = 9;
     MemberPartnerOperation verify_partner = 10;
     MemberPartnerOperation unverify_partner = 11;
     MemberRealmPermissionOperation realm_permissions = 12;
   }
}

// Updates member information in the directory. The directory is append only
// log of operations.
message MemberUpdate {
  string prev_hash = 1;
  string member_id = 2;
  repeated MemberOperation operations = 3;
}

// Metadata associated with MemberUpdate.
// It is outside of MemberUpdate because MemberUpdate is signed and passed to the Directory.
message MemberOperationMetadata {
  oneof type {
    AddAliasMetadata add_alias_metadata = 1;
    AddKeyMetadata add_key_metadata = 2;
  }

  message AddAliasMetadata {
    string alias_hash = 1;
    io.token.proto.common.alias.Alias alias = 2;
  }

  message AddKeyMetadata {
    string keychain_id = 1;
  }
}

// Metadata associated with MemberUpdateResponse.
message MemberOperationResponseMetadata {
  oneof type {
    AddAliasResponseMetadata add_alias_response_metadata = 1;
  }

  message AddAliasResponseMetadata {
    string alias_hash = 1;
    string verification_id = 2;
  }
}

// A recovery rule specifies which signatures are required for a member reset operation.
message RecoveryRule {
  string primary_agent = 1;             // the member id of the primary agent
  repeated string secondary_agents = 2; // an optional list of member ids acting as secondary agents
}

// A member record that is computed by replaying all the member updates.
message Member {
  string id = 1;                                        // member ID
  string last_hash = 2;                                 // last hash; used with UpdateMember
  repeated string alias_hashes = 3;                     // hashes of verified aliases
  repeated io.token.proto.common.security.Key keys = 4; // public keys
  repeated string unverified_alias_hashes = 5;          // hashes of unverified aliases
  RecoveryRule recovery_rule = 6;                       // recovery rule
  int32 last_recovery_sequence = 7;                     // sequence number for member's last recovery entry
  int32 last_operation_sequence = 8;                    // sequence number for member's last operation
  MemberType type = 9;                                  // type of member
  string partner_id = 10;                               // affiliated partner id
  bool is_verified_partner = 11;                        // indicates if member is verified partner
  string realm_id = 12;                                 // realm owner member id
  repeated RealmPermission realm_permissions = 13;      // realm permissions assigned; Used to verify MemberOperations that this member can perform as realm owner.
  repeated io.token.proto.common.security.Key expiredKeys = 14; // expired public keys

  enum MemberType {
    INVALID_MEMBER_TYPE = 0;
    PERSONAL = 1; // Bank's customer, end user; should be under bank's realm
    TRANSIENT = 4;
    BUSINESS = 5; // a customer of Token; Token is the regulated TPP in this case
    LICENSED_TPP = 6; // a customer of Token but uses its own licence; Token is a TSP for the business in this case
    DIRECT_BANK_TPP = 7; // a regulated party using its own licence to connect to a specific Token managed bank under the provisions of the regulation(s); Token is a TSP to the bank in this case
    BANK = 8;
    TOKEN = 9; // a single member that represents Token realm
  }
}

// A member address record
message AddressRecord {
  option deprecated = true;
  string id = 1; // Address id
  string name = 2; // The display name of the address, e.g., "Office"
  io.token.proto.common.address.Address address = 3; // Country specific JSON address
  io.token.proto.common.security.Signature address_signature = 4; // member signature of the address
}

// Public profile
message Profile {
  option (io.token.proto.extensions.message.redact) = true;
  string display_name_first = 1 [deprecated = true];    // first name; DEPRECATED refer member.profileName
  string display_name_last = 2 [deprecated = true];     // last name; DEPRECATED refer member.profileName
  string original_picture_id = 3;   // blob ID. Ignored in set profile request
  string small_picture_id = 4;      // blob ID. Ignored in set profile request
  string medium_picture_id = 5;     // blob ID. Ignored in set profile request
  string large_picture_id = 6;      // blob ID. Ignored in set profile request
}

// Profile picture sizes
enum ProfilePictureSize {
  INVALID = 0;
  ORIGINAL = 1; // same size as uploaded
  SMALL = 2;    // 200x200
  MEDIUM = 3;   // 600x600
  LARGE = 4;
}

message ReceiptContact {
  string value = 1 [(io.token.proto.extensions.field.redact) = true];
  Type type = 2;

  enum Type {
    INVALID = 0;
    EMAIL = 1;
  }
}

message Device {
  string name = 1;
  io.token.proto.common.security.Key key = 2 [deprecated = true];
  repeated io.token.proto.common.security.Key keys = 3;
}

enum CreateMemberType {
  INVALID_MEMBER_TYPE = 0;
  PERSONAL = 1;
  BUSINESS = 2;
  TRANSIENT = 3;
  LICENSED_TPP = 4;
}

enum RealmPermission {
  INVALID_REALM_PERMISSION = 0;
  VERIFY_ALIAS = 1;
  ADD_ALIAS = 2;
  REMOVE_ALIAS = 3;
  ADD_KEY = 4;
  REMOVE_KEY = 5;
}

message Customization {
  string customization_id = 1;
  string name = 5;                    // display name
  string logo_blob_id = 2;            // logo blob id
  map<string, string> colors = 3;     // colors in hex string #AARRGGBB
  string consent_text = 4;            // use '\n' for line breaks.
  // TODO(RD-1985): re-evaluate app_name
  string app_name = 6;                // the name of the corresponding app
}

message Keychain {
  string keychain_id = 1;
  string name = 2;
  repeated io.token.proto.common.security.Key keys = 3;
}

message MemberInfo {
  string id = 1;
  repeated io.token.proto.common.alias.Alias aliases = 2;            // verified aliases
  string profile_name = 3;
  int64 created_at_ms = 4;
}

message SubTpp {
  string id = 1;            // identifier
  string member_id = 2;     // member id under which this Tpp is registered
  string name = 3;          // registered name of this Sub TPP
  string domain = 4;           // registered domain URL
  string domicile_country = 5;
  bytes logo = 6;           // sub tpp logo
  Status status = 7;
  int64 created_at = 8;
  int64 updated_at = 9;
  string status_reason_information = 10;
  string mcc_code = 11;    // optional mcc code
  string parent_sub_tpp_id = 12;
  repeated string child_sub_tpp_ids = 13;
  Merchant merchant = 14;
  repeated string restricted_countries = 15;

  enum Status {
    INVALID_STATUS = 0;
    ACTIVATED = 1;          // sub-TPP is activated, i.e. allowed to make the calls
    REJECTED = 2;           // sub-TPP was rejected during KYC check
    AWAITING_APPROVAL = 3;  // sub-TPP is added and is awaiting approval
    DEACTIVATED = 4;        // sub-TPP was activated before, but is deactivated now
  }
}

message Merchant {
  string merchant_jurisdiction = 1;
  string legal_entity_name = 2;
  string company_registration_number = 3;
  string primary_use_case = 4;
  string iban = 5;
  string bic = 6;
  string reporting_identifier = 7;
  string reporting_label = 8;
  string approval_date = 9;
  string termination_date = 10;
  ChargeableStatus chargeable_status = 11;
  string uid = 12;
  string industry = 13;
  RegulatoryType regulatory_type = 14;
  repeated CompetentAuthorities competent_authorities = 15;
  RiskAssessmentScore risk_assessment_score = 16;
  string risk_assessment_review_date = 17;
  string sub_tpp_id = 18;

  enum ChargeableStatus{
    INVALID_STATUS = 0;
    CHARGEABLE = 1;
    PASS_THROUGH = 2;
    INTERNAL = 3;
  }

  enum RegulatoryType {
    INVALID_TYPE = 0;
    TYPE_1 = 1;
    TYPE_2 = 2;
  }

  enum CompetentAuthorities {
    INVALID_AUTHORITY = 0;
    FCA = 1;
    BAFIN = 2;
  }

  enum RiskAssessmentScore {
    INVALID_SCORE = 0;
    GREEN = 1;
    AMBER = 2;
    RED = 3;
  }
}