Agenda

Antitrust Policy

Topic 1

Adapt other documents to Camara Security and Interoperability Profile

• Axel (as himself not as ICM) proposed an Issues and PR in Commonalities 
  
  

  • Adapt API Guidelines to ICM Securtiy and Interoperability Profile

    • @Jesús Peña García-Oliva points out that the PR intended to adapt API design guidelines to the new ICM profile also moves and changes without notice the ICM guidelines for the "securitySchemes" and "security" openAPI fields. Jesús disagrees with the way this specific information has been managed directly creating a PR in Commonalities, bypassing the ICM's potential decision on it. 

• Document that could/should be adapted
  
  

  • Commonalities API Guidelines

  • CAMARA APIs access and user consent management

    • @Jesús Peña García-Oliva open an Issue (#154) and created a PR (#155) to update the CAMARA-API-access-and-user-consent.md document to reflect the latest profile decisions and/or to include references to the new CAMARA-Security-Interoperability.md profile document where appropriate. This was agreed in previous working group meeting (08/05).

      • @Jesús Peña García-Oliva mentioned that he would like to close this PR and to do so a reasonable deadline will be set for receiving further comments. 

• ICM topic
  
  

  • OpenAPI definitions: security schemes 

  • Purpose

After a long a discussion, it was agreed to create a new issue on the ICM working group github in order to make this matter visible to the ICM working group participants, let them express their opinions, and eventually agree on a resolution on where the documentation of the ICM AuthN/AuthZ common guidelines for API specs should be located: ICM doc vs. Commonalities doc. @Jesús Peña García-Oliva takes the AP toc reate the new issue (UPADTE: already done -> Issue #160)

Topic 2

Define an CIBA security scheme and guideline

• CIBA security scheme issue https://github.com/camaraproject/Commonalities/issues/209 that was now re-created in ICM

  • @Jesús Peña García-Oliva points out that this very issue has been discussed for weeks in the past, eventually escalated to the TSC, which ultimately made a final decision on the security scheme policies to be followed (see issue #57 and PR #93 for further details). It was properly documented in CAMARA-API-access-and-user-consent.md. It was also mentioned that this issue shouldn't be discussed again. @Jesús Peña García-Oliva  says that he would close this issue. It it proposed to keep the issue in backlog. @Jesús Peña García-Oliva agrees to not re-open it, but to keep it in the backlog "for the record".

 Topic 3

• Fix statement about "missing sub claim" in case there is no id token Issue and PR

Topic 4

• ICM examples: issue PR
  Thanks @Elisabeth Mueller for the suggestions

Topic 5

• Issue #128 & #138 and RFC9101 proposal. Candidates for meta-release that need a resolution.

Action items