2025-06-05 TSC Minutes

Attendees & Representation

LF Staff:

Agenda

• Review and approval of previous meeting minutes

• Action Items Review

• General Topics

  • Governance & project management issues

  • API Backlog

  • Commonalities

  • Identity & Consent Management

  • Release Management

• Specific Topics

  • Skipped

• Any Other Topics

Minutes

Review and approval of previous meeting minutes

• Minutes of previous TSC meeting: https://lf-camaraproject.atlassian.net/wiki/spaces/CAM/pages/113312014

  • No comments from the TSC

Action Item Review

• See home page Technical Steering Committee for current list of open action items

  • One open action item (ongoing)

Governance & Project Management issues

• https://github.com/camaraproject/tooling/issues/8

  • The current used links used to display API descriptions with http://editor.swagger.io are broken, they don't display the YAML in the URL parameter as expected any more. https://editor-next.swagger.io/ is also no sustainable solution.

  • Solution is an own fork of the open-source Swagger UI at https://camaraproject.github.io/swagger-ui/ (done)

  • Next steps:

    • Automated replacement of all links within existing release descriptions (about 130 links will be replaced)

    • Automated creation of PRs to replace links within /README and /CHANGELOG files (about 25 PRs will be created in repositories, example)

  • Thanks you to @Kevin Smith to drove this !

• https://github.com/camaraproject/ReleaseManagement/issues/195

  • To ensure that release PRs a) automatically involve the Release Management b) can't be accidentally merged without a Release Management approval, a newly created team @camaraproject/release-management_reviewers (currently: @Tanja de Groot @Herbert Damker @Rafal Artych) was introduced as owner of CHANGELOG.md in all repositories. That's a usual best practice to ensure the involvement of release management reviewers in releases.

  • Happy to get more codeowner as release PR reviewers with experience in CAMARA !

• New issues in Governance

  • https://github.com/camaraproject/Governance/issues/193

    • Repository to host (partially already created) workflows to

      • create new (Sandbox) API repositories

      • bulk changes across repositories

      • automated (consistency) reports

    • Example use cases for bulk changes: disabling of GitHub wiki in repositories (done), adding codeowners for /CHANGELOG.md (done), deploying CHANGELOG.md place holder (planned) in repositories, deploying the linting and PR validation workflows

    • While the formal ownership is with the project (= TSC), the proposal is to add the Release Management codeowners team and the CAMARA admin team as codeowners of the repository and discuss day-to-day issues within the Release Management meetings

    • Good for the TSC to move forward

  • https://github.com/camaraproject/Governance/issues/191

    • Some remaining work from introduction of Sandbox / Incubating approach and recent template updates

  • https://github.com/camaraproject/Governance/issues/189

    • See API Backlog Working Group below

• Recently closed issues:

  • https://github.com/camaraproject/Governance/issues/164

    • Moved to discussion as announcement to keep the information about the taken decision. Please consider when setting new meeting (series)!

  • Issues related to introduction of Sandbox/Incubating approach (#170, #174, #178, #179)

  • https://github.com/camaraproject/Governance/issues/184

    • Change done back in March. Blocked organization members down to 7 (most probably inactive, need to addressed on repository level)

  • https://github.com/camaraproject/Governance/issues/181

    • Stale issue without further comments. Original topic can’t be solved in context of CAMARA.

    • This point is managed by the GSMA.

• Some older pending questions and editorial issues regarding Governance documents need attention.

API Backlog (@Jorge Garcia Hospital)

• (See message from @Jorge Garcia Hospital with proposals for 30/05)

• Two APIs proposed for review to become sandbox:

  • MultiPoint VPN

    • Provides on-demand connectivity across various networks with guaranteed bandwidth and flexible SLAs.

    • Proposed by Infosys, original issue 205, MultiPoint VPN template and additional information: MultiPoint VPN.pdf

    • Sandbox repository to be independent.

    • Question and discussion about relation on to DedicatedNetworks, should be observed when the API gets more material.

    • @Tanja de Groot raised the problem of the proliferation of API as if we create an API for each technology we did not simplify the problem (@Jan Friman agreed)

    • @Mark Cornall @Ludovic Robert raised the point about overlap/collision with MEF APIs.

      • Bishnu (Infosys) indicated that a round of discussions has already took place with MEF. As the proposal API is on another layer this was “accepted” by MEF but additional sync will be require.

    • Decision: No formal objections → OK for sandbox

  • Voice Verification Code

    • Enables fast and secure delivery of voice verification codes to mobile phones, enhancing identity verification with higher protection than SMS and nearly 100% success rate.

    • Proposed by China Unicom, original issue 160, Network Traffic Analysis template and additional information: Voice Verification Code API Introduction.pptx

    • Sandbox repository to be part of “Number Insights” (aka “Number Verification” previously) subproject.

    • Decision: No formal objections → OK for sandbox

• Additional administrative topics:

  • Incubation requests:

    • @Herbert Damker propose a formal vote for the transition to incubation because this is an important step in CAMARA API lifecycle.

    • Population Density Data → New subproject to be created [https://github.com/camaraproject/APIBacklog/issues/215 ]

      • Decision: Vote will take place

    • Device Swap → To be included in Number Insights subproject [https://github.com/camaraproject/APIBacklog/issues/214 ]

      • Decision: Vote will take place

  • (information) Subproject renaming: The current Number Verification subproject (which includes Number Verification API, SIM Swap, SMS-OTP APIs, and Device Swap) will be renamed to Number Insights. [Issue https://github.com/camaraproject/APIBacklog/issues/216 ]

  • (information) KnowYourCustomer API Repository split: Age Verification, Fill-in, and Match APIs will be split into separate repositories. Onboarding trackers have been created [issues 217, 218, 219].

    • No sub project name change for now, still “Know Your Customer”(even if “Customer Insights” will look pretty good)

  • (confirmation) Edge Cloud APIs Split: Similar to previous one, but not yet confirmed.

    • Decision: No objection from the TSC (…just be careful with the api name to avoid capitals - fixed on the fly )

  • (proposal for review) Frozen API draft: A proposal has been made to introduce a “frozen” API draft status to help manage the backlog and focus on active proposals [Governance issue https://github.com/camaraproject/Governance/issues/189].

    • Review required: We let the issue/PR open till next TSC to gather TSC feedback and then will be discussed in next TSC - See also PR190

Commonalities (@Rafal Artych )

• Draft PR Release 3.2 #478

  • Pending PRs:

    • https://github.com/camaraproject/Commonalities/pull/457

    • Subscription API related: #464, #470, #475, #477 - breaking changes possible

  • Changes impacting API/test definitions due to r3.2 will be summarized in https://lf-camaraproject.atlassian.net/wiki/spaces/CAM/pages/132218881

  • Tooling - initial implementation of reusable workflows for linting

    • tested with SimpleEdgeDiscovery

    • implementation in Fall25 - until M4

    • content + documentation:

      • https://github.com/camaraproject/tooling/blob/main/linting/README.md

      • https://github.com/camaraproject/tooling/blob/main/linting/docs/Reusable Workflows.md

    • Way of roll-out via automated created PR in each applicable repository (API repositories)

      • codeowners decide about time when they want to merge it (to be done until Fall 25 M4)

Identity & Consent Management (@diego.gonzalezmartinez on behalf of @Axel Nennker )

• Merged remaining PRs labelled Fall25

  • Introduced a new flow “JWT Bearer Flow”

  • Agreed on new text for the description of CIBA flow

• https://github.com/camaraproject/IdentityAndConsentManagement/pull/295

• Continue work on Consent Info API

Release Management (@Tanja de Groot)

• M2 (June 7)

  • Release-candidates of Commonalities and ICM

    • Commonalities call shifted to June 16 due to holiday on June 9, but PR expected to be ready on time for RM review

    • Commonalities release-candidate expected to be ready on time for RM review.

• M3 (June 21)

  • Currently 59 APIs proposed for the meta-release (numbers are not final as API repository teams can decided until M3 milestone to participate), thereof

    • 24 new APIs

    • 35 updated APIs, of which 9 stable APIs, possibly 2 new stable APIs (device-swap, population-density-data); 3 missing (blockchain-public-address, home-device-qod, …)

  • Release-candidates (release PRs) of APIs should be provided by Jun 21

Specific Topic 1 (...)

• OWASP security guidelines (SKIPPED)

  • Spectral ruleset available: https://apistylebook.stoplight.io/docs/owasp-top-10-2023 and results in multiple errors

  • review of OWASP guidelines is needed to reflect them in CAMARA API Design Guide → breaking changes expected

  • next meta-relase ??

Any Other Business

• No

Next Meeting

• Next TSC Meeting will be on June 19th at 15:00 UTC (17:00 CEST / 08:00 PST)

  • It’s a regional holiday in some (European?) countries, so participation might be limited.

  • Only few members of the TSC impacted, meeting will stay as planned

• Specific agenda topics backlog:

  • End User Council will be on next TSC meeting agenda.

  • OWASP security guidelines (as skipped above).

Action items