Device Identifier Meeting Minutes 2024-09-06

Attendees & Representation

NameCompanyAttendee
Eric MurrayVodafone


Sachin KumarVodafone (moderator)X
Kevin SmithVodafone
Alex FerreiraPhronesis
Matthew HornseyPhronesis
Matthew HandPhronesis
Sébastien SynoldIntersec
S, VigneshwaranCognizant
Karthik Raj RethinakumarCognizant
Manish JainCognizant
Huub AppelboomKPN
Rafal ArtychDTX
Axel NennkerDT
Abhisek DasInfosys
Brian SmithShabodi
Umair Ali RashidShabodi
Foo Ming HuiSingtel
Vilim DuganicInfobip
Surajj JaggernathVodacom
Walid TrabelsiSofrecom (Orange)
Aleksander BrankovicIpification

Agenda

  • Review of previous meeting minutes
    • Approved
  • Review of Device Identifier API status
    • PRs
    • Issues
    • Discussions
  • AOB

Review of Device Identifier API status

  • Current "work in progress" version can be found here

PRs

New PRs

PR #72: Initial Test Definitions for DeviceIdentifier retrieve identifier

  • Proposal for test definitions in response to Issue #68
  • Final review required by more API participants

MEETING UPDATE :

  • No discussion

PR #73: Add EUDI Wallet and Mobile Device Insurance User Stories

  • Additional user stories for Device Identifier
  • Adds a use case where the physical device itself requests its own IMEI (because OS will not provide it to the app)
  • Review required by API participants

MEETING UPDATE :

  • No discussion

PR #78: remove misleading sentence on from where the API can be called

  • Proposal to remove description text stating that API can be called by "an application server or other 3rd party server"
  • Discussion and revision required as the API clearly can be called by an application or other 3rd party server

MEETING UPDATE :

  • No discussion
Existing PRs
Closed PRs

PR #81: Remove 405 error response from YAML

MEETING UPDATE :

  • PR merged on as this fixes a CAMARA non-compliance

PR #77: Reduce telco language in the API description

  • Removes reference to UE / User Equipment in description and replaces with "physical mobile device"

MEETING UPDATE :

  • PR merged on as no comments on proposed wording

PR #76: Rewrite text around treatment of primary / secondary MSISDN

  • Removes reference to a specific implementation of this, and rewrites using more generic language
  • Treatment of MSISDNs as phoneNumber remains the same - the phoneNumber will be treated as the secondary MSISDN, and can thus be used to identify the IMEI of all devices

MEETING UPDATE :

  • PR merged on as no comments on proposed rewording
  • PR #75: Fixes the missing required property in the the error response schema

    • Fixes the missing `required` property in the the error response schema

MEETING UPDATE :

    • PR merged on as this was a clear non-compliance with the Commonalities common JSON definitions
  • PR #67: Update CAMARA Mobile Device Identifier API.yaml

    • Commonalities v0.4.0 allows x-correlator to be any string, and not restricted to being a uuid.
    • Therefore "format: uuid" needs to be removed from the definition.

MEETING UPDATE :

    • No update

MEETING UPDATE  :

    • PR merged on  as no further comments
  • PR #66: Update CAMARA Mobile Device Identifier API.yaml

    • Update info section of OAS to comply with Commonalities guidelines v0.4.0

MEETING UPDATE  :

    • No update

ACTIONS:

    • PR merged on  as no further comments
  • PR #64: Incorporate Commonalities WG recommendations on Simplification of Device object

    • Add Commonalities WG recommended text on "Identifying a device from the access token"
    • Add 422 error response option
    • Explicitly define request body as optional
    • Description updated to replace device with mobile subscription identifier as appropriate 

MEETING UPDATE  :

    • Huub commented that line 71 implies the access token follows a certain implementation
      • "The server will extract the mobile subscription identifier (e.g. MSISDN) from the access token, if available."
      • This text needs to be revised to be more implementation neutral. MSISDN to be replaced by phone number.
    • Keep PR open until to see if Commonalities revise current solution for Device object handling

MEETING UPDATE  :

    • Merged on as no further comments

Issues

New Issues

Issue #71: Why "The API can be called by an application server or other 3rd party server"

  • Issue associated with PR #78

MEETING UPDATE :

  • No discussion

Issue #79: Use API name as file name of the the YAML and with the info.title field

  • Naming standard has been informally adopted for meta-release APIs, but not yet formally defined by Commonalities

MEETING UPDATE :

  • No discussion

Issue #80: Purpose of the lastChecked field in the response?

  • lastChecked response field is not clear to all potential API consumers
  • This is the last time that the API provider checked which IMEI was being used by a specific MSISDN
    • Could be "now", or could be some minutes ago. Implementation dependent.
  • How to fix?
    • Rename field (maybe to lastConfirmed)?
    • Better description in YAML itself?

MEETING UPDATE :

  • No discussion
Existing Issues

MEETING UPDATE  :

    • See PR #72
    • Issue can be closed when above PR is merged
  • Issue #21: API Definition Terminology

    • Issue is out of date

MEETING UPDATE  :

    • No update

MEETING UPDATE :

    • No discussion

ACTIONS:

    • Eric to update issue text (still open)
Closed Issues
  • Issue #61: Simplification of Device object - short term solution

    • Commonalties proposes to revise DeviceObject
      • Should be optional, with 3-legged access token normally used to identify the mobile subscription
      • If 2-legged token is used, device object should be provided to API
      • Network Access Identifier (3GPP External Id) option to be removed as support not common
    • Will be closed by PR #64

Discussions

New DiscussionsNone
Existing Discussions

Discussion #36: Alternative device identifiers

  • An alternative proposal is to salt the IMEI with an API consumer specific salt and then hash it
  • This would a less useful identifier (only useful to the API consumer) but easier to justify providing under an opt-out or no consent basis
  • Use cases for such an alternative identifier are not clear

MEETING UPDATE :

  • Discussion updated by Axel Nennker with proposal to include PPID as a 3rd device identifier that can be requested (in addition to IMEI or TAC)
Closed Discussions

None

Other Issues

  • None

AOB

  • Next meeting proposed to be held Friday 4th October 2024 @ 09:00 BST using Zoom