Module `tripleblind.agreement`

Agreements allow organizations to customize permissions and costs of using specific assets for partner organizations. When agreements are in place, partner organizations can use the asset without requesting permission.

Global variables

var NAMESPACE_DEFAULT_USER: Special UUID which represents the current user

Functions

def has_agreement_permissions(session: Optional[Session] = None)

Verify that the user has permission to create and delete agreements

Args

session (optional):

Returns

bool: True if the user has write permission, false if read-only

Classes

class Agreement (id: UUID, asset_id: UUID)

Points to an Agreement object on the TripleBlind Router.

Agreements allow other organizations to use an Asset at will without requiring express permission for each access. Agreements also specify the price the partner organization pays for each access.

Class variables

var asset_id : uuid.UUID: Asset Identifier associated with this Agreement.
var id : uuid.UUID: Identifier for this Agreement.

Static methods

def create(to_org: int, asset_id: "Union[UUID, 'Asset']", asset_cost: float = 0, asset_restricted: bool = True, expiration: str = None, run_limit: int = None, algorithm: "Union[UUID, 'Asset']" = None, algorithm_security: str = None, protocol: "Union[UUID, 'Asset']" = None, custom_protocol: "Union[UUID, str, 'Asset']" = None, only_visible: bool = False, session: Optional[Session] = None)

Create an Agreement between your organization and another.

Agreements are only valid for the Asset specified unless asset restricted is explicitly set to False. If it is False, the Agreement created is valid for all of the organization's Assets. If the Asset specified is an algorithm, the default security level is set to SMPC. If FED is acceptable, the user can set the algorithm_security parameter to "fed".

Agreements must specify an operation that is allowed under the terms of the Agreement. The user must specify either a TripleBlind supplied protocol or a custom Algorithm.

Expiration and Run Limit allow other organizations to use your Asset at will within the bounds of those terms without requiring express permission for each access. Agreements also specify the price the partner organization pays for each access.

Only Visible overrides expiration and run limit auto-grant permission properties. Making an unpublished Asset visible to another organization while still requiring permission requests for each Job.

NOTE: If an Agreement already exists, it will be returned. To modify properties (such as cost) you must delete the existing Agreement and create a new one.

Args

to_org : int: ID of the partner organization, or "ANY" to make an Asset available to everyone without explicit permission.
asset_id : Union[Asset, UUID]: The Asset that will be governed by the Agreement.
asset_cost : float: The cost the partner organization has to pay for each access of the Asset (in US dollars). Default is 0 (no cost).
asset_restricted : bool: Limits Agreement to only govern the asset specified. If False, the Agreement applies to any of the Organization's Assets (Defaults to True).
expiration : str: ISO formatted date on which the Agreement becomes invalid.
run_limit : int: The number of jobs that can be created under the Agreement before it becomes invalid.
algorithm : UUID: ID of the algorithm that is allowed to be used on the given Asset.
algorithm_security : str: "smpc" or "fed". Specifies the level of algorithm security required to run the operation.
protocol : UUID: ID of the Protocol that is allowed under the Agreement.
custom_protocol : UUID: ID of the CustomProtocol.
only_visible : bool: If True, overrides any auto grant permission parameters, making an private Asset visible to the counterparty and usable with permission requests being granted.
session : Session, Optional: A connection session. If not specified the default session is used

Raises

TripleblindPermissionError: User is doesn't have permission to create agreements for their organization or is not Asset owner.
TripleblindAssetError: Invalid parameters sent.

Returns

Agreement: The created Agreement object

Instance variables

var algorithm : uuid.UUID
var algorithm_security : str
var asset : uuid.UUID
var asset_cost : str: str: Agreed cost of each access of the asset
var asset_cost_id : uuid.UUID: UUID: Cost tier of each access of the asset
var asset_restricted : bool
var custom_protocol : uuid.UUID
var expiration : str
var from_org : str: str: Name of the organization granting access
var from_org_id : uuid.UUID: UUID: ID of the organization granting access
var is_valid : bool: Is this Agreement object valid? Forces sync with the Router.
var only_visible : bool
var protocol : uuid.UUID
var run_limit : int
var to_org : str: str: Name of the organization receiving access
var to_org_id : uuid.UUID: UUID: ID of the organization receiving access

Methods

def remove(self, session: Optional[Session] = None)

Remove the Agreement between two organizations from the associated Asset. The organization can still access the asset if it is listed as discoverable, but they will require express permission with each access.

Args

session : Session, optional: A connection session. If not specified the default session is used

Returns

bool: True if the Agreement is removed from the Asset