| Companies | Attendees |
|---|---|
| Ericsson | Jan Friman |
| GSMA | Mark Cornall, Tom van Pelt, Toyeeb Rehman |
| Microsoft | Landon Cox |
| Telefónica | Jesús Peña, Diego González, Jorge García, Jose Ordonez-Lucena |
| T-Mobile US | Murat Karabulut |
| Verizon | R Syed |
| Vodafone | Klaus Reinenrath, Nevin Aquinas |
| Huawei | Shuting Qing |
| Deutsche Telekom AG | David Wróblewski, Rafal Artych, Shilpa Padgaonkar |
| Orange | Ludovic Robert |
| Gapask | Rajesh Murthy |
| Sekura | Gautam Hazari |
| KDDI | Toshi W |
- Recent updates & recap
- Issues and PRs
- Action Points
- AoB
Telefonica presents the status of WG:
- 2 new issues #31 & #32
- Issue #31 is already a candidate for closure.
- 6 open issues
- Prior to the call, Orange has contributed with a new PR #33 to address issue #21.
- Revised and updated comments in PR #23 for the documentation maintenance (Issue #24).
- Revised and updated comments in PR #13 for the baseline template document (Issue #12). We should now be in a position to merge this PR.
- 6 issues closed: #17, #11, #25, #26, #27 & #28
- 3 candidate issues to close: #12, #24 & #31
Priority discussions:
- Baseline document closure (Issue #12).
- The concept of purpose (Issue #32).
- Consent management scenarios (Issue #21).
| Issue | Owner | Description |
|---|---|---|
| Open issues | ||
| #12 (PR#13) | Telefónica | Baseline Document to describe User Consent Management All feedback received so far has been considered and incorporated into the document. It is agreed to approve the base template with the understanding that the document will require further detailing and modification in the future. |
| #15 | Vonage | Application Subscriber Identity Not covered in today's call. No Vonage participant. |
| #16 | Vonage | Signed Consent - Certificate Authorities Not covered in today's call. No Vonage participant. |
| #20 | Deutsche Telekom AG | Application Subscriber Identity Templates already included, issue can be closed. Rafal will move it to "Discussions" as an announcement. |
| #21 (PR#33) | Deutsche Telekom AG | Definition of scenarios for consent management A summary of the scope of this issue was presented to the audience. Orange has taken action on PR#33 with the definition of seven consent use cases. Ludovic went through the use cases and encouraged everyone to review the PR and provide comments. |
| #24 (PR#23) | Huawei | Documentation maintenance Agree to merge PR and close issue. It was mentioned that it will be necessary to update the MeetingMinutes README file each time a new minutes document is added. But it was not considered a big deal. |
| Closed issues | ||
| #11 | Centillion | OpenId vs Mobile Number Centillion agreed to close it, and defined a new one #31 to keep discussion open. |
| #17 | Deutsche Telekom AG | Remove term NaaS Closed two weeks ago. Suggestion from DT (Shilpa) to remove the term NaaS was considered and included in the baseline document as part of the PR#13. |
| #25 | TMUS | Baseline - Introduction - feedback Closed last week and input incorporated into baselined document as part of the PR#13. |
| #26 | TMUS | Baseline - Purposes - feedback Closed last week and input incorporated into baselined document as part of the PR#13. |
| #27 | TMUS | Baseline - Purpose relationship with other key concepts - feedback Closed last week and input incorporated into baselined document as part of the PR#13. |
| #28 | TMUS | Baseline - Using purpose parameter in the authorization request -feedback Closed last week and input incorporated into baselined document as part of the PR#13. |
| New issues | ||
| #31 | Centillion | Open ID - historical user profiles Following DT's comments on github, it is agreed to close the issue. |
| #32 | Orange | The concept of purpose GSMA: There is concern about the actual need to define a purpose. TEF: The Operator, as the data controller, is required by law to control the purpose of the processing of personal data. VF: same concern. Even if purpose is granted for security reasons, we (operator) cannot control if the application decides to use it for other purposes. TEF: That's true, but the duty of the operator is to grant access under what's legally written in the purposes. Then, if the application does something else different from what's declared in the purpose, then it's their responsability. That process must be logged and audited in case there is any problem. VF: Is the plan to standardize purposes? TEF nods. VF don't share the need to go for standardization with regards to purposes. They noted some examples of ISVs. TEF: purpose will be mapped to a set of scopes, each associated to specific action. MSFT: As we're not able to anticipate for what this application will use the API, it may not be a good idea to restrict upfront with the purpose concept.. DT: If we look at GDPR, one of the key parameters is purpose. The idea of standardizing purpose -> W3C has made good progress. We also need to agree upon which CAMARA APIs will require explicit consent, and then involve our privacy/legal teams. DT will take action and create a new issue. |
| AP Identifier | AP Owner | Status | Description |
|---|---|---|---|
| 20230531-01 | Deustche Telekom | Open | Open an issue to identify which CAMARA APIs will require explicit consent, to involve our privacy/legal teams further on. |
| 20230322-01 | Sub-Project participants | Open | Involve privacy/legal teams in the Sub-Project discussions. |
| 20230412-01 | Sub-Project participants | Closed | Review the baseline document and provide comments in PR#13. |
| 20230517-01 | Orange | Closed | Create PR with initial input of scenarios to be covered regarding user consent, raised as a User Story. |
Next call schedule: 14th June 2023