-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Resolution on where the documentation of ICM AuthN/AuthZ common guidelines for API specs must be located #160
Comments
Now the current situation is described and the issue raised. From my point of view:
|
Thanks to ICM for defining the openid security scheme for all APIs to use. However, I also see that the PR camaraproject/Commonalities#208, makes the design guidelines doc look more complete. IMHO I see benefit to the readers if all OpenAPI defintions are in one place in the API design guidelines doc. |
This has been a very polarising issue (the one related to securitySchemes), and it is already happening (with all the overhead and confusion that entails) that there are more than one open issue in Commonalities, API subprojects, Slack messages, and even multiple issues in the ICM just related to securitySchemes. Having this information in the ICM would allow us to have better control over it, and also guide CAMARA participants to the decisions made by the ICM and TSC, avoiding overhead and confusion. This is a BIG benefit IMHO to keep the information where it is now. As I said, in general I tend to agree with you that it is better to have everything in one place if possible, but for this matter I believe it will bring as more problems than benefits. From a document reader's perspective, it is just one click to browse the github documentation in ICM, which means nothing. There are plenty of other references like this in the API design guidelines or the ICM profile itself and it is not a problem. It's like browsing through the Confluence pages... I see a clear benefit, and I don't see a problem with keeping it the way it is. |
Copied from camaraproject/Commonalities#208 (comment) Main question is whether or not moving OpenAPI security schemes and info.description to OpenAPI definitions Pro :
Contra moving arguments:
Options:
|
|
Please avoid the word "vote" :-) |
Proposal is to keep the document https://github.com/camaraproject/IdentityAndConsentManagement/blob/main/documentation[/CAMARA-API-access-and-user-consent.md intact. |
For some reason, some of your suggestions in https://github.com/camaraproject/Commonalities/pull/208/files#top don't seem to be formatted correctly by github. But If I understand your suggestions correctly, it would be fine with me. Maybe @AxelNennker could try to apply your suggestions to confirm it. |
@AxelNennker has already done this. I've just added a few suggestions. So hopefully we can all agree to close this. CC @Elisabeth-Ericsson @shilpa-padgaonkar |
Commonalities PR camaraproject/Commonalities#208 is MERGED (with changes agreed after ICM 5 June meeting discussions) and issue camaraproject/Commonalities#207 is CLOSED. So, I'm going to close this issue after agree on a resolution on where and how to document the ICM AuthN/AuthZ common guidelines for API specs. |
Problem description
Current status: The ICM AuthN/AuthZ common guidelines for the CAMARA API specifications are currently documented in CAMARA-API-access-and-user-consent.md. So far it standardises the specification of
securitySchemes
andsecurity
openAPI fields across all CAMARA API subprojects with common mandatory guidelines as agreed by the TSC and the participants of this working group (see #57 and #93 for further details on the process resulting in this documentation).An issue has been opened in Commonalities camaraproject/Commonalities#207 to reflect the decisions of Camara Security and Interoperablity Profile in Camara API Design Guidelines. It would be similar to the work done in ICM in #154 and #155 but with
CAMARA-API-access-and-user-consent.md
document.A new PR camaraproject/Commonalities#208 has also been created to address issue camaraproject/Commonalities#207. However, this PR not only includes changes to the new ICM profile, but also moves without notice in ICM the information related to the
securitySchemes
andsecurity
guidelines specified in the ICM documentation, which are not part of the ICM profile document. This PR did not even include in the description that the PR was moving this piece of information as well (this was later corrected by @AxelNennker after it was raised in the PR comments). And the PR also changed the source information in the ICM documentation. This PR changes even the content of such a sensitive part as theinfo.description
template, which needed a long review and approval by the ICM working group participants. Changing this information should be reviewed and approved by ICM.After discussion during the ICM meeting on 22 May, it was agreed to create a new issue on the ICM working group github in order to make this issue visible to the ICM working group participants, let them express their opinions, and eventually agree on a resolution on where the documentation of the ICM AuthN/AuthZ common guidelines for API specs should be located: ICM doc vs. Commonalities doc.
CC @Elisabeth-Ericsson @tanjadegroot @diegogonmar @AxelNennker
Expected action
securitySchemes
andsecurity
guidelines specified in ICMCAMARA-API-access-and-user-consent.md
document.Additional context
You can find additional context in the comments of:
The text was updated successfully, but these errors were encountered: