Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

preparing for a Release #36

Merged
merged 1 commit into from
Oct 11, 2023
Merged

preparing for a Release #36

merged 1 commit into from
Oct 11, 2023

Conversation

DT-DawidWroblewski
Copy link
Collaborator

What type of PR is this?

Add one of the following kinds:

  • cleanup

What this PR does / why we need it:

to create a v0.5.0 release

Which issue(s) this PR fixes:

Special notes for reviewers:

Changelog input

Additional documentation

bigludo7
bigludo7 approved these changes Oct 11, 2023
View reviewed changes
Copy link
Collaborator

@bigludo7 bigludo7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - Thanks

@DT-DawidWroblewski DT-DawidWroblewski merged commit 69ce357 into camaraproject:main Oct 11, 2023
@fernandopradocabrillo
Copy link
Collaborator

Hi @DT-DawidWroblewski @bigludo7
I'm checking the release and I can see that we still have the old securitySchemes model. We should update it to OpenId and align with the rest of APIs.

@DT-DawidWroblewski
Copy link
Collaborator Author

Hi @fernandopradocabrillo !

this API used client credentials from the very beginning, as it does not involve user resource. Therefore, we can use client credentials here explicitly.

I see no reason to make this update.

@bigludo7 what do you think about it?

@bigludo7
Copy link
Collaborator

Hello @fernandopradocabrillo @DT-DawidWroblewski

This is a good sample to discuss ! .... probably should be raise here: camaraproject/IdentityAndConsentManagement#57
I've same perspective than Dawid that Client Credentials is just good enough for this.

Question for Fernando: Do we want for an API like this one go thru openIdConnect as securityScheme type which is a bit cumbersome, and not usual for this kind of API, for the sake of CAMARA global consistency?

@fernandopradocabrillo
Copy link
Collaborator

@DT-DawidWroblewski @bigludo7

Actually my opinion on forcing OpenId is not that strong on this one. On one side I think that, for this case specifically, leaving the Client Credentials may be just good enough since the auth flow is pretty clear and not that opened to discussion as it may be in Sim swap or Number Verification.
And on the other hand I also think that if we are aiming for standarization we should come to an agreement and a common way of expressing things, having a global consistency across all APIs so a developer have a sense of uniformity when implementing every service of the CAMARA family. Also, multiple documentations support the possibility of use client credentials under openId definition, so we wouldn't actually be changing the type of authorization, just the way we express it.
I think my opinion tends to favour the latter, but it is something a bit complex and still under discussion I'm afraid. Definitly a topic to discuss under Commonalities WG or in camaraproject/IdentityAndConsentManagement#57 as Ludovic mentioned.

@nickvenezia
Copy link

Would a solution that works with opened and meets local privacy regulation be beneficial?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bigludo7 bigludo7 bigludo7 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@DT-DawidWroblewski @fernandopradocabrillo @bigludo7 @nickvenezia