Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adapt info.description to Security and Interoperablity Profile #168

Merged
merged 1 commit into from
Jun 12, 2024
Merged

Adapt info.description to Security and Interoperablity Profile #168

merged 1 commit into from
Jun 12, 2024

Conversation

AxelNennker
Copy link
Collaborator

What type of PR is this?

  • correction

What this PR does / why we need it:

The issue #154 requests:

Clean up and update the CAMARA-API-access-and-user-consent.md document to reflect the latest profile decisions and/or to include references(*) to the new profile document where appropriate.

This PR updates the info.description section of CAMARA-API-access-and-user-consent.md that the information that API subgroups are requested to put into their OpenAPI yaml file points to the Camara Security and Interoperability Profile.

Which issue(s) this PR fixes:

Related issue: #154

@jpengar
Copy link
Collaborator

jpengar commented May 30, 2024

Could you explain why we need to change the reference pointing to ICM profile instead of CAMARA-API-access-and-user-consent.md? The content of CAMARA-API-access-and-user-consent.md is already aligned with the ICM profile, it provides a friendly description of the CAMARA defined AuthN/AuthZ flows, the technical rule set and it points to the ICM profile when needed. This info.description template is already included in multiple APIs and it would be necessary to change the content again in all of those subprojects. If it is changed, there should be a benefit.

@AxelNennker
Copy link
Collaborator Author

CAMARA-Security-Interoperability.md defines everything an API consumer and especially their developers and maybe SW-architects needs to know about getting an access token.
E.g.

CAMARA-Security-Interoperability.md is THE document for API consumers and their developers should read.

I agree that CAMARA-API-access-and-user-consent.md is a "friendly description" not only of the flows but about what we want and mandate regarding consent.

But I think that technical documents like the API yaml file should reference technical and normative documents, which means info.description should reference CAMARA-Security-Interoperability.md

@AxelNennker AxelNennker mentioned this pull request May 30, 2024
Closed
@jpengar
Copy link
Collaborator

jpengar commented May 30, 2024

CAMARA-Security-Interoperability.md defines everything an API consumer and especially their developers and maybe SW-architects needs to know about getting an access token. E.g.

CAMARA-Security-Interoperability.md is THE document for API consumers and their developers should read.

I agree that CAMARA-API-access-and-user-consent.md is a "friendly description" not only of the flows but about what we want and mandate regarding consent.

But I think that technical documents like the API yaml file should reference technical and normative documents, which means info.description should reference CAMARA-Security-Interoperability.md

CAMARA-API-access-and-user-consent.md has been normative so far and now also refers to the ICM profile when needed. So I don't agree, as long as I don't see a real benefit in modifying the template just to change a reference when that guideline is already applied (and/or is being applied) in multiple API subprojects. But of course that's my personal opinion, let's see what other WG participants think.

@AxelNennker
Copy link
Collaborator Author

CAMARA-API-access-and-user-consent.md has been normative so far and now also refers to the ICM profile when needed. So I don't agree, as long as I don't see a real benefit in modifying the template just to change a reference when that guideline is already applied (and/or is being applied) in multiple API subprojects. But of course that's my personal opinion, let's see what other WG participants think.

As stated during the ICM meeting, the change is small and many subprojects did not adapt their documents, so have to touch them anyway e.g. to use the common security scheme. Every subproject knows that changes in guidelines in Commonalities and/or ICM might require them to adapt.

@shilpa-padgaonkar
Copy link
Collaborator

Almost all API files will undergo a change before the upcoming meta-release, as the release management group has recommended changes for the info object. The upcoming meta-release is a good opportunity to get the needed changes in across subprojects.

jpengar
jpengar approved these changes Jun 10, 2024
View reviewed changes
Copy link
Collaborator

@jpengar jpengar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fair enough. LGTM.

@fernandopradocabrillo fernandopradocabrillo mentioned this pull request Jun 12, 2024
Merged
@jpengar jpengar merged commit b45bf13 into camaraproject:main Jun 12, 2024
@bigludo7 bigludo7 mentioned this pull request Jun 14, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sebdewet sebdewet sebdewet approved these changes

@jpengar jpengar jpengar approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@AxelNennker @jpengar @shilpa-padgaonkar @sebdewet