Merge pull request #13 from DT-DawidWroblewski/main

reshaping the content (+readme.md update)
camaraproject · Jan 24, 2023 · fd49456 · fd49456
2 parents 0fdc9c3 + 9e99204
commit fd49456
Show file tree

Hide file tree

Showing 5 changed files with 91 additions and 7 deletions.
diff --git a/...n/API_documentation/Check_sim_swap_API.md → ..._definitions/CAMARA/Check_sim_swap_API.md b/...n/API_documentation/Check_sim_swap_API.md → ..._definitions/CAMARA/Check_sim_swap_API.md
diff --git a/...s/checkSimSwap-v0.3.0.camara.swagger.yaml → ...A/checkSimSwap-v0.3.0.camara.swagger.yaml b/...s/checkSimSwap-v0.3.0.camara.swagger.yaml → ...A/checkSimSwap-v0.3.0.camara.swagger.yaml
diff --git a/code/API_definitions/MC_ATP.yaml → ...API_definitions/MobileConnect/MC_ATP.yaml b/code/API_definitions/MC_ATP.yaml → ...API_definitions/MobileConnect/MC_ATP.yaml
diff --git a/...ation/API_documentation/API_definition.md → ...nitions/MobileConnect/MobileConnectATP.md b/...ation/API_documentation/API_definition.md → ...nitions/MobileConnect/MobileConnectATP.md
@@ -42,7 +42,7 @@ In specific use cases, the SP (Service Provider) server needs to have access to
 
 **Figure 1** illustrates the Client Credential mode flow. This specification details the parameters involved in the Access Token Request and Response.
 
-![Figure 1 - Mobile Connect Client Credentials Mode Flow](assets/images/figure1cc.png)
+![Figure 1 - Mobile Connect Client Credentials Mode Flow](/SimSwap/documentation/API_documentation/assets/images/figure1cc.png)
 
 The high level flow is as follows:
 
@@ -60,7 +60,7 @@ The use of Client Credentials profile implies that personal data are not involve
 
 ### UML Diagram
 
-[PUML sequence diagram for MC ATP client credentials](../UML/sequenceDiagram.puml)
+[PUML sequence diagram for MC ATP client credentials](/SimSwap/documentation/UML/sequenceDiagram.puml)
 
 ## ATP Service Specification
 
@@ -86,10 +86,10 @@ Both the names and the values of these HTTP headers MUST be treated as case inse
 
 ### ATP API details
 
-YAML proposal:
+YAML files:
 
-1. [MC](../../code/API_code/simSwap.yaml)
-2. [OAS](../../code/API_code/checkSimSwap-v0.3.0.camara.swagger.yaml)
+1. [MC](/SimSwap/code/API_definitions/MobileConnect/MC_ATP.yaml)
+2. [OAS](/SimSwap/code/API_definitions/CAMARA/checkSimSwap-v0.3.0.camara.swagger.yaml)
 
 #### Mobile Connect Account Takeover Protection with SIM Swap
 
@@ -196,6 +196,7 @@ Connection: keep-alive
 Content-Length: 0
 
 ##### Resource Response
+
 >{
     "simChange": "2019-10-18T00:00:00",
-}
+}
diff --git a/documentation/API_documentation/README.MD b/documentation/API_documentation/README.MD
@@ -1 +1,84 @@
-Here you can add your documentation and delete this README.MD file
+# SIM swap API documentation
+
+## Overview
+
+### Introduction
+
+CAMARA Sim Swap API aims to deliver information about last SIM change event to prefent Account Takeover fraud.
+
+CAMARA community agreed to enable SIM swap API in two complementary flavours:
+
+1. Based on CAMARA standardization guidelines, that enables API service on a dedicated endpoint and follows CAMARA AuthN/AuthZ concept. [More details available here](#details)
+2. Based on GSMA Mobile Connect standardized family of Identity APIs, that delivers Account Takeover Protection service. [More details available here](#details)
+
+### Quick start
+
+1. Download one of yaml files.
+2. Contact CAMARA API maintainers to get guidance on the onboarding process:
+
+   * [Deutsche Telekom - Dawid Wróblewski](https://github.com/DT-DawidWroblewski)
+   * [Telefonica - Mona Mokhber](https://github.com/monamok)
+   * [Orange - Ludovic Robert](https://github.com/bigludo7)
+
+### Onboarding process for Mobile Connect
+
+1. Describe your Use case within *Use Case Declaration Form* - provided by MNO employee that guides you through the whole process. MNOs require you to provide data like (it is a subject to local market/MNO conditions what is required):
+
+* Name/Address/Website/Contact
+* Business Type
+* Mobile Connect product that is required for a use case
+* Use case description, from the consumer point of view (preferably with screenshots, sequence diagrams, and information about where Mobile Connect product shall be used)
+* Purpose - the reason for using Mobile Connect
+* Privacy Policy details
+* Consent Policy details, including the process of consent acquisition
+
+2. Register *redirect_uri*
+3. Register MSISDNs you would like to test ATP/Sim Swap API
+4. Register MSISDN to pass secrets (e.g. client_secret or API-key)
+
+Upon successful onboarding following details are shared:
+
+1. **client_id** - used for requesting Mobile Connect services
+2. **client_secret** - passed in a secured way, e.g. by SMS to MSISDN provided during onboarding
+
+## Authentication and/or Authorization
+
+[Camara AuthN/AuthZ Concept]()
+[Mobile Connect ATP use OAUTH2.0 Client Credendials for Authentication](https://www.gsma.com/identity/wp-content/uploads/2022/12/IDY.56-Mobile-Connect-Client-Credentials-Profile-v1.0.pdf)
+
+## Documentation
+
+### Details
+
+|Flavour|Details Page|
+|---|---|
+|CAMARA|[DetailsPage](/SimSwap/code/API_definitions/CAMARA/Check_sim_swap_API.md)|
+|Mobile Connect|[DetailsPage](/SimSwap/code/API_definitions/MobileConnect/MobileConnectATP.md)|
+
+
+### Endpoint definitions
+
+
+|Flavour|Endpoint type|Endpoint path|
+|---|---|---|
+|CAMARA|AuthN/AuthZ||
+||resource|/verify|
+|Mobile Connect|AuthN|/token|
+||resource|/userinfo|
+
+### Errors
+
+Described inside yaml files.
+
+### Release Notes
+
+|No|Version|Changelog|
+|:---:|---:|:---|
+|1|0.5.0|Camara & Mobile Connect flavours available|
+
+## API Spec
+
+|Flavour|yaml|
+|---|---|
+|CAMARA SIM swap|[yaml](/SimSwap/code/API_definitions/CAMARA/checkSimSwap-v0.3.0.camara.swagger.yaml)|
+|Mobile Connect Account Takeover Protection|[yaml](/SimSwap/code/API_definitions/MobileConnect/MC_ATP.yaml)|