Page Comparison

The following sections provide guidance on how to review a release PR / issue.

...

• if you see a release PR that is nearly ready, add a comment as follows: "Please add @release-management_maintainers to this PR once the PR is ready"
• for final approval use a comment: "LGTM from ReleaseManagement."

ICM checks:

ICM Review - SimpleEdgeDiscovery - v1.0.0

(from: https://github.com/camaraproject/IdentityAndConsentManagement/issues/189#issuecomment-2315026741)

Ref: https://github.com/camaraproject/SimpleEdgeDiscovery/blob/r1.2/code/API_definitions/simple-edge-discovery.yaml

•  Check the ICM-defined info.description template (Authorization and Authentication section). Reference
  Checked https://github.com/camaraproject/SimpleEdgeDiscovery/blob/r1.2/code/API_definitions/simple-edge-discovery.yaml#L203
  ✅ OK

•  Check the use of openIdConnect for securitySchemes. Reference
  Checked https://github.com/camaraproject/SimpleEdgeDiscovery/blob/r1.2/code/API_definitions/simple-edge-discovery.yaml#L391
  ✅ OK

•  Check the use of the security property according to ICM definitions. Reference
  Checked the one endpoint
  https://github.com/camaraproject/SimpleEdgeDiscovery/blob/r1.2/code/API_definitions/simple-edge-discovery.yaml#L253
  ✅ OK.

•  Error codes are defined by Commonalities e.g. INVALID_TOKEN_CONTEXT.
  https://github.com/camaraproject/SimpleEdgeDiscovery/blob/r1.2/code/API_definitions/simple-edge-discovery.yaml#L551
  However, the ICM could check the definition of a 403 INVALID_TOKEN_CONTEXT if it applies to a specific API (e.g. APIs using device object or phoneNumber in the API request). Reflects an inconsistency between information in some field of the API request and the access token.
  ⚠️ OK with comments. The API specification has its own section Identifying the Device. The API specification does not include the recommended section called "Identifying a device from the access token" in info.description that provides a detailed description of the expected handling of the device object in the API request as it relates to the access token. It is specified in Appendix A: info.description template for device identification from access token and it is required for APIs that use the device object in the API requests.
  @Kevsy @crissancas @javierlozallu please check whether the recommended section is applicable

•  Verify that there is no unexpected leakage of users' personal information, such as API responses containing identifiers or information beyond the API functionality.
  ✅ OK SimpleEdgeCloud can be used to verify a phone number like NumberVerification does. Please see API misuse Commonalities#259. If Phone-Number is part of the SimpleEdgeCloud request then response tells the API consumer the same as a request to NumberVerification does.

ICM Review Result: ✅ OK

create an ICM review issue template for stable APIs or add these in the RM review issue template ?

Release actions

• Tick task when checked and done.
• Check if further review by TSC / Commonalities / ICM is needed (e.g. for targeted stable APIs), and leave issue open until those reviews are marked as done and OK in the review issue
• When all tasks and complementary reviews are completed, close the review issue with a comment on the overall status of the API.

...