Versions Compared

Old Version 2

changes.mady.by.user Tanja de Groot

Saved on

compared with

New Version 3

changes.mady.by.user Tanja de Groot

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • all release assets are available
  • there were not too many changes wrt the previous version
  • it is expected to not have any changes in the next 2 meta-releases
  • the TSC approves it 

question 2

...

M3: Reference to commonalities in info object

In your API yaml file, in the info object, please make sure to add: x-camara-commonalities: 0.4.0

`NOTE: the fields `termsOfService` and `contact` are optional and can be removed.

example:

`info:

  title: One Time Password SMS

  description: |-

    Service Enabling Network Function API to send short-lived OTPs (one time passwords) to a phone number via SMS and validate it afterwards, in order to verify the phone number as a proof of possession.


    # Relevant  Definitions and concepts

    - **NaaS**: *Network-as-a-Service* model where Telco Network resources are exposed to third parties through APIs. In this particular API, One Time Password is exposed following this model.

    - **OTP**: *One Time password* is a one-time authorization code (OTAC) that is valid for only one login session or transaction.


    # API Functionality

    It enables a Service Provider (SP) to send an OTP code by SMS and validate it to verify the phone number (MSISDN) as a proof of possession.


    # Resources and Operations overview

    This API currently provides two endpoints, one to send an OTP to a given phone number and another to validate the code received as input.


    # Authorization and authentication

    [Camara Security and Interoperability Profile](https://github.com/camaraproject/IdentityAndConsentManagement/blob/main/documentation/CAMARA-Security-Interoperability.md) provides details on how a client requests an access token.


    Which specific authorization flows are to be used will be determined during onboarding process, happening between the API Client and the Telco Operator exposing the API, taking into account the declared purpose for accessing the API, while also being subject to the prevailing legal framework dictated by local legislation.


    It is important to remark that in cases where personal user data is processed by the API, and users can exercise their rights through mechanisms such as opt-in and/or opt-out, the use of 3-legged access tokens becomes mandatory. This measure ensures that the API remains in strict compliance with user privacy preferences and regulatory obligations, upholding the principles of transparency and user-centric data control.


  version: 1.0.0-rc.1

  x-camara-commonalities: 0.4.0

  termsOfService: http://example.com/terms/

  contact:

    name: API Support

    url: http://www.example.com/support

    email: support@example.com

  license:

    name: Apache 2.0

    url: https://www.apache.org/licenses/LICENSE-2.0.html`