Skip to content

Commit

Permalink
Update device-roaming-status.yaml
Browse files Browse the repository at this point in the history
  • Loading branch information
eric-murray authored Jan 15, 2025
1 parent 848c8d7 commit c40567e
Showing 1 changed file with 10 additions and 12 deletions.
22 changes: 10 additions & 12 deletions code/API_definitions/device-roaming-status.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@ info:
- For security / fraud reasons, to establish that a customer is located where they claim to be
- For service delivery reasons, to ensure that the customer has access to particular service, and will not incur roaming charges in accessing them
## Relevant terms and definitions
* **Device**: A device refers to any physical entity that can connect to a network and participate in network communication.
Expand All @@ -37,15 +36,17 @@ info:
The endpoint `POST /retrieve` allows to get roaming status and country information (if device in roaming situation) synchronously.
### Authorization and authentication
# Further info and support
## Authorization and authentication
The "Camara Security and Interoperability Profile" provides details on how a client requests an access token. Please refer to Identify and Consent Management (https://github.com/camaraproject/IdentityAndConsentManagement/) for the released version of the Profile.
Which specific authorization flows are to be used will be determined during onboarding process, happening between the API Client and the Telco Operator exposing the API, taking into account the declared purpose for accessing the API, while also being subject to the prevailing legal framework dictated by local legislation.
It is important to remark that in cases where personal user data is processed by the API, and users can exercise their rights through mechanisms such as opt-in and/or opt-out, the use of 3-legged access tokens becomes mandatory. This measure ensures that the API remains in strict compliance with user privacy preferences and regulatory obligations, upholding the principles of transparency and user-centric data control.
# Identifying the device from the access token
## Identifying the device from the access token
This API requires the API consumer to identify a device as the subject of the API as follows:
- When the API is invoked using a two-legged access token, the subject will be identified from the optional `device` object, which therefore MUST be provided.
Expand All @@ -54,32 +55,29 @@ info:
This approach simplifies API usage for API consumers using a three-legged access token to invoke the API by relying on the information that is associated with the access token and was identified during the authentication process.
## Error handling:
### Error handling:
- If the subject cannot be identified from the access token and the optional `device` object is not included in the request, then the server will return an error with the `422 MISSING_IDENTIFIER` error code.
- If the subject can be identified from the access token and the optional `device` object is also included in the request, then the server will return an error with the `422 UNNECESSARY_IDENTIFIER` error code. This will be the case even if the same device is identified by these two methods, as the server is unable to make this comparison.
# Multi-SIM scenario handling
## Multi-SIM scenario handling
In multi-SIM scenarios where more than one mobile device is associated with a phone number (e.g. a smartphone with an associated smartwatch), it might not be possible to uniquely identify the device for which the roaming status should be returned from that phone number. If the phone number is used as the device identifier when querying in a multi-SIM scenario, the API may:
- respond with an error, or
- return a combined status for the multi-SIM group as a whole, or
- return the status for a single device in the multi-SIM group, which may not be the intended device.
- return a combined roaming status for the multi-SIM group as a whole, or
- return the roaming status for a single device in the multi-SIM group, which may not be the intended device.
Possible solutions in such a scenario include:
- Using the authorisation code flow to obtain an access token, which will automatically identify the intended device
- Identifying the intended device from a unique identifier for that device, such as its source IP address and port
- Check with the SIM provider whether a unique "secondary" phone number is already associated with each device, and use the secondary phone number to identify the intended device if available.
# Further info and support
(FAQs will be added in a later version of the documentation)
license:
name: Apache 2.0
url: https://www.apache.org/licenses/LICENSE-2.0.html
version: wip
x-camara-commonalities: 0.4.0
x-camara-commonalities: 0.5

externalDocs:
description: Product documentation at CAMARA
url: https://github.com/camaraproject/DeviceStatus
Expand Down

0 comments on commit c40567e

Please sign in to comment.