Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Proposed text that removes "WiFi is out of scope" and proposed operator token #153

Open
wants to merge 11 commits into
base: main
Choose a base branch
from

Conversation

AxelNennker
Copy link
Collaborator

Proposed text that removes "WiFi is out of scope" and proposes operator token to be used on e.g. WiFi

What type of PR is this?

Add one of the following kinds:

  • enhancement/feature

What this PR does / why we need it:

Currently NumberVerification only works if the access token is requested over a mobile connection because only a mobile network connection enables the Communications Provider/MNO to determine the subscriber be means of network-based authentication.

The PR removes text that restricts the use of the NumberVerification API to over a mobile connection.
The PR introduces text that states that an operator token, which is obtained after EAP-AKA, is an alternative to a mobile network connection.
If the API consumer has obtained an operator token, then operator token should be used by the API Consumer because the operator token is associated with information which operator has issued it, which enables e.g. an aggregator to route OIDC authorization code flow request to the communications provider/MNO.

Which issue(s) this PR fixes:

Fixes #86

Additional documentation

ICM Allow to use operator_token (from TS43) to identify device on authentication request

Operator Token TS.43 Service Entitlement Configuration
Operator Token Authorisation Sever – Authenticator Capabilities Group

Copy link

github-actions bot commented Nov 4, 2024

🦙 MegaLinter status: ✅ SUCCESS

Descriptor Linter Files Fixed Errors Elapsed time
✅ ACTION actionlint 2 0 0.04s
✅ OPENAPI spectral 1 0 1.67s
✅ REPOSITORY git_diff yes no 0.01s
✅ REPOSITORY secretlint yes no 0.76s
✅ YAML yamllint 1 0 0.31s

See detailed report in MegaLinter reports

MegaLinter is graciously provided by OX Security

@jgarciahospital
Copy link
Collaborator

Hi @AxelNennker, thanks for the proposal.

I'd propose to wait until camaraproject/IdentityAndConsentManagement#145 is closed to make this modification, otheruntil that moment the API is not ready to fulfill the Wi-Fi cases requirements.

Additionally, I'd not separate the scenarios in two separated, instead we may need to think in a main (operator token) and fallback scenario (current network-based authcode) that can fulfill both options. Let's discuss it in a audio call, so we can also align other parts of the APi documentation that may require modifications.

AxelNennker and others added 8 commits November 5, 2024 08:24
Co-authored-by: Rafal Artych <[email protected]>
Co-authored-by: Rafal Artych <[email protected]>
Co-authored-by: Rafal Artych <[email protected]>
Co-authored-by: Rafal Artych <[email protected]>
Co-authored-by: Rafal Artych <[email protected]>
Co-authored-by: Rafal Artych <[email protected]>
Co-authored-by: Rafal Artych <[email protected]>
Co-authored-by: Rafal Artych <[email protected]>
@AxelNennker
Copy link
Collaborator Author

I'd propose to wait until camaraproject/IdentityAndConsentManagement#145 is closed to make this modification, otheruntil that moment the API is not ready to fulfill the Wi-Fi cases requirements.

@jgarciahospital yes, the merging should be coordinated with camaraproject/IdentityAndConsentManagement#145. I wanted work on operator token here because NumberVerification is the "natural" use case for operator token.

Additionally, I'd not separate the scenarios in two separated, instead we may need to think in a main (operator token) and fallback scenario (current network-based authcode) that can fulfill both options. Let's discuss it in a audio call, so we can also align other parts of the APi documentation that may require modifications.

It would be nice if you wrote "suggestions" for this PR with the text you prefer. If the discussion here gets lengthy and pros and cons of different ways to do it get hard to resolve, then the meeting is the best place to resolve differences.
That is, of course, just my preferred work mode. You can do it differently.

Regarding declaring operator token the main scenario, I think we are not there yet because the MNO has to have an endpoint that creates the operator token. Usually that endpoint is an Entitlement Server implementing GSMA's TS.43 Service Entitlement Configuration. This is a MNO business decision and a CAMARA business decisison. Here in this group we can enable technology and thereby enable business.

@mengan discusses some variants how the API consumer can get an operator token in #86 (comment) Not all of them are "silent" at least not the first time. It is then for the API consumer to decide whether they want to send the user through that user interaction. The OS vendor might feel the need to ask the user for permission whether the user allows getting an operator token from the carrier for the API consumer at least once.

All, please suggest text or propose topics to consider. Maybe we need a separate CAMARA document (in ICM) discussing e.g. operator token use cases. Or such a use case could be added to https://github.com/camaraproject/NumberVerification/blob/main/documentation/API_documentation/NumberVerification_verify_User_Story.md or both...
I do not cling to my text proposal made in this PR.

Sorry, the github editor introduces blanks which the user cannot see.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

integration to on device application (EAP-AKA)
3 participants