2024-02-01 TSC Minutes

Attendees & Representation

TSC Members may indicate their attendance by marking an X in the column to the right.

Community members may use @name tag to mark their attendance below the table. 

LF Staff:

Community: @Mark Cornall @Rafal Artych  Laszlo Suto, Lazar Bulic, Olta Vangjeli, Ramit Chawla, Aleksander Brankovic, Tanja de Groot, Uwe Rauschnbach, @Ramesh Shanmugasundaram , T Rehman

Agenda

The project's Antitrust Policy, which you can find linked from the LF and project websites. The policy is important where multiple companies, including potential industry competitors, are participating in meetings. Please review and if you have any questions, please contact your company legal counsel. Members of the LF may contact Andrew Updegrove at the firm Gesmer Updegrove LLP, which provides legal counsel to the LF.   Antitrust Policy

Open

• Roll Call

• Action Items Review

• Agenda Bashing

• General Topics

  • Update from CAMARA Fund Board Meeting

  • API Backlog

  • Commonalities

  • Identity & Consent Management

  • Release Management

• GSMA certification of CAMARA APIs 

• Any Other Topics

Minutes

Action Item Review

Updates from CAMARA Fund Board Meeting (@Herbert Damker )

• David del Val took over the role of Juan Carlos García as voting representative of Telefonica

• We have now two nominated Community Release Managers

  • Samuel Adeyemo nominated by Nokia 

  • Marouane Balmakhtar nominated by T-Mobile US 

• Markus Kümmerle elected as Chair of the CAMARA Outreach Committee

  • formerly known as Marketing Working Group ... now merged

API Backlog (@joseantonio.ordonezlucena )

• New sub project for network slicing API (approved on last meeting) created: https://github.com/camaraproject/NetworkSliceBooking

  • Mailing list: https://lists.camaraproject.org/g/sp-nsb

• Request to approve API Proposal "Call Forwarding Signal"

  • see message: https://lists.camaraproject.org/g/tsc/message/113

  • Proposal presented by Fabrizio

    • Anti-fraud use case proposal from GSMA OGW

    • Indicates if voice call forwarding is enabled for a device

    • Applicable to both mobile and fixed devices

  • DECISION: Approved

    • Jose to provide agreed sub-project maintainers

• Discussion about not yet accepted "Device Visit Location", see TSC mailing list

  • API requires end user location to be collected and stored for an extended period (30 days)

  • Privacy / user consent issue, as end user must consent before data can be collected and stored, which must start long before API is called

  • Kevin raised issue of possible negative press coverage from misinterpretation on how API would be used, and anti-fraud use case is unclear

  • Anti-fraud use case appears weak, marketing use case may be controversial

    • Device Location APIs give current location, which does have a clear anti-fraud use case

  • Henry expressed view that TSC should not block APIs if technically possible and seen as valuable for some markets

  • PROPOSAL:

    • GSMA OGW product workstream to re-check commercial value of such an API

    • Anti-fraud use case to be reviewed and clarified

    • Remove marketing use case

    • TSC to then agree disclaimer to be included in sub-project repository

Commonalities

• Update on important topics and request of actions

• Update from Rafal:

  • Preparing next release (v0.3) with linting rules and API testing guidelines (see last meeting minutes)

  • Discussion about error response format:

    • Current format defined in Design Guidelines, a change would break all API following this format

    • Proposal to use RFC 9457 Problem Details for HTTP APIs for error responses

    • Lot of examples (e.g. from cloud providers) of different error response schema

    • Question: keep current definition or change towards RFC based schema

    • Proposal: request company opinions within the issue. If no consensus raise it to TSC for a vote.

      • Eric will close the current issue and open a new one with the summary of current positions. There comments should be raised.

  • Issue #128 API Design : UNAUTHENTICATED 401 API format issues with some gateway implementations, e.g. having no control over error schema

Identity & Consent Management

• Initial input info by Diego

• The moderation role will be handed over from Jesús Peña (Telefónica) to Axel Nennker (DT)

• Release v0.1 generated https://github.com/camaraproject/IdentityAndConsentManagement/releases/tag/v0.1.0 (will be referenced by Commonalities v0.3.0).

• OIDC profile first draft provided by Telefonica.

  • High participation - several comments to discuss/agree points on the profile

  • Agreement within the working group: Profile will be self-contained, but will clearly remark every change or deviation with regards to existing referenced standards e.g.: OAuth2 or OIDC.

• Duplicity of information GSMA-CAMARA: Issue in GSMA already created, PR to follow to remove redundant info

Release Management 

• Two Release Managers nominated and onboarded, see above

• Weekly working group meetings (see Release Working Group Minutes)

• Work on release process started (see Meta-release Milestones)

GSMA certification of CAMARA APIs (@Mark Cornall)

•  

• GSMA would like a global standard, which includes authorisation flow even if local regulation allows alternative authorisation flows

• Chris requested extended discussion on common testing issues at next meeting

Any Other Topic

• ...

Action items