-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: adds initial proposal from the backlog working group #7
Conversation
🦙 MegaLinter status: ✅ SUCCESS
See detailed report in MegaLinter reports |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few comments regarding oauth.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@caubut-charter @RandyLevensalor Please refer to the work of Identity & Consent Management - there shouldn't be a need to have a detailed discussion here, especially if 3-legged is your default use case.
Regarding the definition of securitySchemes
and security
: https://github.com/camaraproject/IdentityAndConsentManagement/blob/main/documentation/CAMARA-API-access-and-user-consent.md#camara-api-specification---authorization-and-authentication-common-guidelines
And regarding the details of the flows, e.g. PKCE, see https://github.com/camaraproject/IdentityAndConsentManagement/blob/main/documentation/CAMARA-Security-Interoperability.md
The "approval" was accidentally done ... I wanted mainly to comment on the security discussion. Please consider #7 (review) as a comment. Maybe it is fine to commit the initial content, but with |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've made some very general initial comments. I understand that it's fine if you want to add this as a "wip" first version to iterate on, and you don't need to fix everything in this PR. And I will give a second thought to what refers to the functionality this API provides and how it relates to the Home Devices QoD. At the moment I'm not really sure if we need to align anything in the definitions of the two APIs.
Co-authored-by: Herbert Damker <[email protected]>
Co-authored-by: Ben Hepworth <[email protected]>
Co-authored-by: Ben Hepworth <[email protected]>
Co-authored-by: Ben Hepworth <[email protected]>
ee3b87f
to
95b5a28
Compare
Mostly done. Two tasks left:
|
Randy opened #14 to go over the glossary and remove CPE. Finished adding sec defs. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a good initial commit. As mentioned there are additional items before the fist beta release.
Requested changes made or split out into different issues.
What type of PR is this?
Add one of the following kinds:
What this PR does / why we need it:
Copies the proposal from the backlog working group into this repo.
Which issue(s) this PR fixes:
Special notes for reviewers:
Leaving this PR open for at least a couple weeks to gather initial comments and to schedule a first meeting.
Changelog input
Additional documentation