camaraproject/IdentityAndConsentManagement

Issues

• Fall24: ICM r0.2.0 clarification: Signed Request Object is optional

  #204 opened 15 days ago by mhfoo
  5

• Spring25: Proposal to RECOMMEND the use of Signed Request Object for the /authorize endpoint to prevent abuse

  #205 opened a month ago by mhfoo
  7

• ICM 0.3.0 - preparing the scope for meta-release Spring25

  #193 opened 3 months ago by jpengar
  11

• Clarity on the use of login_hint

  #191 opened 3 months ago by shilpa-padgaonkar
  12

• Clarification for authentication in the auth code flow in the Identity and consent management (r0.20.0-rc2)

  #199 opened 2 months ago by mingshiwork
  8

• Allow to use operator_token (from TS43) to identify device on authentication request

  #145 opened 7 months ago by Elisabeth-Ericsson
  22

• Proposal to Mandate Use of Signed Authentication Requests for CIBA

  #194 opened 2 months ago by eric-murray
  16

• Replace Frontend Flow to unify consent collection and reduce latency

  #197 opened 2 months ago by chrishowell
  12

• Is the service API meant to validate the content of the access token and compare this against the API parameters ?

  #174 opened 2 months ago by Elisabeth-Ericsson
  9

• DPoP support in CAMARA OIDC Profile

  #125 opened 9 months ago by gmuratk
  3

• Generalize documents by using "API provider" rather than "Telco Operator"

  #200 opened 2 months ago by tanjadegroot
  0

• ICM text should not state that `Telco Operators` are the ones providing these APIs

  #190 opened 3 months ago by RandyLevensalor
  2

• The wording in the Mandatory template for info.description is unclear

  #178 opened 4 months ago by RandyLevensalor
  2

• SP supporting CIBA with two IDPs: B2B/B2C

  #141 opened 2 months ago by questsin
  2

• W3C Data Privacy Vocabulary (DPV) reference links in ICM documentation are broken

  #195 opened 2 months ago by jpengar
  0

• Review the APIs which are targeting "stable" maturity in the Fall24 meta-release

  #189 opened 2 months ago by tanjadegroot
  12

• Application identification for usage tracking and monetization

  #126 opened 2 months ago by SyeddR
  6

• Integration to on device application (EAP-AKA) - ICM 3.0 Scope?

  #198 opened 2 months ago by bigludo7
  4

• Create ICM Release Plan

  #146 opened 2 months ago by AxelNennker
  23

• Replace internal links between ICM documents with relative links to stay within the same release tree / fork / release package

  #187 opened 3 months ago by hdamker
  5

• Link within mandatory text for all APIs points to main branch - need to be corrected in rc.2

  #185 opened 3 months ago by hdamker
  0

• OIDC authorization code flow and/or CIBA

  #176 opened 5 months ago by AxelNennker
  7

• SHADOW Add security to CAMARA_common.yaml

  #164 opened 4 months ago by AxelNennker
  0

• OAuth2 Authorization Code vs OIDC Authorization Code

  #163 opened 4 months ago by AxelNennker
  2

• Proposal to protect the /authorize endpoint for the Authorization Code Flow (Auth Code Flow) - RFC9101

  #128 opened 5 months ago by mhfoo
  27

• Resolution on where the documentation of ICM AuthN/AuthZ common guidelines for API specs must be located

  #160 opened 5 months ago by jpengar
  10

• Management of opt-out with Implicit consent (legitimate Interest)

  #138 opened 5 months ago by sebdewet
  6

• Provide API Design guidelines for OAuth2 client credentials

  #171 opened 5 months ago by AxelNennker
  5

• Add examples for CAMARA Security and Interoperability Profile

  #143 opened 5 months ago by Elisabeth-Ericsson
  11

• Fix statement about "missing sub claim" in case there is no id token

  #156 opened 5 months ago by Elisabeth-Ericsson
  2

• code folder to be removed from ICM working group ?

  #166 opened 5 months ago by tanjadegroot
  1

• "CAMARA-API-access-and-user-consent.md" aligment with last decisions made in profile doc

  #154 opened 5 months ago by jpengar
  5

• Define a CIBA OpenAPI security scheme

  #157 opened 6 months ago by AxelNennker
  11

• Define behaviour and authentication mechanism for APIs not managing private information

  #167 opened 5 months ago by jgarciahospital
  0

• Explain or remove "3-legged" in CAMARA APIs access and user consent management

  #159 opened 5 months ago by AxelNennker
  2

• Create Rich Authorization Request Examples Document

  #165 opened 5 months ago by AxelNennker
  0

• Update the Scope-section in ICM README.md

  #149 opened 5 months ago by AxelNennker
  0

• RFC7662 is mentioned twice in RFCs references list in Authentication and Authorization Concept for Service APIs

  #161 opened 5 months ago by gregory1g
  2

• Inconsistent statements about applicable authorization flows

  #131 opened 6 months ago by hdamker
  12

• Update and review of MAINTAINERS.MD file

  #151 opened 6 months ago by hdamker
  0

• Clarify role and usage of id token

  #136 opened 6 months ago by Elisabeth-Ericsson
  7

• Token Revocation if user revoked consent

  #137 opened 6 months ago by AxelNennker
  11

• Proposal to define a strict value for aud claim in the private_key_jwt

  #127 opened 6 months ago by mhfoo
  17

• Clarify on the need of optional claims in CIBA Client Authentication request.

  #132 opened 6 months ago by shilpa-padgaonkar
  6

• Clarification needed for login_hint, login_hint_token and id_token_hint

  #133 opened 6 months ago by shilpa-padgaonkar
  6

• Camara Identity Profile the way forward

  #122 opened 6 months ago by AxelNennker
  11

• Consent api spec

  #142 opened 7 months ago by questsin
  2

• Broken link in v0.1 of CAMARA-API-access-and-user-consent.md

  #139 opened 6 months ago by hdamker
  2

• More than one "purpose" in an authorization request.

  #140 opened 6 months ago by shilpa-padgaonkar
  26

• Question to documentation update for security schemes

  #108 opened 9 months ago by Elisabeth-Ericsson
  15