Closed eric-murray closed 1 year ago
@eric-murray: in the notes clause, you state that "the API will not work if the route between the network and the web service includes proxies, VPNs or other network elements that NAT the source IP address". However, this is not an uncommon scenario in commercial deployments, right?
Hi! I recommend having a look at Mobile Connect specifications, which describes Pseudonymous Customer Reference (PCR) that identifies MNO subscribers.
Hi @dawid86
Mobile Connect and the PCR could be used for the type of use case being considered here, but there are important differences which would make this a better option for this specific scenario:
So whilst Mobile Connect could be used for this type of use case, the idea here is to create something more lightweight and much faster to support this specific scenario. User consent would be handled separately via terms of service with an opt-in / opt-out option. If a particular client has opted out, no identifier will be generated.
The drawback, as noted in the API proposal, is that if there is any sort of proxy or gateway between the CSP network and the application server that is SNATing, then the CSP will not be able to identify the client from the IP address / port. However, clients that route their traffic through such proxies or gateways generally don't want to be tracked anyway.
Hi, PR https://github.com/camaraproject/WorkingGroups/pull/78 has been merged together with the rest of API proposals. It will be sent out for SC approval by 13/10. If not approved, I will reopen this PR. If approved (the API proposal is allocated into a new or existing Sub-Project), you can create an issue within that Sub-Project and continue discussion there, if and when needed.
A proposal for an Anonymised Subscriber Identifier API has been uploaded here. Please add any comments you may have.
Unfortunately, I don't have permissions to add labels to this issue, so maybe somebody could do that for me.