camaraproject / DeviceLocation

Repository to describe, develop, document and test the DeviceLocation API family
Apache License 2.0
21 stars 31 forks source link

Support of Multi-SIM lines in DeviceLocation APIs #257

Open jlurien opened 2 months ago

jlurien commented 2 months ago

Problem description As introduced in https://github.com/camaraproject/Commonalities/issues/302, for Multi-SIM services. providing a phoneNumber as input does not identify a single device uniquely.

Current DeviceLocation specs do not consider or give guidelines about how to behave in scenarios when the input is only a phoneNumber of a Multi-SIM service and specific device (SIM) cannot be inferred from the access token or other device identifier.

Possible evolution Discuss the problem and alternatives. There may be impact in other tracks, such as IC&M. We may need also to discuss implications in the short term when dealing with this situation in current versions.

In the case of DeviceLocation each API has each own considerations, as each SIM may be located in a different place:

Alternative solution

alpaycetin74 commented 2 months ago
eric-murray commented 2 months ago

We should wait until Commonalities (Issue #302) and probably ICM have clarified the treatment of multi-SIM groups before making any decisions. Currently, it is implicit that the device object and 3-legged tokens only identify a single device and not a related group of devices. I don't think it is at all a given that end user consent for the primary device means end user consent for all devices in the group, and APIs need to consider this.

What this sub-project can do is clarify or extend the use cases supported by the API given the existence of multi-SIM groups. The implication above is that the API should locate the entire group as a whole. But maybe the API consumer wants to locate only a single device from within the group (such as a "Find my smartwatch" app)?

By clarifying the use cases you want to support, the requirements on how CAMARA should handle multi-SIM groups may become clearer.

jlurien commented 2 months ago

A problem is that probably we cannot generalize the concept of a primary or main device in a multi-SIM pack, as not all implementations support this concept, A MSISDN may be linked to several IMSIs without any hierarchy between them. Also, there is no a simple universal solution to identify several devices in a response in a way that is friendly to the client (e.g. smartphone, smart watch, tablet, etc), apart from the privacy issues that this kind of identification would imply.

eric-murray commented 2 months ago

@jlurien Yes, I agree that some implementations of multi-SIM may make some use cases impossible for API providers that use these implementations. If the use case requires to locate an individual device, and a given device identifier (in this case MSISDN) is ambiguous, then that identifier cannot be used. Either another identifier (e.g. ip / port) or a new identifier (e.g. IMSI) should be used. But really this is something Commonalities and ICM should resolve, before pushing a solution to impacted APIs.

I'd recommend being careful to define API use cases around what an API consumer would find useful, and not around what all implementations can currently support. I don't really see the use case for locating a multi-SIM group as a whole, but that is for the sub-project to decide.

bigludo7 commented 1 month ago

As discussed during Oct22th meeting, we still need to think about UC as location retrieval will be probably mainly used for non-personal device (for user-privacy reason). For IoT we do not have the question of multi-sim and if we have very few UC for location-retrieval and multi-sim this is perhaps a corner case for our API.