Skip to end of banner Go to start of banner

2034-03-13: SP-ICM Minutes

Skip to end of metadata

Created by Axel Nennker, last modified on Mar 14, 2024

You are viewing an old version of this page. View the current version.

Identity and Consent Management meeting

Attendees (Please add or remove yourself, speakers in bold)

Companies	Attendees
Deutsche Telekom AG	Axel Nennker, Shilpa Padgaonkar
Ericsson	Jan Friman
Gapask	Rajesh Murthy
KDDI	Tetsuya Chiba
KPN	Huub Appelboom
Nokia	Tanja De Groot, Gaurav Agarwal
Orange	Sebastien Dewet
Simptel	Izahir Clemencia
Singtel	Foo Ming Hui
Spry Fox Networks	Ramesh Shanmugasundaram
T-Mobile PL	Artych Rafał
T-Mobile US	Karabulut, Murat
Telefónica	Jesús Peña García-Oliva, Diego Gonzalez Martínez, Fabio Garcia, Guido García, Juan Fabio García, David Vallejo, Juan Antonio Hernando
Vodafone	Sachin Kumar
	Nicholas Venezia
	Kamel Idir

Camara People Nick Venezia

Participants

Agenda

Welcome
1. Please add or remove yourself from the attendees list
Issues and PRs. Priority discussions (most active issues and/or dependencies for release v0.2):
- Profile work https://github.com/camaraproject/IdentityAndConsentManagement/pull/121
  - New text for offline access / refresh token , now a separate section outside of flows
  - New text on CIBA optional parameters binding_message, user_code, requested_expiry
  - New text on id token sub claim
  - Moved login_hint format to own section
- Broken link in v0.1 of CAMARA-API-access-and-user-consent.md Herbert Damker
- Management of opt-out with Implicit consent (legitimate Interest) #138 Sébastien Dewet
- Add missing offline access/refresh token doc from GSMA https://github.com/camaraproject/IdentityAndConsentManagement/pull/123
AoB

Welcome

PR Add missing offline access/refresh token doc from GSMA discussion

We agreed that the task to move the GSMA document to Camara is fulfilled because the content and meaning of that GSMA document is part of the OIDC profile.

Opt-Out

We discussed the issue #138 and work continues there.

Purpose

Shilpa is going to create an issue on `purpose`.

Operators are asked whether they have the requirement that multiple purposes in one request are needed.

There are UX issues if the client has to ask for each purpose separately. But still, is this a requirement to ask for multiple purposes?

Axel said that clients should ask for very specific, fine-grained access and not for the mother-of-all-access-tokens and consent for that from the user.

We want to keep the dpv syntax in the profile. Not sure were to put it. Please suggest changes.

Closing Remarks

Axel kindly asked participants to comment on issues and to review PRs and most importantly contribute text changes to PR. WGs thrive only if members become participants. So, again please participate. Please comment and review.

AoB

Next call schedule: March 27, 2024.

No labels