GSMA Certification #146
Replies: 5 comments 12 replies
-
|
At the moment the GSMA is refusing to certificate the CK Hutchison implementation since it us using Client Credentials authentication method. At the same time, they acknowledged the implementation and the API appeared into their website for all the CKH affiliate operators. |
Beta Was this translation helpful? Give feedback.
-
|
The version of the CFS API under certification is the one from Fall24. In Fall24 the ICM text in info.description only refers to 3Legs. In Sping25 the text also refers to 2Legs. So it is more complete, nevertheless, in my view in both the releases Client Credential is allowed. In both the releases we have this text: _"The specific authorization flows to be used will be agreed upon during the onboarding process, happening between the provider of the application consuming the API and the operator's API exposure platform, taking into account the declared purpose for accessing the API, whilst also being subject to the prevailing legal framework dictated by local legislation. In cases where personal data is processed by the API and users can exercise their rights through mechanisms such as opt-in and/or opt-out, the use of three-legged access tokens is mandatory. "_ I read it as: according to the local regulation, according to the specificity of the Service provided and according to the agreement between the Service Provider and the API Producer, IF user consent is required, THEN 3Legs is mandatory. This doesn't exclude to expose the CFS API as 2Legs if there are the right conditions. In my understanding (more clearly stated in Spring25), according to the specific case, an API can be exposed using 2Legs or 3 Legs. @hdamker, @tanjadegroot, @AxelNennker, what do you think about? |
Beta Was this translation helpful? Give feedback.
-
|
@StefanoFalsetto-CKHIOD is the GSMA certification officially closed? If the certification process is still open, we can still move forward with a tentative v1.0.0 as planned here: #115 (comment) otherwise, if the certification process is closed with a negative feedback, we should move forward with v0.3.0. |
Beta Was this translation helpful? Give feedback.
-
|
Dear All, |
Beta Was this translation helpful? Give feedback.
-
|
Conclusion: it is correct that the CFS API supports both 2Legs and 3Legs. 3Legs is mandatory for the CFS API implementation to be certified by GSMA Please note: 3Legs is only required for APIs involving personal data (as discussed below) |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
To keep trace of the ongoing GSMA certification process and of the outcomes that could lead to inputs for the API Development.
Beta Was this translation helpful? Give feedback.
All reactions