DRAFT
Attendees & Representation
Name | Company | Attendee |
---|---|---|
Eric Murray | Vodafone (chair) | X |
Sachin Kumar | Vodafone | X |
Kevin Smith | Vodafone | |
Alex Ferreira | Phronesis | |
Matthew Hornsey | Phronesis | |
Matthew Hand | Phronesis | |
Sébastien Synold | Intersec | |
S, Vigneshwaran | Cognizant | |
Karthik Raj Rethinakumar | Cognizant | |
Manish Jain | Cognizant | |
Huub Appelboom | KPN | X |
Rafal Artych | DT | |
Abhisek Das | Infosys | |
Brian Smith | Shabodi | |
Umair Ali Rashid | Shabodi | |
Foo Ming Hui | Singtel | |
Vilim Duganic | Infobip | |
Surajj Jaggernath | Vodacom | X |
Agenda
- Review of previous meeting minutes
- Approved
- Review of Device Identifier API status
- Discussion on requirements for IMEI Fraud
- AOB
Review of Device Identifier API status
- Current "work in progress" version can be found here
PRs
- New PRs:
- PR #51: Add Identity & Consent header
- Adds mandatory identity & consent header to API information
- This will be a requirement of v0.1.0 of Identity & Consent documentation
- PR #51: Add Identity & Consent header
- Existing PRs:
- None
- Closed PRs:
- PR #50: Minor Correction of YAML - Amending typos
- Fixes documentation typos
- API version updated to 0.3.1
- PR #50: Minor Correction of YAML - Amending typos
Issues
- New Issues
- None
- Existing Issues
- Issue #46: Rename API title to CAMARA Mobile Device Identifier API
- Current API title is "CAMARA Device Identifier API", but the API only applies (and can only apply) to mobile devices.
- It is proposed to make this clearer by renaming the API to "CAMARA Mobile Device Identifier API"
- Issue #46: Rename API title to CAMARA Mobile Device Identifier API
UPDATE:
- Meeting agreed this proposal was a good idea
- Issue #47: Add ageOfInformation field to API response
- Follows on from Discussion #35
- Current API response gives no indication of when the physical device information was collected for the specified subscription identifier (e.g.
phoneNumber
). Dependent on the backend implementation, this information could have been collected some time earlier, and potentially be out of date - Add an
ageOfInfomation
field to the response. Time unit TBD, but probably "hours" is sufficient.
- Issue #47: Add ageOfInformation field to API response
UPDATE:
- Huub suggests to use time stamp, in date-time format
- Issue #30: Defined scopes and meanings, being discussed in Issue
- Issue updated to give 3 options:
- Proposal is to have two scopes for one endpoint - one for all information, and one for TAC, Make and Model only
Alternative 1: One single scope, which gives all information- Alternative 2: Two scopes but two endpoints
- Split
/get-device-identifier
into two separate endpoints for imei / imeisv and tac / manufacturer / model respectively, each with its own scope.
- Split
- Issue updated to give 3 options:
- Issue #30: Defined scopes and meanings, being discussed in Issue
UPDATE:
- Discussed during meeting, but pros and cons of both approaches
- Also need to think from a "product" point of view - the two scopes will represent different products, so should they not also have different endpoints?
ACTION: Eric to add Vodafone preference, and to advertise issue via mailing list to try and get alternative opinions.
- Issue #21: API Definition Terminology
- Issue is out of date
- Issue #21: API Definition Terminology
ACTION: Eric to update issue text (still open)
- Closed Issues
- None
Discussions
- New Discussions
- None
- Existing Discussions:
- Discussion #36: Alternative device identifiers
- An alternative proposal is to salt the IMEI with an API consumer specific salt and then hash it
- This would a less useful identifier (only useful to the API consumer) but easier to justify providing under an opt-out or no consent basis
- Use cases for such an alternative identifier are not clear
- Discussion #36: Alternative device identifiers
AGREEMENT: Leave discussion open for now, but prioritise returning IMEI / IMEISV
- Closed Discussions
- Discussion #49: Get Device Identifier without exposing the phone number
- Discussion on whether device identifier can be obtained without the API consumer needing to know or learning the MSISDN
- When Identity & Consent rules are fully implemented, end user identifying data such as this will be removed from the service API call
- Discussion #49: Get Device Identifier without exposing the phone number
Other Issues
- Kevin raised the point that YAML schemas should use the common schemas defined in CAMARA_common.yaml where appropriate. Ideally, they could be directly referenced, though this can cause issues with some OAS viewers.
- ACTION: Eric to check that current Device Identifier YAML is compliant with common schemas
Device
schema needs to be updated now that IPv6 address must be a single address, but there is an outstanding PR for this schema- Will introduce a PR once the Commonalities PR is merged
- ACTION: Kevin to check how OAS viewers handle external references
- ACTION: Eric to check that current Device Identifier YAML is compliant with common schemas
Discussion on IMEI Fraud API
This API will not be further discussed until API proponents attend the sub-project meetings
- See API Proposal submission here
- Open Discussions:
- #37: IMEI Fraud API Input
- Proposal is just to use a single "IMEI" field, which would accept either IMEI or IMEISV
- #34: What values should the IMEI Fraud API respond with to indicate reported ownership status?
- The GSMA appear to have an existing Device Check service, which includes an API. How does the CAMARA proposal differ from this?
- Kevin highlighted a GSMA video on their Device Check service.
- #37: IMEI Fraud API Input
AGREEMENT: MTN / Huawei will join sub-project meetings from next year, so can then drive these discussion
AOB
- Issue #48: Additional sub-project codeowner required
- UPDATE: No additional codeowner yet identified
- Next meeting to be held Friday 9th February 2024 @ 09:00 GMT.
- One day, meetings will be held using the LFX Zoom service, but not yet