-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Proposed text on network-based authentication #173
Conversation
The subscriber is not necessarily the user. Network-based authentication identifies the subscription. A child of the subscriber using their phone which has a contract owned by a parent might not be legally allowed to decide about consent. Network-based authentication is only a second factor to user authentication and user consent.
Please have a look at what the document defines as
So please note that when the document refers to the user, it means the Telco Operator subscriber. |
Clarified the PR description. |
I am not happy with the definition of "user" in documentation/CAMARA-API-access-and-user-consent.md because I find it confusing and contrary to what is usually defined to be a user by non-telco readers, but that is not part of this PR. I say that mixing user and subscriber is a typical telco. Camara API Design guidelines tell us to avoid telco terminology. I, personally, mixing subscriber and user falls under that guideline. |
I would have just said for the End User : And I would prefer resource owner for User. |
@sebdewet please create a PR for the glossary if you think that should be a change.
|
I think that "user" is not as specific as it can be here. Only the "unusall" definition of user in the glossary make the use of the term "user" workable. But why avoid the correct term "subscription"? |
If we commit my suggestion above (keeping the term "subscription" in that sentence), I'm fine with merging the PR. And then we can discuss the correct term to use along the document in another issue/PR as suggested here by @AxelNennker. That change would require reviewing all text along the document and we would be better off doing that in a separate PR if eventually needed. This is actually related to the existing issue #98. In Axel's absence I could commit my suggestion and merge this PR I think, if you @sebdewet are okay with it and with what I mentioned above. |
Commit suggestion as agreed in the June 19 WG meeting call
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
I'm merging this PR as agreed in the June 19 WG meeting call, since there have been no further comments or feedback. |
LGTM |
There is no OAuth sub in OAuth2.
There is an id_token.sub in OIDC.
Network authentication identifies the subscription which is primarily defined by the IMSI.
If there is a one-to-one relationship between between IMSI and MSISDN then network authentication also identifies the MSISDN. If one subscriber has multiple SIMs with the same MSISDN then things might go wrong for the Camara API, because the user might want some QoD for the device they are currently using but not for the other with the same.
What type of PR is this?
What this PR does / why we need it:
sub
with the access token.