Added sequence diagrams with RFC 9101

[mhfoo]

What type of PR is this?

Add one of the following kinds:

• documentation

What this PR does / why we need it:

Implement RFC 9101 for securing the /authorise endpoint.

Which issue(s) this PR fixes:

Fixes #93

Special notes for reviewers:

Please review the diagrams and provide your comments.

Changelog input

 release-note
Update diagram to reflect RFC 9101

Additional documentation

This section can be blank.

docs

[bigludo7]

Hello @ECORMAC
Any update on this?
I've noted to wait from feedback from you before to move forward.

[ECORMAC]

Hi Ludovic,
My apologies for the dealy. Checked the last flow done by Ming (simplified showing the aggregator etc.). I think it looks good now. Good-to-go from my side.
Thanks,
Cormac

[bigludo7]

/LGTM

[fernandopradocabrillo]

Hi, I've checked with my collegues from Identity and there are a few issues we are yet not sure about:

1. The request object according to RFC 9101 is not yet in the CAMARA ICM profile. It will probably be but, for now, is not yet approved,
2. The max_age param does not make sense in this flow since network auth must occur for every authorization. See previous comment
3. The way the scopes and purposes are sent is not the one appoved for the current version of ICM in CAMARA.
4. In general, aggregation or federetion should be out of the CAMARA scope. It is something defined in Opengateway, in CAMARA the API consumer could be the BE of an App or an aggregator, but CAMARA is not involve in how the routing should be or if there is or not a Telco Finder, etc. It is an entity defined in Opengateway.

The main thing here is that, even being a Telefónica's proposal, the use of RFC9101 hasn't been defined or agreed at CAMARA level yet, so I think we should at least wait for the ICM resolution and then continue with this topic.

[bigludo7]

I'm not sure how to move forward on this... @mhfoo @fernandopradocabrillo @ECORMAC @AxelNennker any suggestion?

[mhfoo]

I'm not sure how to move forward on this... @mhfoo @fernandopradocabrillo @ECORMAC @AxelNennker any suggestion?

@bigludo7 The intention is to raise it again for Spring25 meta-release. see ICM issue #128

I will create the issue in ICM again, before 30 Sept and add to the following:
ICM 0.3.0 - preparing the scope for meta-release Spring25

[ECORMAC]

I'm not sure how to move forward on this... @mhfoo @fernandopradocabrillo @ECORMAC @AxelNennker any suggestion?

@bigludo7 The intention is to raise it again for Spring25 meta-release. see ICM issue #128

I will create the issue in ICM again, before 30 Sept and add to the following: ICM 0.3.0 - preparing the scope for meta-release Spring25

@bigludo7: As Ming states think we agreed earlier to deal with this in the Spring release.