Closed jpengar closed 8 months ago
The proprietary format proposed for the scope claim (concatenating purpose from dpvw3c with data scope), documented in issue #32 cannot be detected by an AuthZ server, unless it is prefixed by a NAME SPACE indicator e.g. opg#. AuthZ servers of CSPs generate access tokens for various APIs exposed by CSPs, not only Camara APIs. Such they need to know when they have to implement proprietary logic.
What type of PR is this?
What this PR does / why we need it:
As per 04/10 working group call discussions:
- Robert Ludovic (Orange) asks if we can write this in GSMA. Telefonica indicates that it would be ok to move the content finally included to GSMA, either to the playbook or to the relevant chapter in GitHub.
- Jesús (Telefonica) says that a new PR can be created to fix issue #59 (updating the flows with the final agreement) and to include the agreement in the CAMARA documentation. And the corresponding flows in the GSMA github repository could be updated accordingly.
It is proposed to close issue #32 when this is done, and to continue the discussion on medium-term alternatives in a separate issue, starting a "clean" discussion, as this issue is already too long on github.
This PR is intended to fix the issue #59 correcting the flows according to agreed purpose solution and to fix the #32 documenting the purpose solution agreed by the active CAMARA participant on this issue.
Which issue(s) this PR fixes:
It fixes issues #59 and #32
Special notes for reviewers:
This PR document reached agreement on purpose solution for the short-term, discussions will be continued for the mid-term in a new issue as per 04/10 working group call discussions.