Identity and Consent Management meeting
Attendees (Please add or remove yourself, speakers in bold)
Companies | Attendees | ||
---|---|---|---|
Deutsche Telekom AG | Herbert Damker, Axel Nennker, Shilpa Padgaonkar | ||
Ericsson | Elisabeth Mueller, Jan Friman | ||
Gapask | Rajesh Murthy | ||
GSMA | Mark Cornall, Toyeeb Rehman, Tom van Pelt | ||
KDDI | Tetsuya Chiba | ||
KPN | Huub Appelboom | ||
Nokia | Tanja De Groot, Gaurav Agarwal | OIDF | Bjorn Hjelm (OIDF), Joseph Heenan |
Orange | |||
Shabodi | Kevin Howe-Patterson | ||
Simptel | Izahir Clemencia | ||
Singtel | Foo Ming Hui | ||
Spry Fox Networks | Ramesh Shanmugasundaram, Parichaya Shrivastava | ||
T-Mobile PL | Dawid Wroblewski, Artych Rafał | ||
T-Mobile US | Karabulut, Murat | ||
Telefónica | Jesús Peña García-Oliva, Diego Gonzalez Martínez, Fabio Garcia, Guido García, Juan Fabio García, Pedro Ballesteros, David Vallejo, Juan Juan Antonio Hernando, Diego Yonadi | ||
Vodafone | Sönke Peters, Sachin Kumar | ||
Vodacom | Surajj JaggernathNicholas Venezia | ||
Kamel Idir |
Agenda
- Welcome
- Please add or remove yourself from the attendees list
Issues and PRs. Priority discussions (most active issues and/or dependencies for release v0.2):
- Profile work https://github.com/camaraproject/IdentityAndConsentManagement/pull/121
- New text for offline access / refresh token , now a separate section outside of flows
- New text on CIBA optional parameters binding_message, user_code, requested_expiry
- New text on id token sub claim
- Moved login_hint format to own section
- Broken link in v0.1 of CAMARA-API-access-and-user-consent.md Herbert Damker
- Management of opt-out with Implicit consent (legitimate Interest) #138 Sébastien Dewet
- Add missing offline access/refresh token doc from GSMA https://github.com/camaraproject/IdentityAndConsentManagement/pull/123
- Profile work https://github.com/camaraproject/IdentityAndConsentManagement/pull/121
AoB
Welcome
PR Add missing offline access/refresh token doc from GSMA discussion
It was mentioned during the call whether the information agreed upon and included in the OIDC profile in #121 is sufficient to cover offline access/refresh token usage.
The GSMA documentation could only refer to the CAMARA OIDC profile in the context of the GSMA requirements for Open Gateway off-net scenarios.
It was proposed by Axel Nennker to close the PR and during the call there were no objections from the call participants to do so (from Telefónica/Jesús Peña García-Oliva they said they would ok to do so if that is now the WG decision).
The PR was closed during the call itself.
Opt-Out
We discussed the issue #138 and work continues there.
Purpose
Shilpa is going to create an issue on `purpose`.
Operators are asked whether they have the requirement that multiple purposes in one request are needed.
There are UX issues if the client has to ask for each purpose separately. But still, is this a requirement to ask for multiple purposes?
Axel said that clients should ask for very specific, fine-grained access and not for the mother-of-all-access-tokens and consent for that from the user.
We want to keep the dpv syntax in the profile. Not sure were to put it. Please suggest changes.
Closing Remarks
Axel kindly asked participants to comment on issues and to review PRs and most importantly contribute text changes to PR. WGs thrive only if members become participants. So, again please participate. Please comment and review.
AoB
- Next call schedule: March 27, 2024.