security and scopes for the Device Location API

[geethansip]

Problem description

Does the workstream already have a definition for the " security" and "scope" values to specify the purpose of the location APIs? We are trying to streamline the consent flows, and we would like to align ourselves with the proposed values if there are any.

I can see there is an action item related to this in the MOM of last WG meeting.

Expected action

If these are not specified, think of going ahead with the values below. Appreciate it if the WG owners could provide some advice on this.

paths: /retrieve: post: security:

• openid
  • device-location:retrieve tags:
• Location retrieval summary: 'Execute location retrieval for a user equipment' operationId: retrieveLocation

paths: /verify: post: security:

• openid
  • device-location:verify tags:
• Location verification summary: 'Execute location verification for a user equipment' operationId: verifyLocation

Additional context

[bigludo7]

Hello @geethansip Sorry for the latency.

Please check here: https://github.com/camaraproject/IdentityAndConsentManagement/blob/main/documentation/CAMARA-API-access-and-user-consent.md#applying-purpose-concept-in-the-authorization-request You'll find there the global pattern covering purpose, consent, /authorize, etc... Then in the yaml of each api you'll find the 'technical scope'

Hope it helps.