/
2025-09-11 API backlog minutes

2025-09-11 API backlog minutes

 

Attendees

Organization

Name

Orange

 

Charter Communications

@Christopher Aubut

CableLabs

 

Telefonica

@Alberto Ramos Monaga

Vodafone

@Surajj Jaggernath

Ericsson

@Jan Friman

AT&T

@Pierre Close

T-Mobile US

 

KDDI

@Yusuke Nakano

Slagen

 

Nokia

@Tanja de Groot

China Telecom

 

ZTE

 

KPN

 

GSMA

@Reg Cox

Centilion

 

Chunghwa Telecom

 

Deutsche Telekom

 

MTN

 

China Mobile

 

Verizon

 

PlektonLabs

 

TIM

 

NTT

 

China Unicom

 

Infosys Ltd

@Vijay Narasimha Murthy

Spectrum

 

Chunghwa Telecom

@jason chan

Telecom Argentina

@julian Filippini

Huawei

 

xFlow Research

 

Agenda Proposal

  • Antitrust Policy

  • Approval of minutes of last conf. call

  • Recent Updates & Recap

  • Discussion

    • New APIs Proposals:  

      • #250 (In Home Device Management API), #241 (Fraud Hotzone Alert - re open), #63 (IMEI Fraud - reactivate from frozen status)

    • Out of Agenda: #253 [Repository Transition]: Join DedicatedNetworks into Quality On Demand Sub Project

  • Closing Issues

    • #141 (Energy Footprint Notification), , #126 (Facial Recognition), #18 (Receive SMS), #89 (IP High-throughput Elastic Network), #41 (Telco Scoring), #83 #85 #86 #87 (Model as a Service), #20 (Best Interconnection), #68 (Consent URL), #91 (Fixed lines in Device Location APIs), #93 (Line Eligibility for Carrier Billing API), #50 (Device Management) #95 (IoT SIM Status Mgmt API), #96 (IoT SIM Fraud Prevention API), #109 (Support application resource requirements in application profiles), #163 (Dynamic Predictive Connectivity Data), #143 (IoT Network Optimization), #127 (Network Health Assessment), #128 (Network Traffic Analysis), #136 (eSIM Remote Management), #157 (Voice Notification), #160 (Voice Verification Code), #205 (Multi Point VPN), #223 (Sponsored Data)

  • Frozen API

    • #35 (5G New Calling), #17 (Consent and Measurement), #23 (Carrier Wholesale Pricing), #24 (Steering of Roaming Information), #115 (SIM Historical Information), #121 (User Account Spend Count), #122 (Number Of Cards Under User's ID), #167 (IdentityAndConsentManagement),

  • Review of Action Points

  • Decision Points

  • AoB

  • Q&A

Approval of minutes of last conf. call

  • Minutes of last API backlog WG call available here

    • DECISION: OK

Antitrust Policy

The project's Antitrust Policy, which you can find linked from the LF and project websites. The policy is important where multiple companies, including potential industry competitors, are participating in meetings. Please review and if you have any questions, please contact your company legal counsel. Members of the LF may contact Andrew Updegrove at the firm Gesmer Updegrove LLP, which provides legal counsel to the LinusFoundation.

 

 

New Procedures in API Backlog WG meetings

A number of improvements are under discussion with leadership team of OGW project (Henry), CAMARA Project (Markus), Product Definition WS (Helene) and TSC (Herbert). As of today, the WG adopted agreements are three:

  1. To close the agenda SEVEN DAYS BEFORE the conf. call.

    • In case a WG participant wants to include a point in the agenda (e.g., present a new API proposal), this participant shall ensure the corresponding issue is opened in Github by then.

    • Exceptional situations will be treated separately.

  2. New schedule of conf. calls **The meetings are to be held by Linux Foundation (Links available at GitHub and Confluence Backlog front pages)

    • 2nd Thursday of the month (9-10:30 UTC)

    • 4th Thursday of the month (15-16:30 UTC)

  3.  Send agenda to TSC mail list, to encourage more TSC member companies to join the call and provide comments when they identify APIs which are of interest for them. 

  4. New API proposals are included in backlog table when template PR is created, linking to the pending PR

  5. PR will be merged as soon as ready for TSC, and should be merged before TSC review

  6. API enhancements requires existing group’s validation. TSC is informed accordingly to validate

  7. Link and status in backlog table will be updated accordingly

  8. Issue to track API onboarding will be opened once new API is confirmed in TSC.

  9. New proposal Lifecycle for frozen APIs.

Recent Updates & Recap

Last TSC meeting 2025-09-04:

  • Sponsored Data:

    • Decision: [delayed] - Due to short time to review an offline approval will be done by vote (by next Thursday)

  • Special topic: Proposal “Dual-Phase Meta-Release Strategy”:

    • A dual-phase meta-release cadence is being proposed for CAMARA, explicitly distinguishing between:

      • Sandbox phase (0.x) → APIs released iteratively throughout the year for early testing and validation.

      • Stable phase (1.x and above) → APIs aligned with meta-releases (typically Fall), optimized for large-scale deployment and long-term support.

    • Goal: Improve alignment with real operator adoption patterns, reduce redundant validation efforts, and formalize versioning rules and lifecycle transitions.

    • Grounded in practice: Reflects GSMA deployment data (Q2 2025), pilot experiences, and feedback from multiple working groups.

    • Next steps

      • Formal issue has been published in the Governance group, including extended documentation (#194)

      • Feedback is open, and the proposal will be further explored in coordination with the others working groups.

      • https://github.com/camaraproject/Governance/issues/194

      • Request to all Working Group to provide feedback before the next TSC meeting within the issue or in other form

Other topics

  • Fraud Hotzone Alert:

    • Governance: Strong feedback (Herbert) emphasized that, given the sensitivity of fraud-detection algorithms, Fraud Hotzone should not be developed as a public CAMARA API but rather in a private GSMA repository (same model as Scam Signal). The discussion on this point is still ongoing.

    • Naming: Agreement to shift from “Alert” to “Reports” to avoid confusion with real-time notification APIs.

  • Upcoming Archiving of Frozen Proposals: In alignment with the “Frozen” API process outlined above, we would like to notify the Backlog Working Group that several proposals have reached — or are about to reach — the 6-month inactivity limit. As per policy, these proposals are subject to permanent archiving unless reactivated immediately.

    • 🔴 Proposals that have reached their archiving deadline (27 Aug 2025): Authorization for Advertisements (#17 ), Carrier Wholesale Pricing (#23), Steering of Roaming Management (#24), 5G New Calling (#35), and IdentityAndConsentManagement (#167).

    • 🟠 Proposals nearing their archiving deadline (13 Sept 2025): SIM Historical Information (#115), User Account Spend Count (#121) and Number Of Cards Under User’s ID (#122).

    • Unless reactivation steps are taken immediately (comment on GitHub issue + WG notification at least one week before the next session), these proposals will be archived and closed permanently in the upcoming backlog session. This will include:

      • Closing the GitHub issue and any related PRs.

      • Removing the proposal from the active agenda and WG minutes.

      • Moving it to the “Archived Proposals” section for historical reference.

    • Action: A formal reminder will also be circulated via email. The final decision will be taken in the next API Backlog session, where these proposals will be marked for archiving unless strong objections or a reactivation request is raised in advance.

 

Discussion

Current Issues 

Issue #

Company

Summary

Status Update

#250

Infosys

In Home Device Management API

The API template is not yet.

LAST UPDATES:

The API enables full management of devices connected to a home network, providing connection details and control functions for both customer and operator devices.

  • @Eric Murray - What use cases could this API support that TR-369 cannot? And if TR-369 has gaps, why is it preferable to create a new API in CAMARA instead of evolving TR-369 within the Broadband Forum?

    • @ravim95-eng: The BBF TR-369 standard focuses on low-level broadband network operations intended for service providers. In contrast, CAMARA offers a higher-level abstraction through simplified APIs, making them accessible to non-telecom consumers without requiring knowledge of underlying protocols like TR-369, TR-069, or TR-181. The proposed CAMARA Device API is designed to be standards-agnostic and easily consumable across domains.

  • @Alberto Ramos Monaga: Bit concerned about a possible overlap with the already approved Home Devices QoD API, since both build on the same household device inventory.

    • @ravim95-eng: I see the proposed InHomeDeviceAPI to be foundational/pre-requisite API for usecases like Home Devices QOD API rather than functional overlap

Aug 28, 2025: The presentation will be on the next Backlog meeting with all needed supporting documentation and the API proposal.

AP: The presentation will be on the next Backlog meeting with all needed supporting documentation and the API proposal.

MEETING UPDATE:

Sep 11, 2025: AP: The presentation will be on the next Backlog meeting with all needed supporting documentation and the update API proposal.

 

241

Chunghwa Telecom

Fraud Hotzone Alert (previously called Communication Risk Check)

The API template is available in PR#243

LAST UPDATES:

  • Fraud Hotzone Alert API empowers anti-fraud systems to analyze phone call and SMS activities associated with a phone number during a specified period, offering a comprehensive view of communication behavior.

Jul 10, 2025:

@Eric Murray: This proposal is too broad and intrusive for a CAMARA API. Like Scam Signal — which isn’t a CAMARA API due to its sensitivity — this involves exposing too much personal data. It’s unlikely that users would consent, even for fraud prevention. A better approach would be to compute a risk score from background data, without exposing the details. Otherwise, the API risks being unusable.

  • @jasonchan: We consulted the relevant departments at Chunghwa Telecom, and according to user policy and regulations, mobile network contracts include a clause informing users that their data may be accessed for purposes like fraud prevention. So, this privacy concern might be addressed through proper consent management.

@rebecca from MTN: Rebecca from MTN raised a key question: Will this API require user consent? She asked whether sharing such detailed data is allowed without explicit consent, or if consent must be obtained.

  • @jasonchan: Currently, no separate consent is involved, as the mobile contract already includes a clause stating that user data may be accessed — effectively serving as implicit consent.

@Tanja de Groot: A suggestion was made to follow a “Know Your Customer” model, where instead of exposing all user data, the API would return a simplified risk score (e.g., high, medium, low, or a percentage). This avoids requiring the application to handle, process, and store sensitive data, and lets the API handle the calculations internally.

@Appelboom, Huub: Even if the API returns only a risk score, processing traffic data for this purpose in Europe still requires explicit user consent under most legislation. The legal issue is fundamental and has also affected similar APIs like Scam Signal. Outside Europe, rules may differ.

Additionally, banks typically prefer raw data to run their own risk models, as fraud patterns evolve rapidly. This makes it difficult to lock the logic on the API side — overly prescriptive APIs may quickly become ineffective.

  • @guang-han ma: In Taiwan, user consent is already obtained through standard agreements when they subscribe to services. So, in this use case, the required consent is already in place, and the concern about user permission is addressed by existing practices.

AP1 → Upload the proposal presentation to the API template PR.

AP2 → Answer all these questions for the next meeting

Jul 24, 2025:

Updated presentation: documentation/SupportingDocuments/Fraud Hotzone Alert.pptx

Proposal to change name to Fraud Hotzone Alert, more related to the use case covered.

API proposal modified, in terms of parameters:

  • input: phoneNumber, lookBackDays, thresholdRatio, method, FraudHotZone, checkType, checkTarget

  • output: anomalyDetected, anomalyDate

Privacy and overlapping with other APIs is addressed in the shared slides, offline validation is required for:

  • Ensuring that @Eric Murray comments are addressed

  • Ensuring that Scam Signal and Customer Insight groups are ok with the scope of this API. Target group should as well be found

  • Review API naming as requested by @Tanja de Groot

Outstanding conversations from the overlap:

  • Scam Signal: There could be some functional overlap, as both aim to detect potential fraud scenarios, but their scope and response models are fundamentally different. Scam Signal focuses solely on checking if the potential victim’s phone number is currently in an active call, leaving fraud suspicion assessment to the API consumer. Fraud Hotzone Reports, instead, analyses recent call/SMS history and directly returns a fraud likelihood assessment from the operator. Are separate APIs, but we could still consider them part of the same Working Group, even if one repo is public and the other private. The main complexity would be meeting management, so for now Fraud Hotzone Reports could start independently since Scam Signal meetings are private.

  • Customer Insights: No functional or scope overlap. Customer Insights delivers a TrustScore and does not identify fraud victims, while Fraud Hotzone Reports serves a completely different purpose with a different data model and fraud detection approach.

Aug 14, 2025: AP: sent to TSC as a part of the same group of Scam Signal, even if the repository is public and the other one is private, and manage the meeting independently, as Scam Signal meetings are private.

Aug 28, 2025:

The main issue is that the API involves highly sensitive data and, as raised by Herbert (DT), it falls into the same category as Scam Signal, meaning it cannot be hosted in CAMARA’s public repository. The suggested approach is to handle it under a confidential GSMA framework or develop it market-specific for Chunghwa. For this reason, the topic has been removed from the TSC agenda until governance is clarified.

AP1: Contact GSMA (e.g., @MarkCornall) to explore private hosting under a confidential framework.
AP2: Validate internally at Chunghwa whether you are comfortable proceeding under GSMA’s confidential model and confirm alignment with local regulatory requirements.

MEETING UPDATE:

  • Governance: Strong feedback (Herbert) emphasized that, given the sensitivity of fraud-detection algorithms, Fraud Hotzone should not be developed as a public CAMARA API but rather in a private GSMA repository (same model as Scam Signal). The discussion on this point is still ongoing.

  • Naming: Agreement to shift from “Alert” to “Reports” to avoid confusion with real-time notification APIs.

Sep 11, 2025: We continue with the discussion track on scam signal private repository.

63

Before: MTN and now: xFlow Research Inc

IMEI Fraud

The API template is available PR#64

INITIAL CONTEXT:

This API was presented already and included in an existing group but no work was done so discontinued. Now Rebecca is presenting the proposal seeking for support

DeviceCheck GSMA proposal overlaps this

IMEI Fraud will offer more information to developers than GSMA Device Check service.

MTN and other supporters should meet with GSMA to discuss if proceeding with this API within CAMARA still makes sense.

Request for meeting already sent by GSMA to MTN

Outcome of meeting awaited before deciding if this API proposal should proceed in CAMARA

  • Pending to be confirmed by MTN, AP to be raised.

@Eric Murray : (IMEI status) service related, but GSMA is ok for this proposal.

ACTION: Pending from MTN for moving on with this API. Maybe to be included in the Device Identifier family.

 @reg no further information from MTN, consider to de-prioritize, pending to further update

Any other operator open to take the lead of this API is welcomed

LAST UPDATES: No response since September 6, 2024.

Feb 27, 2025, Mar 13, 2025, Mar 27, 2025,Apr 10, 2025, Apr 24, 2025, May 8, 2025,May 22, 2025, Jun 12, 2025, Jun 26, 2025: not treated

Request to reactivate the IMEI fraud verification API (Thursday, August 21, 2025) from Ali Iqbal xFlow Research Inc.

If the original proposal owner (@krishvenkatachalam / @wwAMRA) is not available to continue leading, xFlow Research Inc. is willing to step in and take on the role of Proposal Owner to help drive this work forward in collaboration with interested contributors.

Aug 28, 2025:
AP1: Reuse the existing PR and update the current API proposal and add the supporting document with the new context.

AP2: Make a presentation for the next backlog meeting.

AP3: Do a research for possible overlap with Device Identifier API

MEETING UPDATE:

Sep 11, 2025: Not treated

Out Of Agenda

  • #253 [Repository Transition]: Join DedicatedNetworks into Quality On Demand Sub Project

    • Objective: To request the formal incorporation of the DedicatedNetworks Sandbox API Repository into the Quality On Demand Sub Project, and to seek API Backlog WG endorsement for TSC approval.

    • Background: The DedicatedNetworks, QoSBooking, and QualityOnDemand APIs are all focused on managing network connectivity quality. Although DedicatedNetworks is currently outside the Sub Project, the three APIs are strongly aligned in both scope and contributor base. This proposal builds on ongoing collaboration already taking place between the teams.

    • Rationale:

      • The APIs have natural synergies: Dedicated slice provisioning (DedicatedNetworks), on-demand QoS assignment (QoSBooking), and general connectivity triggers (QualityOnDemand).

      • Collaborative work is already happening

    • Next steps (pending approval):

      • DedicatedNetworks remains a Sandbox repo but becomes part of the Sub Project

      • Wiki page is relocated under the Sub Project section

      • Regular joint meetings continue with breakouts as needed

      • Sub Project renaming to Connectivity Quality Management is under discussion (QualityOnDemand#498)

    • Decision: OK (no comments)

Closing Issues

Issue #

Company

Summary

Status Update

18

Totogi

New Proposal: Receive SMS

 

The API template is available in PR#75