Merge pull request #65 from camaraproject/bigludo7-patch-1

Update Authorization and authentication part accordingly to ICM
camaraproject · Jun 13, 2024 · dd933bc · dd933bc
2 parents ff02525 + d7da5b9
commit dd933bc
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/code/API_definitions/one-time-password-sms.yaml b/code/API_definitions/one-time-password-sms.yaml
@@ -13,6 +13,14 @@ info:
 
     # Resources and Operations overview
     This API currently provides two endpoints, one to send an OTP to a given phone number and another to validate the code received as input.
+
+    # Authorization and authentication
+    [Camara Security and Interoperability Profile](https://github.com/camaraproject/IdentityAndConsentManagement/blob/main/documentation/CAMARA-Security-Interoperability.md) provides details on how a client requests an access token.
+
+    Which specific authorization flows are to be used will be determined during onboarding process, happening between the API Client and the Telco Operator exposing the API, taking into account the declared purpose for accessing the API, while also being subject to the prevailing legal framework dictated by local legislation.
+
+    It is important to remark that in cases where personal user data is processed by the API, and users can exercise their rights through mechanisms such as opt-in and/or opt-out, the use of 3-legged access tokens becomes mandatory. This measure ensures that the API remains in strict compliance with user privacy preferences and regulatory obligations, upholding the principles of transparency and user-centric data control.
+
   version: wip
   termsOfService: http://example.com/terms/
   contact: