...
Attendees (Please add or remove yourself)
Companies | Attendees |
---|---|
Deutsche Telekom AG | Herbert Damker, Axel Nennker, Shilpa Padgaonkar |
Ericsson | Elisabeth Mueller, Jan Friman |
Gapask | Rajesh Murthy |
GSMA | Mark Cornall, Toyeeb Rehman, Tom van Pelt |
KPN | Huub Appelboom |
Nokia | Tanja De Groot, Gaurav Agarwal |
OIDF | Bjorn Hjelm (OIDF), Joseph Heenan |
Shabodi | Kevin Howe-Patterson |
Singtel | Foo Ming Hui |
Spry Fox Networks | Ramesh Shanmugasundaram, Parichaya Shrivastava |
T-Mobile PL | Dawid Wroblewski, Artych, Rafał |
T-Mobile US | Karabulut, Murat |
Telefónica | Jesús Peña García-Oliva, Diego Gonzalez Martínez, Guido García, Juan Fabio García, Pedro Ballesteros, David Vallejo, Juan Antonio Hernando, Diego Yonadi |
Vodafone | Sönke Peters, Sachin Kumar |
Vodacom | Surajj Jaggernath |
...
Discussion about offline-access and Refresh Token PR
Axel provided text for Offline-access for authorization code flow that Jesús said matches the GSMA text, but the CIBA related text for offline-access is TBD. On the one hand, Jesús Peña García-Oliva said that he supports (and Telefónica) that the final text we end up agreeing on regarding offline access definitely needs to be included in the CAMARA OIDC profile. But specifically regarding the refresh_token/offline_access flows included in CAMARA-API-access-and-user-consent.md in that PR, the working group should make a decision if we want to merge them eventually or if the PR should be closed considering only the offline access section of the profile. The original request was to move the information from GSMA to CAMARA.
On the other hand, regarding the proposed offline access text for the OIDC profile in the PR, Jesús Peña García-Oliva said that he is fine with this text, except for the rules copied from the OIDC standard. In the case of CAMARA, authorization code is not the only flow to support. For example, offline_access must also be allowed for the CIBA flow. And I also mentioned that there was no requirement on the prompt value or application type to use the offline_access scope to request a refresh token to cover Opengateway off-net scenarios to access CAMARA service APIs.
Then Axel Nennker clarified that the proposed text was only for Auth code flow, which Jesús Peña García-Oliva hadn't noticed before.
Axel asked for some days to provide CIBA-related text.
...