2025-10-16 TSC Minutes
Attendees & Representation
TSC Members may indicate their attendance with an X in the far column | |||
|---|---|---|---|
Representatives | Organization | Role |
|
@Herbert Damker | Deutsche Telekom AG | Maintainer | x |
@Shilpa Padgaonkar | T-Mobile US | Maintainer |
|
@Jan Friman | Ericsson | Maintainer | x |
@Toshi Wakayama | KDDI | Maintainer | x |
@Ludovic Robert | Orange | Maintainer | x |
@Tanja de Groot | Nokia | Maintainer, Release Manager | x |
@diego.gonzalezmartinez | Telefonica | Maintainer | x |
@Jose Luis Urien Pinedo | Telefónica | Maintainer | x |
@Eric Murray | Vodafone | Maintainer | x |
@Mahesh Chapalamadugu | Verizon | Maintainer |
|
@Nick Venezia | EUC Representative | x | |
@massimiliano.troiani | Verizon | EUC Representative |
|
@Doug Makishima | Summit Tech | EUC Representative |
|
George Glass alt: @Olta Vangjeli | TM Forum | TM Form Representative |
|
@Mark Cornall | GSMA | GSMA Representative | x |
Community members may use @name tag to mark their attendance
Community: @Artur Krukowski @Alberto Ramos Monaga @Rafal Artych @Murat Karabulut
Action Item Review
LF Staff: @Casey Cain
Agenda
The project's Antitrust Policy is linked from the LF and project websites. The policy is important when multiple companies, including potential industry competitors, are participating in meetings. Please review it, and if you have any questions, please contact your company's legal counsel. Members of the LF may contact Andrew Updegrove at the firm Gesmer Updegrove LLP, which provides legal counsel to the LF. |
Review and approval of previous meeting minutes
General Topics
Governance & project management issues
API Backlog
Commonalities
Identity & Consent Management
Release Management
Specific Topics
MCP White Paper progress (@Nick Venezia )
End User Council (@Nick Venezia )
Update on OWASP security guidelines evaluation (@Rafal Artych )
Any Other Topics
Minutes
Review and approval of previous meeting minutes
Minutes of previous TSC meeting: https://lf-camaraproject.atlassian.net/wiki/spaces/CAM/pages/248840206
no comments, approved
Action Item Review
See home page Technical Steering Committee for current list of open action items
none
Governance & Project Management issues
Centralized linting roll-out: now done for all 58 API repositories (not for DeviceStatus and KnowYourCustomer as they won’t change anymore)
Only for information, see wiki page under tooling for status.
https://github.com/camaraproject/ReleaseManagement/pull/275
Request for a final review until October 24th
The concept will be the base for the rework of the release process for all API repositories under the supervision of Release Management working group, to be introduced until Spring26, getting general process at latest for Fall26 cycle
https://github.com/camaraproject/Governance/issues/200
We need new names for our meta-releases “Spring” and “Fall” to avoid hemispherical confusion. Would be good to have the names before the next AHC.
There are already some good proposals within the issue.
Potential way forward? Ranked vote? Include Outreach Committee in the vote?
Point the Marketing team to the issue, one round of comments → short list → ranked voting (TSC members & Outreach committee together)
https://github.com/camaraproject/Governance/issues/199
@Alberto Ramos Monaga has prepared a wiki page with the details of the proposal
Proposed next steps (@Herbert Damker):
Create the formal pull request for
API-Onboarding-and-Lifecycle.md, considering the offline comments → until next TSC creating a draft PR @Alberto Ramos MonagaStart the first review round of Onboarding Trackers and API repositories without content/releases yet → initial list & information to the responsible proposal owners and codeowners
HomeDeviceQoD is a repository with an initial API version which hasn’t evolved since two meta-releases and without a plan to evolve (potential to be considered for archival in Phase 4)
https://github.com/camaraproject/Governance/issues/194
To be done: List of concrete next actions, based on https://lf-camaraproject.atlassian.net/wiki/spaces/CAM/pages/247234843, including
Update of
API-Onboarding-and-Lifecycle.md(main part beyond ReleaseManagement)Rework of Release Management documents (in progress)
https://github.com/camaraproject/Governance/issues/197
reminder to provide feedback from the community
a number of LF project have already decided to migrate
we will need a vote sometime soon (transitioning until end of year?)
CAMARA TSC Election
The TSC Election (nominations) kickoff should begin on Oct 27, 2025
@Casey Cain and@Herbert Damker will collaborate with the community to ensure that all current maintainers and eligible candidates are accurately accounted for by Oct 24, 2025
API Backlog (@Alberto Ramos Monaga )
There are no new topics, only task reports.
Provider implementation - Energy Footprint Notification #262
Last updates: In relation to the Energy Footprint Notification API, the group is asking for a Provider implementation repository No objections - According to ProjectStructureAndRoles, a PI repository is considered a “sidecar” of the main API repository — it only needs minimal governance elements (CODEOWNERS, license, GOVERNANCE.MD, and
/code/API_code). Therefore, as long as the PI repo has active code owners and is linked to an active API repository, no formal TSC approval is required.Repository to be created as requested @Herbert Damker
Proposal “Dual-Phase Meta-Release Strategy: #194
Last updates: offline review of the wiki page with proposals for changes in CAMARA documents, creating issues for document changes out of it.
Clean-up process: #199
Last updates: wiki page created to discuss the proposal (Feedback collection phase). Eventually it will reflected in the lifecycle document (done in a PR).
Commonalities (@Rafal Artych )
Patch release r3.4 published on Oct 10, 2025
changes have been anticipated by the API releases in Fall25
https://github.com/camaraproject/Commonalities/issues/543 - work in progress
https://github.com/camaraproject/Commonalities/issues/545
verifying PRs for capitalization of key words and convention for names like: CAMARA, GitHub
discussion on limiting the set of key words
https://github.com/camaraproject/Commonalities/issues/539 > Specific Topics
Identity & Consent Management (@Jesús Peña García-Oliva on behalf of @Axel Nennker )
Spring26 meta-release planning is underway: The working group's primary focus is defining the scope for the Spring '26 meta-release for both ICM and the Consent Info API. Community members are actively encouraged to propose new topics and take ownership of their development.
New security proposals for ICM: Several security topics have been introduced for discussion in the next release. These include strengthening the DPoP implementation to protect against man-in-the-middle and replay attacks, recommending the use of Resource Indicators (RFC 8707) to issue audience-restricted tokens, and a new discussion around requiring mTLS for APIs that modify the network.
Improving usability and guidance: A key deliverable in progress for the ICM doc is a new guideline to help API consumers and providers select the appropriate authorization flow based on their use case.
Consent Info API Enhancements: The main feature proposed for the next version is the addition of a callbackUrl to the API request. This would significantly improve the user experience by eliminating the need for polling after the consent capture journey and giving control back to the API consumer's application.
Release Management (@Tanja de Groot)
Fall25 meta-release (https://lf-camaraproject.atlassian.net/wiki/x/FQApAg?atlOrigin=eyJpIjoiZWIyZGY3YWY4Yzk2NGQxNWFjODlkZGNmYmFmYTVkMDIiLCJwIjoiYyJ9) - M6 under preparation
Steady state new meta-release schedule proposal v3: v3 Updated meta-release plan
Spring26 meta-release: PROPOSED NEW SCHEDULE Spring26 meta-release (transition schedule)
Fall26 meta-release: PROPOSED NEW SCHEDULE: Fall26 meta-release (transition schedule)
Request to TSC to review and approve by next TSC:
@Tanja de Groot to publish new Spring26 (as preliminary) now and adapt to feedback until next TSC.
add a note on the ongoing TSC review to the Spring26 page.
Specific Topics
MCP White Paper progress (@Nick Venezia )
Current draft: https://lf-camaraproject.atlassian.net/wiki/x/GIBdDg
Being in rework by the editor - expected end of this week
@Nick Venezia will inform when available
For proposed measures it need to be decide if, when and where the work in CAMARA will happen → analysis based on the upcoming draft
End User Council participation and collaboration with complementary Linux Foundation open-source initiatives, for example “Agent2Agent Protocol“, to drive interoperability and ecosystem synergy. (@Nick Venezia )
Reference: https://lists.camaraproject.org/g/tsc/message/324
@Nick Venezia will create a wiki page from the material for review and collaboration with the TSC members
Update on OWASP security guidelines evaluation (@Rafal Artych )
Spectral ruleset rules from the Stoplight API Stylebook implements checks for the OWASP API Security Top 10 2023. These rules can be used with Spectral to automatically lint OpenAPI documents for security issues.
Source: https://github.com/stoplightio/spectral-owasp-ruleset
Documentation: https://apistylebook.stoplight.io/docs/owasp-top-10-2023CAMARA APIs evaluation: https://lf-camaraproject.atlassian.net/wiki/spaces/CAM/pages/266829964
Impact on Commonalities https://github.com/camaraproject/Commonalities/issues/539#issuecomment-3360637404
some rules out of scope (addressed by CAMARA authorization flows or API Gateways (headers, error responses))
new requirements in API guidelines (breaking changes) needed to address rules (mainly API4:2023 - Unrestricted Resource Consumption)
Any Other Business
none
Next Meeting
Next TSC Meeting will be on November 6th, 9:00 UTC (please be aware of the end of daylight saving time in Europe, it will be 10:00 CET!)
Specific agenda topics backlog:
https://www.openapis.org/blog/2025/09/23/announcing-openapi-v3-2 - if/when CAMARA should change its base OpenAPi version 3.0.3?
Action items