From f016bb40dd16cde123fc28552e0052e9ca5f27bb Mon Sep 17 00:00:00 2001 From: Maximilian Laue Date: Fri, 21 Jun 2024 13:31:51 +0200 Subject: [PATCH 1/4] feat: add `Authorization and authentication` in `info.description` --- code/API_definitions/geofencing-subscriptions.yaml | 8 ++++++++ code/API_definitions/location-retrieval.yaml | 8 ++++++++ code/API_definitions/location-verification.yaml | 8 ++++++++ 3 files changed, 24 insertions(+) diff --git a/code/API_definitions/geofencing-subscriptions.yaml b/code/API_definitions/geofencing-subscriptions.yaml index e08512e7..c3bde8fb 100644 --- a/code/API_definitions/geofencing-subscriptions.yaml +++ b/code/API_definitions/geofencing-subscriptions.yaml @@ -57,6 +57,14 @@ info: Developers may provide a callback URL on which notifications regarding geofencing can be received from the service provider. If an event occurs the application will send events to the provided webhook - 'notificationUrl'._ + ### Authorization and authentication + + [Camara Security and Interoperability Profile](https://github.com/camaraproject/IdentityAndConsentManagement/blob/main/documentation/CAMARA-Security-Interoperability.md) provides details on how a client requests an access token. + + Which specific authorization flows are to be used will be determined during onboarding process, happening between the API Client and the Telco Operator exposing the API, taking into account the declared purpose for accessing the API, while also being subject to the prevailing legal framework dictated by local legislation. + + It is important to remark that in cases where personal user data is processed by the API, and users can exercise their rights through mechanisms such as opt-in and/or opt-out, the use of 3-legged access tokens becomes mandatory. This measure ensures that the API remains in strict compliance with user privacy preferences and regulatory obligations, upholding the principles of transparency and user-centric data control. + # Further info and support (FAQs will be added in a later version of the documentation) diff --git a/code/API_definitions/location-retrieval.yaml b/code/API_definitions/location-retrieval.yaml index 7d66fe9b..7b2a71d7 100644 --- a/code/API_definitions/location-retrieval.yaml +++ b/code/API_definitions/location-retrieval.yaml @@ -52,6 +52,14 @@ info: * a localization defined with a circle with center specified by the latitude and longitude, and radius for answer accuracy, * a timestamp about location information freshness. + ### Authorization and authentication + + [Camara Security and Interoperability Profile](https://github.com/camaraproject/IdentityAndConsentManagement/blob/main/documentation/CAMARA-Security-Interoperability.md) provides details on how a client requests an access token. + + Which specific authorization flows are to be used will be determined during onboarding process, happening between the API Client and the Telco Operator exposing the API, taking into account the declared purpose for accessing the API, while also being subject to the prevailing legal framework dictated by local legislation. + + It is important to remark that in cases where personal user data is processed by the API, and users can exercise their rights through mechanisms such as opt-in and/or opt-out, the use of 3-legged access tokens becomes mandatory. This measure ensures that the API remains in strict compliance with user privacy preferences and regulatory obligations, upholding the principles of transparency and user-centric data control. + # Further info and support (FAQs will be added in a later version of the documentation) diff --git a/code/API_definitions/location-verification.yaml b/code/API_definitions/location-verification.yaml index d734b209..3bca52bc 100644 --- a/code/API_definitions/location-verification.yaml +++ b/code/API_definitions/location-verification.yaml @@ -46,6 +46,14 @@ info: - Verify whether the device location is within a requested area, currently a circle with center specified by the latitude and longitude, and radius specified by the accuracy. The operation returns a verification result and, optionally, a match rate estimation for the location verification in percent. + ### Authorization and authentication + + [Camara Security and Interoperability Profile](https://github.com/camaraproject/IdentityAndConsentManagement/blob/main/documentation/CAMARA-Security-Interoperability.md) provides details on how a client requests an access token. + + Which specific authorization flows are to be used will be determined during onboarding process, happening between the API Client and the Telco Operator exposing the API, taking into account the declared purpose for accessing the API, while also being subject to the prevailing legal framework dictated by local legislation. + + It is important to remark that in cases where personal user data is processed by the API, and users can exercise their rights through mechanisms such as opt-in and/or opt-out, the use of 3-legged access tokens becomes mandatory. This measure ensures that the API remains in strict compliance with user privacy preferences and regulatory obligations, upholding the principles of transparency and user-centric data control. + # Further info and support (FAQs will be added in a later version of the documentation) From 8672024b15feb15fc589901c55624520e1ff5262 Mon Sep 17 00:00:00 2001 From: Maximilian Laue <112983658+maxl2287@users.noreply.github.com> Date: Tue, 2 Jul 2024 21:58:18 +0200 Subject: [PATCH 2/4] Update code/API_definitions/geofencing-subscriptions.yaml Co-authored-by: Fernando Prado Cabrillo --- code/API_definitions/geofencing-subscriptions.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code/API_definitions/geofencing-subscriptions.yaml b/code/API_definitions/geofencing-subscriptions.yaml index c3bde8fb..6945904d 100644 --- a/code/API_definitions/geofencing-subscriptions.yaml +++ b/code/API_definitions/geofencing-subscriptions.yaml @@ -57,7 +57,7 @@ info: Developers may provide a callback URL on which notifications regarding geofencing can be received from the service provider. If an event occurs the application will send events to the provided webhook - 'notificationUrl'._ - ### Authorization and authentication + # Authorization and authentication [Camara Security and Interoperability Profile](https://github.com/camaraproject/IdentityAndConsentManagement/blob/main/documentation/CAMARA-Security-Interoperability.md) provides details on how a client requests an access token. From 75906b8f3d055e5d747d79fd099ab29583c6baa6 Mon Sep 17 00:00:00 2001 From: Maximilian Laue <112983658+maxl2287@users.noreply.github.com> Date: Tue, 2 Jul 2024 21:58:23 +0200 Subject: [PATCH 3/4] Update code/API_definitions/location-verification.yaml Co-authored-by: Fernando Prado Cabrillo --- code/API_definitions/location-verification.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code/API_definitions/location-verification.yaml b/code/API_definitions/location-verification.yaml index 3bca52bc..a7b111e1 100644 --- a/code/API_definitions/location-verification.yaml +++ b/code/API_definitions/location-verification.yaml @@ -46,7 +46,7 @@ info: - Verify whether the device location is within a requested area, currently a circle with center specified by the latitude and longitude, and radius specified by the accuracy. The operation returns a verification result and, optionally, a match rate estimation for the location verification in percent. - ### Authorization and authentication + # Authorization and authentication [Camara Security and Interoperability Profile](https://github.com/camaraproject/IdentityAndConsentManagement/blob/main/documentation/CAMARA-Security-Interoperability.md) provides details on how a client requests an access token. From 03e3ae8ea802e42f7db83b2d51051f0c5bea48e9 Mon Sep 17 00:00:00 2001 From: Maximilian Laue <112983658+maxl2287@users.noreply.github.com> Date: Tue, 2 Jul 2024 21:58:29 +0200 Subject: [PATCH 4/4] Update code/API_definitions/location-retrieval.yaml Co-authored-by: Fernando Prado Cabrillo --- code/API_definitions/location-retrieval.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/code/API_definitions/location-retrieval.yaml b/code/API_definitions/location-retrieval.yaml index 7b2a71d7..71216304 100644 --- a/code/API_definitions/location-retrieval.yaml +++ b/code/API_definitions/location-retrieval.yaml @@ -52,7 +52,8 @@ info: * a localization defined with a circle with center specified by the latitude and longitude, and radius for answer accuracy, * a timestamp about location information freshness. - ### Authorization and authentication + # Authorization and authentication + [Camara Security and Interoperability Profile](https://github.com/camaraproject/IdentityAndConsentManagement/blob/main/documentation/CAMARA-Security-Interoperability.md) provides details on how a client requests an access token.