clarification related to issue 108 added to CAMARA-API-access-and-user-consent.md

[Elisabeth-Ericsson]

What type of PR is this?

• documentation

What this PR does / why we need it:

urgent clarification needed on mechanism to decide for authorization flow to apply for API invocation

Which issue(s) this PR fixes:

Fixes #108

Special notes for reviewers:

A single paragraph describing the handling on authorization flow selection during API product order has been added at the end of the document.

@shilpa-padgaonkar: Can you please have a look at this ?

[jpengar]

@Elisabeth-Ericsson I've added Axel and the active participants in issue #108.

My main concern with the proposed text is that we should keep CAMARA technical documentation and API specs separate from Open Gateway product definitions and legal dependencies. So, for example, specifying the 1:1 relationship between Open Gateway product and APIs (which AFAIK is true so far), and things like that, should not be done in the CAMARA I&CM technical docs. These docs only provide the supported technical flows, the technical ruleset to be applied to support the different potential CAMARA use case scenarios and so on. I'm fine with including further clarifications as a result of issue #108 (if needed), but not specific Open Gateway definitions that should be agnostic to CAMARA, right?

Let's see what others think.

[eric-murray]

The text proposal uses many terms that are not in the CAMARA glossary. Please use terms already defined in the glossary where possible. If you need to use a term that is not defined, please provide a definition for that and introduce it into the glossary.

Without clear definitions, these sorts of statements are open to misinterpretation.

Also, I agree that CAMARA specifications should say nothing about "products" or attempt to give legal guidance. Leave that to Open Gateway. CAMARA should just focus on providing the technical mechanisms that allow API Providers to offer API products that are compliant with local regulation.

[Elisabeth-Ericsson]

@eric-murray: I agree to remove the note on current API to API product relationship.
However, API product offerings refers to the TMF operate APIs 931, this has nothing to do with legal guidance at all.
This is also not Open Gateway specific. The "API product" approach originates from TMF 931 API Product Order.
The TMF 931 API product order is the mechanism and point in time when the auth flow to be used is agreed.

I will rephrase and include the reference to TMF 931.

[eric-murray]

@Elisabeth-Ericsson
TM Forum and the TMF Operate APIs are also separate from CAMARA, and so also much better discussed within Open Gateway. CAMARA APIs can be used without the TMF Operate APIs, so must not have any dependency on them. Far better not to mention them at all.

[bigludo7]

Hello @Elisabeth-Ericsson
Same than @eric-murray for me; I will not mention TMF operates API in CAMARA documentation because it can create confusion.

Reference them make sense in Open Gateway for sure but not here.

[Elisabeth-Ericsson]

References to TMF Operate APIs removed, since these are only applicable to scenario with aggregators/channel partners

[shilpa-padgaonkar]

/LGTM

[jpengar]

@Elisabeth-Ericsson FYI. I've edited the PR description only to correct the format of this part:

Which issue(s) this PR fixes:
Fixes #108

So, when this PR is merged, issue #108 will be automatically closed :)

[jpengar]

LGTM

[bigludo7]

LGTM

[AxelNennker]

LGTM

[AxelNennker]

I would like to merge this. We have some approvals and no further comments for a week.
@eric-murray @rartych @HuubAppelboom Please review

[Elisabeth-Ericsson]

@AxelNennker: can you please merge this pull request ? All reviewers have approved.

[jpengar]

@AxelNennker: can you please merge this pull request ? All reviewers have approved.

With @AxelNennker 's permission, I can do it. No problem.