From 54247cd762a692690e5ce07ecbd69919cd51009a Mon Sep 17 00:00:00 2001
From: Eric Murray <eric.murray@vodafone.com>
Date: Fri, 26 Jul 2024 11:24:51 +0100
Subject: [PATCH 1/2] Update ICM Authorisation and Authentication template in
 qos-profiles.yaml

---
 code/API_definitions/qos-profiles.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/code/API_definitions/qos-profiles.yaml b/code/API_definitions/qos-profiles.yaml
index 032b5b518f..6804c7c5d4 100644
--- a/code/API_definitions/qos-profiles.yaml
+++ b/code/API_definitions/qos-profiles.yaml
@@ -18,7 +18,9 @@ info:
 
     # Authorization and Authentication
 
-    CAMARA guidelines defines a set of authorization flows which can grant API clients access to the API functionality, as outlined in the document [CAMARA-API-access-and-user-consent.md](https://github.com/camaraproject/IdentityAndConsentManagement/blob/main/documentation/CAMARA-API-access-and-user-consent.md). Which specific authorization flows are to be used will be determined during onboarding process, happening between the API Client and the Telco Operator exposing the API, taking into account the declared purpose for accessing the API, while also being subject to the prevailing legal framework dictated by local legislation.
+    [Camara Security and Interoperability Profile](https://github.com/camaraproject/IdentityAndConsentManagement/blob/main/documentation/CAMARA-Security-Interoperability.md) provides details on how a client requests an access token.
+
+    Which specific authorization flows are to be used will be determined during onboarding process, happening between the API Client and the Telco Operator exposing the API, taking into account the declared purpose for accessing the API, while also being subject to the prevailing legal framework dictated by local legislation.
 
     It is important to remark that in cases where personal user data is processed by the API, and users can exercise their rights through mechanisms such as opt-in and/or opt-out, the use of 3-legged access tokens becomes mandatory. This measure ensures that the API remains in strict compliance with user privacy preferences and regulatory obligations, upholding the principles of transparency and user-centric data control.
 

From 335575284bfc871fd769bc75730454992ed3ad0e Mon Sep 17 00:00:00 2001
From: Eric Murray <eric.murray@vodafone.com>
Date: Fri, 26 Jul 2024 11:27:52 +0100
Subject: [PATCH 2/2] Update ICM Authorisation and Authentication template in
 quality-on-demand.yaml

---
 code/API_definitions/quality-on-demand.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/code/API_definitions/quality-on-demand.yaml b/code/API_definitions/quality-on-demand.yaml
index 1b41ac6653..d9b4718d42 100644
--- a/code/API_definitions/quality-on-demand.yaml
+++ b/code/API_definitions/quality-on-demand.yaml
@@ -57,7 +57,9 @@ info:
 
     # Authorization and Authentication
 
-    CAMARA guidelines defines a set of authorization flows which can grant API clients access to the API functionality, as outlined in the document [CAMARA-API-access-and-user-consent.md](https://github.com/camaraproject/IdentityAndConsentManagement/blob/main/documentation/CAMARA-API-access-and-user-consent.md). Which specific authorization flows are to be used will be determined during onboarding process, happening between the API Client and the Telco Operator exposing the API, taking into account the declared purpose for accessing the API, while also being subject to the prevailing legal framework dictated by local legislation.
+    [Camara Security and Interoperability Profile](https://github.com/camaraproject/IdentityAndConsentManagement/blob/main/documentation/CAMARA-Security-Interoperability.md) provides details on how a client requests an access token.
+
+    Which specific authorization flows are to be used will be determined during onboarding process, happening between the API Client and the Telco Operator exposing the API, taking into account the declared purpose for accessing the API, while also being subject to the prevailing legal framework dictated by local legislation.
 
     It is important to remark that in cases where personal user data is processed by the API, and users can exercise their rights through mechanisms such as opt-in and/or opt-out, the use of 3-legged access tokens becomes mandatory. This measure ensures that the API remains in strict compliance with user privacy preferences and regulatory obligations, upholding the principles of transparency and user-centric data control.