Use scopes and introduce a pairwise pseudonymous identifier#92
Use scopes and introduce a pairwise pseudonymous identifier#92AxelNennker wants to merge 4 commits intocamaraproject:mainfrom AxelNennker:AxelNennker-use-scopes
Conversation
|
Hi @AxelNennker This PR was discussed at the last Device Identifier sub-project meeting. Everyone was fine with introducing PPID as a third device identifier, but controlling this via scopes through a single endpoint was not agreed. If you want PPID to be part of the Spring 25 meta-release version, I would suggest to reformulate this PR as an additional endpoint If you want to keep the PR unchanged, then I'll put it in the backlog for now, and we can discuss following finalisation of the Spring 25 version. |
|
Hi @AxelNennker I opened Issue #109 and PR #110 to introduce the PPID option as an additional endpoint. If you have any comments on that approach, please comment in the issue. If you want to pursue the approach of using scopes to customise the output of an endpoint (i.e. the MobileConnect approach), please raise an issue in Commonalities to introduce that approach to CAMARA. |
|
I think data minimization is not optional - at least in GDPR land and also in UK. @eric-murray created a PR that introduces a new endpoint for PPID. Endpoints allow API Providers to return "not implemented" but #110 does not use have that error, which I applaud. So, #110 must be implemented by all API Providers. I think we should merge this PR because data minimization is required and we get better privacy because this PR also introduces PPID. What are the reasons not to merge this? |
I think that using scopes is the OpenId way to "customize" the output of an endpoint. DeviceIdentifier is not as flexible as KYC FillIn and here we do not really have a data-minimization problem because the data is always in IMEI or IMEISV already and returning e.g. the "vendor" is more or less a convenience function. From an API design perspective I would not include e.g. vendor, TAC etc because implementing this is extra effort and who is liable if the data is wrong? Regarding PPID I still prefer the scope and one endpoint and change the possible output of that one endpoint, but I think that PPID is a big improvement and I just LGTM-ed the PR that introduces a new endpoint for that. Imagine an iPhone insurance, where currently most insurers insist on knowing the IMEI because it is a globally unique identifier that identifies the device. A PPID might be enough for this use case. |
What type of PR is this?
Add one of the following kinds:
What this PR does / why we need it:
For privacy reasons the API consumer should be able to specify which data fields should be returned. Only required data should be asked for and returned by the API.
See Art. 5 GDPR Principles relating to processing of personal data.
See UK Information Commisioner's Office
As always in CAMARA the allowed scopes for an API consumer are determined a Onboarding Time.
For privacy reasons globally unique and permanent identifiers should be avoided.
IMEI and IMEISV are such globally unique and permanent identifiers.
Globally unique and permanent identifiers allow user tracking across API consumers.
Colluding API consumers can track the user.
This PR uses scopes which allow the API consumer to specify which data they want in the API result.
This PR introduces the identifier PPID (pairwise pseudonymous identifier) which is local to the API producer or if based on a sector_identifier to a group of API consumers.
Additional Context
#36