Skip to content

Commit

Permalink
Merge pull request #124 from AxelNennker/MOM-2024-02-14
Browse files Browse the repository at this point in the history 
MOM-2024-02-14
  • Loading branch information
@AxelNennker
AxelNennker authored Feb 20, 2024
2 parents ec599e9 + 26ef030 commit 81f341c
Showing 1 changed file with 104 additions and 0 deletions.
104 changes: 104 additions & 0 deletions documentation/MeetingMinutes/2024/MOM-2024-02-14.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,104 @@
# Identity and Consent Management meeting

#### *February 14, 2024*

<br>

## Attendees

| Companies | Attendees |
| --------- | --------- |
| Deutsche Telekom AG | [Herbert Damker](https://wiki.camaraproject.org/display/~hdamker), [Axel Nennker](https://wiki.camaraproject.org/display/~ignisvulpis), [Shilpa Padgaonkar](https://wiki.camaraproject.org/display/~shilpa.padgaonkar) |
| Ericsson | [Elisabeth Mueller](https://wiki.camaraproject.org/display/~elisabethmueller), [Jan Friman](https://wiki.camaraproject.org/display/~Jan_Friman) |
| Gapask | Rajesh Murthy |
| GSMA | Mark Cornall, Toyeeb Rehman, Tom van Pelt |
| KPN | [Huub Appelboom](https://github.com/HuubAppelboom) |
| Nokia | [Tanja De Groot](https://wiki.camaraproject.org/display/~TanjaDeGroot), [Gaurav Agarwal](https://wiki.camaraproject.org/display/~gaurav2192) |
| OIDF | [Bjorn Hjelm (OIDF)](https://github.com/bhjelm), [Joseph Heenan](https://github.com/jogu) |
| Shabodi | Kevin Howe-Patterson |
| Singtel | [Foo Ming Hui](https://wiki.camaraproject.org/display/~mhfoo) |
| Spry Fox Networks | [Ramesh Shanmugasundaram](https://wiki.camaraproject.org/display/~sfnuser), [Parichaya Shrivastava](https://wiki.camaraproject.org/display/~lfsfn) |
| T-Mobile PL | [Dawid Wroblewski](https://github.com/DT-DawidWroblewski), [Artych, Rafał](https://wiki.camaraproject.org/display/~rart) |
| T-Mobile US | [Karabulut, Murat](https://wiki.camaraproject.org/display/~gmuratk) |
| Telefónica | [Jesús Peña García-Oliva](https://github.com/jpengar), [Diego Gonzalez Martínez](https://github.com/diegogonmar), Guido García,<br> Juan Fabio García, Pedro Ballesteros, David Vallejo,<br> Juan Antonio Hernando, Diego Yonadi |
| Vodafone | Sönke Peters, [Sachin Kumar](https://wiki.camaraproject.org/display/~sachinvodafone)|
| Vodacom | [Surajj Jaggernath](https://wiki.camaraproject.org/display/~surajjj) |

[Camara People](https://wiki.camaraproject.org/browsepeople.action)

[Participants](https://github.com/camaraproject/Governance/blob/main/PARTICIPANTS.MD)

<br>

## Agenda

1. Recent updates & recap
2. Issues and PRs. Priority discussions (most active issues and/or dependencies for release v0.2):
- **Camara profile of OIDF and IETF standards**
- Please comment on https://github.com/camaraproject/IdentityAndConsentManagement/issues/122 .
- **offline access** #123 https://github.com/camaraproject/IdentityAndConsentManagement/pull/123
- **Discussion on Issue #100 "Claims to be used in oAuth Access tokens".**
- **Discussion on Issue #108 "Question to documentation update for security schemes".**
- **Discussion on Issue #104 "Alignment of Client Credential authentication / authorization using API Gateway Pattern".**

3. Action Points
4. AoB

<br>

## Meeting Technicallities

Jesús offered that ownership of the meeting invite could be transferred to the new chair. Axel said that for now this can stay as it is.
Jesús points out that the current owner of the meeting invitation (Jose Antonio Ordoñez Lucena) is leaving the company, and it might make sense for Axel, as moderator, to have his own meeting invitation under his control. Because the meeting invitation may be left uncontrolled (no possibility to change the schedule, etc.) once Jose Antonio leaves and we may need to create a new meeting invitation anyway.


## Discussion on Consensus in Camara Working Groups

Recapitulation of the previous discussion on this topic: Jesús and Diego said there was consensus achieved during a WG call that we continue working on https://github.com/camaraproject/IdentityAndConsentManagement/pull/113
Herbert said that lazy-consensus is the Camara way. Shilpa said no consensus was achieved.
Jesús disagrees and clarifies from his view of what happened in the previous call that the WG participants were asked, considering the different opinions, if we could agree as a way forward to continue with the "self-contained" contribution (PR #113) with compromise to properly note any changes related to the reused standard. And there was support from Ericsson, GSMA, and no objection from others on the call. DT of course preferred the delta approach, but Axel mentioned that he wouldn't disagree with the WG as long as the changes to the standard are properly marked in the document.
Axel proposed that consensus should be achieved on Github because not everybody can attend meetings. Diego said that is not the Camara way and all CAMARA subprojects actually make decisions during the calls, and active WG participants are well aware of this. Axel's proposal was rejected, lazy-consensus it is in Camara WGs.
Shilpa proposed that if there is an important decision suggested to be made at the next meeting, then this should be communicated a few days before the meeting. So, that people know about the importance of the next meeting and attend when otherwise they would not attend.
We agreed that is must be clear whether consensus is achieved or not, and that we need to get better on this.

## Discussion the Way Forward regarding the Profile

Jesús recapitulated the last meeting where PR #113 was discussed and that consensus was achieved.
Axel and Shilpa did not agree with consensus beeing achieved - see previous section.
Axel said that he created the issue https://github.com/camaraproject/IdentityAndConsentManagement/issues/122 and kindly asked WG members to comment on the issue.
Axel also created PR https://github.com/camaraproject/IdentityAndConsentManagement/pull/121 and asked people to review it.

After some discussion we agreed that WG members comment on the issue and review the PR seeking resolution and a decision whether to use the DT proposal or the TEF proposal as our WG's policy document.
Elizabeth suggested that if discussions on GitHub get too long, we would call for a side meeting, anounce it on the mailing this and seek consensus.

Axel agreed with this proposal and no objections where heard.

Axel asked Bjorn Hjelm for his/OIDF's opinion. Bjorn said that OIDF is here to help.

We agreed that if neither the commenting on the issue nor the review of the PR lead to consensus, the WG seek a vote at TSC.


## Discussion about [offline-access and Refresh Token PR](https://github.com/camaraproject/IdentityAndConsentManagement/pull/123)

Jesús said that as previously discussed and agreed in the WG, and as per CAMARA TSC (Technical Steering Committee) decision, all documentation related to the NBI CAMARA API interface will only be placed in CAMARA. CAMARA will be the source of truth for northbound interface. GSMA Opengateway will simply adopt what is defined in CAMARA. And Jesús suggests that we first focus on moving the necessary documentation to the CAMARA Identity & Consent WG repository as agreed. And then, if the WG participants want to revisit the content of the documentation, we can open a new issue for that, no problem. This would allow us to wrap up a long discussion, close issue https://github.com/camaraproject/IdentityAndConsentManagement/issues/82, and move on to the next needed discussion without blocking this track by creating new dependencies between issues
And example was given that some Commonalities document was moved to ICM and this is similar. Shilpa objected that moving a document from Camara to Camara is different.
Jesus disagrees because the AuthN-Auth Z document also contained information, for example, about authorization flows that were not agreed upon in the I&CM working group and other features that were not even discussed. And in fact, that document was reworked after being moved and even removed for the v0.2.0 release. Same process can be followed now.
Axel asked meeting attendents to describe the Camara use case for offline-access and comment on the PR why Camara needs offline-access in ICM.
Diego pointed out that ICM already has a document that indicates that Refresh Tokens are within covered scenarios, and the document is included in release v0.1.0 thus support for Refresh Token is already included. Diego indicates which document it is: https://github.com/camaraproject/IdentityAndConsentManagement/blob/main/documentation/CAMARA-API-access-and-user-consent.md?plain=1#L240.
Also indicates that upon former agreement, the only thing being done is moving info to CAMARA for v0.2, but not changing scope. And that discussion for v0.3 may happen anyway
Axel replyied that OIDC offline-access is only offline-access to the user-info endpoint and that refresh tokens are a different thing.
Diego said that he personally is not for or against the [offline-access PR](https://github.com/camaraproject/IdentityAndConsentManagement/pull/123) but that this PR just follows the agreed way forward of moving documentation to Camara.
We agreed that reviews should be written.

## Closing Remarks

Axel kindly asked participants to comment on issues and to review PRs and most importantly contribute text changes to PR.
WGs thrive only if members become participants. So, again please participate. Please comment and review.



<br>

## AoB

- Next call schedule: February 28, 2024.

0 comments on commit 81f341c

Please sign in to comment.