Release Candidate r2.2

CHANGELOG.md

@@ -2,6 +2,7 @@
 
 ## Table of Contents
 
+- **[r2.2](#r22)**
 - **[r2.1](#r21)**
 - **[r0.2.1](#r021)**
 - **[r0.2.0](#r020)**
@@ -18,6 +19,50 @@ The below sections record the changes in each release as follows:
 * for subsequent release-candidate(s), only the delta to the previous release-candidate
 * for a public release, the consolidated changes since the previous public release
 
+# r2.2
+
+## Release Notes
+
+This pre-release contains the definition and documentation of:
+
+* "Identity and Consent Management" v0.3.0-rc.1
+
+The content of the release includes the "Identity And Consent Management" approved deliverables in **[documentation](https://github.com/camaraproject/IdentityAndConsentManagement/tree/r2.2/documentation)** folder.
+  > The mandatory `info.description` [template](https://github.com/camaraproject/IdentityAndConsentManagement/blob/r2.2/documentation/CAMARA-API-access-and-user-consent.md#mandatory-template-for-infodescription-in-camara-api-specs) defined for "Authorization and authentication" has been modified and will eventually need to be adopted by all API definitions.
+
+NOTE: The Working Group release numbering has been updated to adopt the same release notation as is used for API sub-projects.
+
+### Added
+
+* Lifetime handling of client assertions on client authentication by @eric-murray in https://github.com/camaraproject/IdentityAndConsentManagement/pull/216
+* Recommend signed authentication requests for CIBA by @eric-murray in https://github.com/camaraproject/IdentityAndConsentManagement/pull/217
+* Operator token `login_hint` format by @AxelNennker in https://github.com/camaraproject/IdentityAndConsentManagement/pull/218
+* Response codes for error scenarios by @garciasolero in https://github.com/camaraproject/IdentityAndConsentManagement/pull/220
+* Clarification on the use of sender constraint tokens via "Demonstrating Proof of Possession" (DPoP) by @AxelNennker in https://github.com/camaraproject/IdentityAndConsentManagement/pull/225
+* `login_hint` statement for Authorization Code Flow by @jpengar in https://github.com/camaraproject/IdentityAndConsentManagement/pull/242
+* Recommend signed authentication requests for Authorization Code Flow by @AxelNennker in https://github.com/camaraproject/IdentityAndConsentManagement/pull/251
+* Agreed conclusion statement about authentication method in the Authorization Code Flow by @jpengar in https://github.com/camaraproject/IdentityAndConsentManagement/pull/253
+
+### Changed
+
+* Updated the `CAMARA-Security-Interoperability.md` document to replace Telco and Operator terms with API Provider by @AxelNennker in https://github.com/camaraproject/IdentityAndConsentManagement/pull/201
+* Updated terms and definitions in the `CAMARA-API-access-and-user-consent.md` document for better writing and understanding by @jpengar and @chrishowell in https://github.com/camaraproject/IdentityAndConsentManagement/pull/212
+* Updated the `CAMARA-API-access-and-user-consent.md` document with editorial and general writing improvements by @jpengar and @chrishowell in https://github.com/camaraproject/IdentityAndConsentManagement/pull/213
+* Updated `info.description` template in the `CAMARA-API-access-and-user-consent.md` document with revised wording by @jpengar and @chrishowell in https://github.com/camaraproject/IdentityAndConsentManagement/pull/214
+* Updated the `CAMARA-ICM-examples.md` document with more CIBA examples by @sebdewet in https://github.com/camaraproject/IdentityAndConsentManagement/pull/237
+
+### Fixed
+
+* Fixed error description for missing openid scope in the `CAMARA-Security-Interoperability.md` document by @AxelNennker in https://github.com/camaraproject/IdentityAndConsentManagement/pull/210
+* Clarify case sensitivity of parameter names and values in the `CAMARA-Security-Interoperability.md` document by @eric-murray in https://github.com/camaraproject/IdentityAndConsentManagement/pull/221
+* Fixed "bc_authorize" typo in the `CAMARA-API-access-and-user-consent.md` document by @AxelNennker in https://github.com/camaraproject/IdentityAndConsentManagement/pull/248
+
+### Removed
+
+N/A
+
+**Full Changelog**: https://github.com/camaraproject/IdentityAndConsentManagement/compare/r0.2.1...r2.2
+
 # r2.1
 
 ## Release Notes

README.md

@@ -16,11 +16,11 @@ Repository to describe, develop, document and test the Identity And Consent Mana
 
 ## Release Information
 
-* `NEW`: Alpha release of the "Identity and Consent Management" guidelines and documentation for the CAMARA APIs is available under the tag [r2.1](https://github.com/camaraproject/IdentityAndConsentManagement/tree/r2.1). It contains the current [version](/VERSION.yaml) of the documents which are relevant for [Spring25 meta-release](https://lf-camaraproject.atlassian.net/wiki/spaces/CAM/pages/14560849/Meta-release+Spring25), including:
-  * [CAMARA APIs access and user consent management](https://github.com/camaraproject/IdentityAndConsentManagement/blob/r2.1/documentation/CAMARA-API-access-and-user-consent.md)
-  * [CAMARA Security and Interoperability Profile](https://github.com/camaraproject/IdentityAndConsentManagement/blob/r2.1/documentation/CAMARA-Security-Interoperability.md)
-    >NOTE: the Working Group release numbering has been updated to adopt the same release notation as is used for API sub-projects.
-* Release 0.2.1 of the "Identity and Consent Management" guidelines and documentation for the CAMARA APIs is available under the tag [r0.2.1](https://github.com/camaraproject/IdentityAndConsentManagement/tree/r0.2.1). It contains the current version of the documents which are relevant for [Fall24 meta-release](https://lf-camaraproject.atlassian.net/wiki/spaces/CAM/pages/14549015/Meta-release+Fall24), including:
+* `NEW`: The "Spring25" release candidate of the "Identity and Consent Management" guidelines and documentation for the CAMARA APIs is available under the tag [r2.2](https://github.com/camaraproject/IdentityAndConsentManagement/tree/r2.2). It contains the current [version](/VERSION.yaml) of the documents which are relevant for the [Spring25 meta-release](https://lf-camaraproject.atlassian.net/wiki/spaces/CAM/pages/14560849/Meta-release+Spring25), including:
+  * [CAMARA APIs access and user consent management](https://github.com/camaraproject/IdentityAndConsentManagement/blob/r2.2/documentation/CAMARA-API-access-and-user-consent.md)
+  * [CAMARA Security and Interoperability Profile](https://github.com/camaraproject/IdentityAndConsentManagement/blob/r2.2/documentation/CAMARA-Security-Interoperability.md)
+  >NOTE: the Working Group release numbering has been updated to adopt the same release notation as is used for API sub-projects.
+* The "Fall24" public release r0.2.1 of the "Identity and Consent Management" guidelines and documentation for the CAMARA APIs is available under the tag [r0.2.1](https://github.com/camaraproject/IdentityAndConsentManagement/tree/r0.2.1). It contains the public version of the documents which are relevant for the [Fall24 meta-release](https://lf-camaraproject.atlassian.net/wiki/spaces/CAM/pages/14549015/Meta-release+Fall24), including:
   * [CAMARA APIs access and user consent management](https://github.com/camaraproject/IdentityAndConsentManagement/blob/r0.2.1/documentation/CAMARA-API-access-and-user-consent.md)
   * [CAMARA Security and Interoperability Profile](https://github.com/camaraproject/IdentityAndConsentManagement/blob/r0.2.1/documentation/CAMARA-Security-Interoperability.md)
 * The latest **public release** of guidelines and documentation for CAMARA APIs is available [here](https://github.com/camaraproject/IdentityAndConsentManagement/releases/latest).

VERSION.yaml

@@ -1 +1 @@
-version: 0.3.0-alpha.1
+version: 0.3.0-rc.1

documentation/CAMARA-API-access-and-user-consent.md

@@ -338,11 +338,11 @@ The {scope} is the specific scope defined to protect this operation.
 The documentation template below must be used as part of the API documentation in `info.description` property in the CAMARA API specs:
 
 ```
-### Authorization and authentication
+# Authorization and authentication
 
 The "Camara Security and Interoperability Profile" provides details of how an API consumer requests an access token. Please refer to Identity and Consent Management (https://github.com/camaraproject/IdentityAndConsentManagement/) for the released version of the profile.
 
-The specific authorization flows to be used will be agreed upon during the onboarding process, happening between the provider of the application consuming the API and the operator's API exposure platform, taking into account the declared purpose for accessing the API, whilst also being subject to the prevailing legal framework dictated by local legislation.
+The specific authorization flows to be used will be agreed upon during the onboarding process, happening between the API consumer and the API provider, taking into account the declared purpose for accessing the API, whilst also being subject to the prevailing legal framework dictated by local legislation.
 
 In cases where personal data is processed by the API and users can exercise their rights through mechanisms such as opt-in and/or opt-out, the use of three-legged access tokens is mandatory. This ensures that the API remains in compliance with privacy regulations, upholding the principles of transparency and user-centric privacy-by-design.
 ```