Geofencing API - Definition of the scope in the yaml

[bigludo7]

Problem description Definition of the security scope for subscription endpoint. As of now we have GET geofencing subscriptions & GET /{id}: location-retrieval:read POST geofencing subscriptions : no scope DELETE geofencing subscriptions: location-retrieval:delete

Are we sure that we should not have subscriptions word in the technical scope ? location-retrieval:read is used for location retrieval sync API and here this is distinct as the geofencing API can run for one time. I'm not a legal expert but from my perspective allowing to get my location now is distinct that allowing to get a notification each time I entered or left a defined area.

Possible evolution Have specific scope like geofencing:subscription:add, geofencing:subscription:read and geofencing:subscription:delete

Alternative solution

Additional context

[jlurien]

it sounds to me like a copy&paste mistake. Scopes in that API must be prefixed by the correct api name there

[jlurien]

Solved by https://github.com/camaraproject/DeviceLocation/pull/116