Merge branch 'main' into feat/qod-provision

CODEOWNERS

@@ -5,7 +5,7 @@
 # For more details, read the following article on GitHub: https://help.github.com/articles/about-codeowners/.
 
 # These are the default owners for the whole content of this repository. The default owners are automatically added as reviewers when you open a pull request, unless different owners are specified in the file.
-* @hdamker @eric-murray @RandyLevensalor
+* @hdamker @eric-murray @RandyLevensalor @jlurien
 
 # Owners of the CODEOWNER and Maintainer.md files are the admins of CAMARA (to allow them to keep the teams within the CAMARA organization in sync in case of changes)
 /CODEOWNERS @camaraproject/admins

README.md

@@ -16,15 +16,15 @@ Repository to describe, develop, document and test the QualityOnDemand API famil
   * set quality for a flow within an access network connections (e.g. mobile device connection or fixed access between a home gateway and the service providers gateway router)
       * Session mode, for a specific duration
       * Provision mode, indefinitely for each time the device connects to the same access network
-  * get notification if network cannot fulfill  
-* Describe, develop, document and test the APIs (with 1-2 Service Providers)  
+  * get notification if the network cannot fulfill  
+* Describe, develop, document and test the APIs (with 1–2 Service Providers)  
 * Started: October 2021
 * Location: virtually  
 
 ## Meetings
 
 * Meetings are held virtually: [Meeting registration / Join](https://zoom-lfx.platform.linuxfoundation.org/meeting/94112812156?password=f238d6af-c959-48d7-a862-abdb3c648e40)
-* Schedule: bi-weekly, Friday, 2 PM CET/CEST (13:00 UTC, 12:00 UTC during European DST). For date/time of next meeting see previous [meeting minutes](https://wiki.camaraproject.org/display/CAM/Quality+on+Demand+Meeting+Minutes).
+* Schedule: bi-weekly, Friday, 2 PM CET/CEST (13:00 UTC, 12:00 UTC during European DST). For date/time of the next meeting, see previous [meeting minutes](https://wiki.camaraproject.org/x/0AOeAQ).
 
 ## Status and released versions
 
@@ -36,7 +36,7 @@ Repository to describe, develop, document and test the QualityOnDemand API famil
     - [View it on Swagger Editor](https://editor.swagger.io/?url=https://raw.githubusercontent.com/camaraproject/QualityOnDemand/release-0.10.1/code/API_definitions/qod-api.yaml)
     - OpenAPI [YAML spec file](https://github.com/camaraproject/QualityOnDemand/blob/release-0.10.1/code/API_definitions/qod-api.yaml)
 
-* The previous released version v0.9.0 is availabe within the [release-0.9.0 branch](https://github.com/camaraproject/QualityOnDemand/tree/release-0.9.0)
+* The previous released version v0.9.0 is available within the [release-0.9.0 branch](https://github.com/camaraproject/QualityOnDemand/tree/release-0.9.0)
 * For changes between v0.10.0 and v0.9.0 see the [CHANGELOG.md](https://github.com/camaraproject/QualityOnDemand/blob/main/CHANGELOG.md)
 
 * Provider implementations (PI) are available within separate repositories (partly for previous releases):
@@ -47,5 +47,5 @@ Repository to describe, develop, document and test the QualityOnDemand API famil
 
 ## Contributorship and mailing list
 
-* To subscribe / unsubscribe to the mailing list of this Sub Project and thus be / resign as Contributor please visit <https://lists.camaraproject.org/g/sp-qod>.
+* To subscribe / unsubscribe to the mailing list of this Sub Project and thus be / resign as Contributor, please visit <https://lists.camaraproject.org/g/sp-qod>.
 * A message to all Contributors of this Sub Project can be sent using <[email protected]>.

code/API_definitions/qos-profiles.yaml

@@ -16,40 +16,52 @@ info:
 
     How QoS profiles are mapped to connectivity characteristics are subject to agreements between the communication service provider and the API invoker. Within the CAMARA project, you can find a sample for such a mapping of QoS profiles. [CAMARA QoS Profiles Mapping Table (REFERENCE DRAFT)](https://github.com/camaraproject/QualityOnDemand/blob/main/documentation/API_documentation/QoSProfile_Mapping_Table.md)
 
+    # Authorization and Authentication
+
+    [Camara Security and Interoperability Profile](https://github.com/camaraproject/IdentityAndConsentManagement/blob/main/documentation/CAMARA-Security-Interoperability.md) provides details on how a client requests an access token.
+
+    Which specific authorization flows are to be used will be determined during onboarding process, happening between the API Client and the Telco Operator exposing the API, taking into account the declared purpose for accessing the API, while also being subject to the prevailing legal framework dictated by local legislation.
+
+    It is important to remark that in cases where personal user data is processed by the API, and users can exercise their rights through mechanisms such as opt-in and/or opt-out, the use of 3-legged access tokens becomes mandatory. This measure ensures that the API remains in strict compliance with user privacy preferences and regulatory obligations, upholding the principles of transparency and user-centric data control.
+
     # Further info and support
 
     (FAQs will be added in a later version of the documentation)
-  termsOfService: http://swagger.io/terms/
-  contact:
-    email: [email protected]
   license:
     name: Apache 2.0
     url: https://www.apache.org/licenses/LICENSE-2.0.html
   version: wip
+
 externalDocs:
   description: Product documentation at Camara
   url: https://github.com/camaraproject/
-security:
-  - oAuth2ClientCredentials: []
+
 servers:
   - url: "{apiRoot}/qos-profiles/vwip"
     variables:
       apiRoot:
         default: http://localhost:9091
         description: API root, defined by the service provider, e.g. `api.example.com` or `api.example.com/somepath`
+
 tags:
   - name: QoS Profiles
     description: Manage QoS Profiles
+
 paths:
   /qos-profiles:
     get:
       tags:
         - QoS Profiles
       summary: "Get All QoS Profiles"
       description: |
-        Returns all QoS Profiles that match the given criteria.
-        If no criteria is given, all QoS Profiles are returned.
+        Returns all QoS Profiles that match the given criteria, or all profiles if no criteria is specified.
+
+        The access token may be either a 2-legged or 3-legged access token. If the access token is 3-legged, all returned QoS Profiles must be available to all end users associated with the access token.
+
       operationId: getQosProfiles
+      security:
+        - openId:
+            - qos-profiles:qos-profiles:read
       parameters:
         - name: name
           in: query
@@ -95,6 +107,12 @@ paths:
       operationId: getQosProfile
       description: |
         Returns a QoS Profile that matches the given name.
+
+        The access token may be either a 2-legged or 3-legged access token. If the access token is 3-legged, a QoS Profile is only returned if available to all end users associated with the access token.
+
+      security:
+        - openId:
+            - qos-profiles:qos-profiles:read
       parameters:
         - name: name
           in: path
@@ -128,14 +146,9 @@ paths:
 
 components:
   securitySchemes:
-    oAuth2ClientCredentials:
-      description: |
-        The QoS Profiles API makes use of the OAUTH 2.0 client credentials grant which is applicable for server to server use cases involving trusted partners or clients without any protected user data involved. In this method the API invoker client is registered as a confidential client with an authorization grant type of client_credentials
-      type: oauth2
-      flows:
-        clientCredentials:
-          tokenUrl: https://api.example.com/oauth/token
-          scopes: {}
+    openId:
+      type: openIdConnect
+      openIdConnectUrl: https://example.com/.well-known/openid-configuration
 
   parameters:
     x-correlator:
@@ -231,8 +244,7 @@ components:
         maxDuration:
           description: |
             The maximum time period that this profile can be deployed.
-            NOTE: currently the duration within `sessionInfo` is limited to 86400 seconds (1 day).
-            The value of `maxDuration` shouldn't therefore exceed this time period. The limitation might be removed in later versions.
+            Overall session duration must not exceed this value. This includes the initial requested duration plus any extensions.
           allOf:
             - $ref: "#/components/schemas/Duration"
         priority: