Add guidance for multi-SIM scenarios #378
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
eric-murray
requested review from
hdamker,
RandyLevensalor and
jlurien
as code owners
jlurien
reviewed
Nov 26, 2024
|
|
||
| In multi-SIM scenarios where more than one mobile device is associated with a phone number (e.g. a smartphone with an associated smartwatch), it might not be possible to uniquely identify the device to which the QoS provisioning should apply from that phone number. If the phone number is used as the device identifier when provisioning in a multi-SIM scenario, the API may respond with an error, or may apply the provisioning to a device other than the intended device. | ||
|
|
||
| Possible workarounds in such a scenario include: |
There was a problem hiding this comment.
Suggested change
| Possible workarounds in such a scenario include: | |
| Possible mitigation in such a scenario include: |
jlurien
reviewed
Nov 26, 2024
|
|
||
| Possible workarounds in such a scenario include: | ||
| - Using the authorisation code flow to obtain an access token, which will automatically identify the intended device | ||
| - Identifying the intended device from a unique identifier for that device, such as its source IP address and port |
There was a problem hiding this comment.
Suggested change
| - Identifying the intended device from a unique identifier for that device, such as its source IP address and port | |
| - Identifying the intended device from a unique identifier for that device, such as its source IP address and port. This applies as well as the recommended value for the `login_hint` parameter of the OIDC CIBA flow. |
jlurien
reviewed
Nov 26, 2024
| Possible workarounds in such a scenario include: | ||
| - Using the authorisation code flow to obtain an access token, which will automatically identify the intended device | ||
| - Identifying the intended device from a unique identifier for that device, such as its source IP address and port | ||
| - Check with the SIM provider whether a unique "secondary" phone number is already associated with each device, and use the secondary phone number to identify the intended device |
There was a problem hiding this comment.
Suggested change
| - Check with the SIM provider whether a unique "secondary" phone number is already associated with each device, and use the secondary phone number to identify the intended device | |
| - Check with the SIM provider whether a unique "secondary" phone number is already associated with each device, and use the secondary phone number to identify the intended device if available. |
jlurien
reviewed
Nov 26, 2024
| In multi-SIM scenarios where more than one mobile device is associated with a phone number (e.g. a smartphone with an associated smartwatch), it might not be possible to uniquely identify the device to which the QoS provisioning should apply from that phone number. If the phone number is used as the device identifier when provisioning in a multi-SIM scenario, the API may respond with an error, or may apply the provisioning to a device other than the intended device. | ||
|
|
||
| Possible workarounds in such a scenario include: | ||
| - Using the authorisation code flow to obtain an access token, which will automatically identify the intended device |
There was a problem hiding this comment.
If we finally approve in Commonalities that a device identifier in request body is incompatible with a 3-legged access token (and "In this case, a 422 UNNECESSARY_IDENTIFIER error code MUST be returned"), then we can remark that
Suggested change
| - Using the authorisation code flow to obtain an access token, which will automatically identify the intended device | |
| - Using the authorisation code flow to obtain an access token, which will automatically identify the intended device. Moreover, in this case, no other device identifier must be included in the request. |
jlurien
reviewed
Nov 26, 2024
There was a problem hiding this comment.
In line with the latest consensus in camaraproject/Commonalities#324, I have included some suggestions. They will apply to all the 3 APIs with minor adjustments.
jlurien
reviewed
Nov 26, 2024
|
|
||
| # Multi-SIM scenario handling | ||
|
|
||
| In multi-SIM scenarios where more than one mobile device is associated with a phone number (e.g. a smartphone with an associated smartwatch), it might not be possible to uniquely identify the device to which the QoS provisioning should apply from that phone number. If the phone number is used as the device identifier when provisioning in a multi-SIM scenario, the API may respond with an error, or may apply the provisioning to a device other than the intended device. |
There was a problem hiding this comment.
Another possibility is to apply the service to all the devices associated to the phone number:
Suggested change
| In multi-SIM scenarios where more than one mobile device is associated with a phone number (e.g. a smartphone with an associated smartwatch), it might not be possible to uniquely identify the device to which the QoS provisioning should apply from that phone number. If the phone number is used as the device identifier when provisioning in a multi-SIM scenario, the API may respond with an error, or may apply the provisioning to a device other than the intended device. | |
| In multi-SIM scenarios where more than one mobile device is associated with a phone number (e.g. a smartphone with an associated smartwatch), it might not be possible to uniquely identify the device to which the QoS provisioning should apply from that phone number. If the phone number is used as the device identifier when provisioning in a multi-SIM scenario, the API may respond with an error, or may apply the provisioning to all the devices associated with the phone number. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What type of PR is this?
What this PR does / why we need it:
Provides guidance on using the QoD APIs in multi-SIM scenarios
Which issue(s) this PR fixes:
Fixes #376
Special notes for reviewers:
This guidance will need to be updated when Commonalities Issue #302 is resolved
Changelog input
Additional documentation
None