Attendees & Representation

NameCompanyAttendee
Eric MurrayVodafone (moderator)

X

Sachin KumarVodafoneX
Kevin SmithVodafoneX
Alex FerreiraPhronesis
Matthew HornseyPhronesis
Matthew HandPhronesis
Sébastien SynoldIntersec
S, VigneshwaranCognizant
Karthik Raj RethinakumarCognizant
Manish JainCognizant
Huub AppelboomKPNX
Rafal ArtychDTX
Abhisek DasInfosys
Brian SmithShabodi
Umair Ali RashidShabodi
Foo Ming HuiSingtel
Vilim DuganicInfobip
Surajj JaggernathVodacom
Walid TrabelsiSofrecom (Orange)

Agenda

  • Review of previous meeting minutes
    • APPROVED
  • Review of Device Identifier API status
  • Discussion on requirements for IMEI Fraud
  • AOB

Review of Device Identifier API status

  • Current "work in progress" version can be found here

PRs

  • New PRs:
    • PR #55: Update CAMARA Mobile Device Identifier API.yaml
      • Proposed changes:
        • Separates API into two endpoints:
          • retrieve-identifier to obtain individual device details
          • retrieve-type to obtain type of device
        • Add scopes for each endpoint
        • Add lastChecked field to indicate when information about device was last confirmed correct
      • Fixes issues #47 and #30
  • Existing PRs:
    • None
  • Closed PRs:
    • None

Issues

  • New Issues
    • None
  • Existing Issues
    • Issue #47: Add ageOfInformation field to API response
      • Follows on from Discussion #35
      • Current API response gives no indication of when the physical device information was collected for the specified subscription identifier (e.g. phoneNumber). Dependent on the backend implementation, this information could have been collected some time earlier, and potentially be out of date
      • Current proposal is to introduce lastChecked response parameter, defined as follows:

lastChecked:
  description: Last time that the associated device identity was checked and updated if necessary
  type: string
  format: date-time

ISSUE UPDATE:

      • Will be fixed by PR #55

MEETING UPDATE:

      • None
    • ACTIONS: 
      • Huub raised issue of primary / secondary MSISDNs and multi-SIM
        • ACTION: Eric to open discussion on multi-SIM scenarios
          • Still open
        • ACTION: Eric to update documentation on MSISDN being treated as secondary MSISDN by network
          • Proposed text:
            "In scenarios where a primary MSISDN is shared between multiple devices, each of which has its own "secondary" MSISDN (e.g. OneNumber), the MSISDN passed by the API consumer will be treated as the secondary MSISDN, and hence the identifier returned will be that of the relevant associated device. In such scenarios, the "primary" device (e.g. smartphone) is usually allocated the same primary and secondary MSISDN, and hence providing the primary MSISDN will always return the identity of the primary device."
        • ACTION: All to comment on above text within PR #55 if changes are required
    • Issue #30: Security Schemes and Scopes for Device Identifier API 
      • For the two use cases (retrieve all parameters or only tac / manufacturer / model), two separate scopes are required
      • Should they be two scopes of same endpoint, or associated with separate endpoints

      • Agreement is to have two separate endpoints as follows:

        get-identifier with scope device-identifier:get-identifier which returns:

        • imeisv
        • imei
        • tac
        • model
        • manufacturer

        get-type with scope device-identifier:get-type which returns:

        • tac
        • model
        • manufacturer

ISSUE UPDATE:

      • Will be fixed by PR #55

MEETING UPDATE:

      • None
    • ACTIONS: 
      • None

    • Issue #21: API Definition Terminology
      • Issue is out of date

ACTIONS:

      • Eric to update issue text (still open)
  • Closed Issues
    • None

Discussions

  • New Discussions
    • None
  • Existing Discussions:
    • Discussion #36: Alternative device identifiers
      • An alternative proposal is to salt the IMEI with an API consumer specific salt and then hash it
      • This would a less useful identifier (only useful to the API consumer) but easier to justify providing under an opt-out or no consent basis
      • Use cases for such an alternative identifier are not clear

AGREEMENT: Leave discussion open for now, but prioritise returning IMEI / IMEISV

  • Closed Discussions
    • None

Other Issues

  • Kevin raised the point that YAML schemas should use the common schemas defined in CAMARA_common.yaml where appropriate. Ideally, they could be directly referenced, though this can cause issues with some OAS viewers.
    • ACTION: Kevin to check how OAS viewers handle external references

Discussion on IMEI Fraud API

This API will not be further discussed until API proponents attend the sub-project meetings

  • See API Proposal submission here
  • Open Discussions:
    • #37: IMEI Fraud API Input
      • Proposal is just to use a single "IMEI" field, which would accept either IMEI or IMEISV
    • #34: What values should the IMEI Fraud API respond with to indicate reported ownership status?
      • The GSMA appear to have an existing Device Check service, which includes an API. How does the CAMARA proposal differ from this?
      • Kevin highlighted a GSMA video on their Device Check service.

AGREEMENT: MTN / Huawei will join sub-project meetings from next year, so can then drive these discussion

AOB

  • Issue #48: Additional sub-project codeowner required
    • UPDATE: No additional codeowner yet identified
  • Next meeting to be held Friday 8th March 2024 @ 09:00 GMT.
  • One day, meetings will be held using the LFX Zoom service, but not yet
  • No labels