Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

For APIs that are targeting to become a stable public API, for M3, the Release Management team shall request a review by Commonalities and ICM teams.

...

ICM team review - details

THese These points are taken from: https://github.com/camaraproject/IdentityAndConsentManagement/issues/189#issuecomment-2315026741 )

...

Example: OK SimpleEdgeCloud , the API can be used to verify a phone number like NumberVerification does. Please see API misuse Commonalities#259. If Phone-Number is part of the SimpleEdgeCloud API request then response tells the API consumer the same as a request to NumberVerification does.

  •  For APIs including a device object, check that Appendix A of the API-Design-Guidelines.md is respected: info.description template for device identification from access token

...

Q&A

  • Who can approve the M3 release PR ? Code Owners after RM approval is noted in the release PR or its issue. 

  • When to create a RM review issue ? when When the release-management_maintainers list is included as a reviewer in a release PR. 

  • When do I tick a review issue task ?

    • Review actions: tick after checking the related file(s) and putting the review comment(s) in the PR/PR issue about the(se) files. Also put just OK for the file if no comments.

    • Also put a comment in the review issue with the major review comments and the overall state of the API.

    • Release actions: tick when task is done.

  • When do we close the review issue ? When all tasks in the review issue are ticked as done. Close as completed.

  • Question: should Should we add a milestone label so we can filter on it later ? 

  • How to know if an APIs API is covered by RM ?  Use a comment in the comment fields of the API release tracker, visible on the Meta-release pageOnce a review issue is created it links to the PR. and should be visible in the comments.

  • Is there a way to know if an API requires consent request ? No, this is local regulation. It is covered when using the security scheme and the scope rules.

Open questions

  • should the test file files contain the API version number ? e.g. Feature: CAMARA Call Fowarding Signal  API, v0.1.0 - Operation call-forwardings - is it required to include the version (as people forget to update it) As the tests are in the same release package, can the version number be avoided in the test features ?

  • can we automate test generation for an API - which tools ? - which ensures that all API spec errors/cases are covered by the tests ?

  • add guideline to use error codes in scenario names ?