Initial contribution of Age_Verification.yaml #50
Conversation
ToshiWakayama-KDDI
requested review from
fernandopradocabrillo and
GillesInnov35
as code owners
Update the design proposal for Age Verification API specifications
|
To start the discussion
|
Proposition of User StoryUser Story: KYC Age Verification - Verify the age of a user
|
Add firstName and FamilyName attributes to be compared with MNO information
Addition of MiddleNames
|
Find a draft proposal of API documentation (to be reviewed) |
with Huub (KPN) proposition: assurance level
|
Hi @GillesInnov35 , all, Regarding the draft User Story above, it looks good to me. Just some comments for error corrections:
limlited -> limited
the KYC service (API) -> the Age Verification service (API)
the KYC Match API operations -> the Age Verificaiton API operations Thanks. |
assuranceLevel is now a enum (Low, Substancial, High) and not a score.
|
Thanks a lot @ToshiWakayama-KDDI , errors have been corrected. |
Corrections, updated Design and description
|
@ToshiWakayama-KDDI, @HuubAppelboom , @KevScarr, @fernandopradocabrillo I've updated this design proposal. Let me know if it's ok according to your comments |
|
There is a typo in the file name: age-vefification.yaml |
|
thanks @rartych for your point |
Oh, sorry, my mistake. Could add the above, please? I still do not know how to propose modification of yaml as Fernando does. Thanks, |
|
hi @ToshiWakayama-KDDI, the bellow error example exists in the errors section of AgeVerification yaml file. From what I see that is what the next Commonalities version recommend, isn't it ? for the second point which concerns Out Of Range, I've added the error example. Tell me if it's OK As the yaml file name is not corect, perhaps we should create a new PR with the last file version in order to have a global approval ? Thanks |
|
Hi @GillesInnov35 ,
To the best of my knowledge, no, I don't think so. According to the latest updated API Design guidelines https://github.com/camaraproject/Commonalities/blob/main/documentation/API-design-guidelines.md#61-standardized-use-of-camara-error-responses , my understanding is that "422 DEVICE_NOT_APPLICABLE The service is not available for the provided device. " is existing, instead of previous "422 NOT_SUPPORTED Service not supported for this phoneNumber". So, my proposal was to add "422 DEVICE_NOT_APPLICABLE The service is not available for the provided device." I hope I am correct. Many thanks, |
|
Hi @GillesInnov35 ,
Thank you so much. It is OK with me. Thanks, |
|
Hi @GillesInnov35 ,
Thanks, again. I didn't notice that. Rafal's pointing by bold finally made me notice it. Yes, we should not to forget it. Thanks, |
|
@ToshiWakayama-KDDI , regarding the PR#316 (https://github.com/camaraproject/Commonalities/pull/316/files) I don't see any reference to DEVICE. |
You can edit the filename within this PR |
following Commonalities for errors handling
Thanks Co-authored-by: Fernando Prado Cabrillo <[email protected]>
Co-authored-by: Fernando Prado Cabrillo <[email protected]>
Co-authored-by: Fernando Prado Cabrillo <[email protected]>
Co-authored-by: Fernando Prado Cabrillo <[email protected]>
| If successful, a JSON object is returned containing the following data: | ||
| - `ageCheck`: Indicate 'true' when the age of the user is the same age or older than the age threshold (age >= age threshold), and 'false' if not (age < age threshold). Otherwise, 'not_available'. | ||
| - `verifiedStatus`: true if the information provided was checked against another form of official identification, otherwise false. | ||
| - `identityMatchScore`: the overall match score of identity information provided in the request compared to what MNO holds. |
There was a problem hiding this comment.
what values can the match score have? the same as in kyc-match, 0-100?
@GillesInnov35 @ToshiWakayama-KDDI @HuubAppelboom
There was a problem hiding this comment.
I think 0-100, as specified below:
identityMatchScore:
type: "integer"
minimum: 0
maximum: 100
description: An aggregate match score of user's identity when available in the request body.
Thanks,
Toshi
|
hi @fernandopradocabrillo, yes same as kyc-match. Huub has proposed algo to calculate the result PR #81 |
Thanks Fernando Co-authored-by: Fernando Prado Cabrillo <[email protected]>
| - `POST /ageverify` | ||
| Takes the network subscription identifier (e.g. the mobile phone number for a mobile network subscriber) and check the age of the user is older than the age's threshold in the request. | ||
| If information of the user's identity such as `givenName`, `familyName`, `address` match with information held by the MNO. |
There was a problem hiding this comment.
Suggestion to replace this sentence with the below for more clarification.
Additionally, as optional function, provides (1) if age check is done against another form of official identification or not (verifiedStatus) and (2) how close the information of user's identity such as such as givenName, familyName, address etc. is to information held by the MNO (identityMatchScore).
Thanks,
Toshi
| ## Inputs | ||
| The endpoint request body is a JSON object with the following parameters: | ||
| - `phoneNumber`: The network subscription identifier (i.e. the phone number of the subscriber). [Required only in case a 2-legged flow has been agreed between API Provider and API Consumer; otherwise, none] |
There was a problem hiding this comment.
Suggestion to replace this sentence with below based on Huub's comment #50 (comment) :
phoneNumber: The network subscription identifier (i.e. the phone number of the subscriber). [Required only in case a 2-legged flow has been agreed between API Provider and API Consumer; otherwise, do not include phoneNumber]
(change to 'otherwise, none)
Thanks,
Toshi
There was a problem hiding this comment.
wdyt @ToshiWakayama-KDDI ? It sounds more restrictive
| - `phoneNumber`: The network subscription identifier (i.e. the phone number of the subscriber). [Required only in case a 2-legged flow has been agreed between API Provider and API Consumer; otherwise, none] | |
| - `phoneNumber`: The network subscription identifier (i.e. the phone number of the subscriber). [Required only in case a 2-legged flow has been agreed between API Provider and API Consumer following CAMARA directives; otherwise, phoneNumber must not be included] | |
| If successful, a JSON object is returned containing the following data: | ||
| - `ageCheck`: Indicate 'true' when the age of the user is the same age or older than the age threshold (age >= age threshold), and 'false' if not (age < age threshold). Otherwise, 'not_available'. | ||
| - `verifiedStatus`: true if the information provided was checked against another form of official identification, otherwise false. | ||
| - `identityMatchScore`: the overall match score of identity information provided in the request compared to what MNO holds. |
There was a problem hiding this comment.
Suggestion to add notes to these two sentences for more clarificaiton as below:
verifiedStatus: true if the information provided was checked against another form of official identification, otherwise false.
Note: It is optional if an API provider wants to indicate this status.identityMatchScore: the overall match score of identity information provided in the request compared to what MNO holds.
Note: It is optional for an API provider to return the match score. If an API provider decides not to return the match score, even though any ofidDocument,name,givenName,familyName,middieNames,familyNameAtBirth,birthdate,emailare included in the request body, no identityMatchScore parameter will not be returned.
I have commented similar suggestion already #50 (comment), but it has not been captured yet.
Thanks,
Toshi
There was a problem hiding this comment.
Hi @ToshiWakayama-KDDI! Thanks for the proposal. From TEF we are thinking in something similar. We would like to complete the text stating that, additionally to what you include about not returning the identityScore, it can also be calculated using internal data from the MNO and not only from the input received. For example if the line is part of a multi-line contract so we cannot be sure if it is the owner of the line, if it has parental control activated it may indicate that it is a line used by a child, etc
| - `identityMatchScore`: the overall match score of identity information provided in the request compared to what MNO holds. | |
| - `identityMatchScore`: The overall score of identity information available in the Operator, information either provided in the request body comparing it to the one that the MNO holds or directly using internal MNO's information. It is optional for the Operator to return the Identity match score. | |
|
Hi @GillesInnov35 , @fernandopradocabrillo , Please advise me if the following 'Errors' part is described in the Commonalities API Design Guidelines. I cannot find it by myself... Many thanks, |
| If the network subscription cannot be identified from the provided parameters (e.g. the subscription identifier is not associated with any customer of the CSP), a `404 IDENTIFIER_NOT_FOUND` error is returned. | ||
| If the API consumer has a valid access token but is not authorised to obtain tenure information for the specified network subscription, then a `403 PERMISSION_DENIED` error is returned. |
There was a problem hiding this comment.
I guess here tenure is not related:
| If the API consumer has a valid access token but is not authorised to obtain tenure information for the specified network subscription, then a `403 PERMISSION_DENIED` error is returned. | |
| If the API consumer has a valid access token but is not authorised to obtain age verification information for the specified network subscription, then a `403 PERMISSION_DENIED` error is returned. | |
There was a problem hiding this comment.
hi @rartych , thanks for your comment. You're right it concerns Age Verification and not Tenure. But
if the API consumer has a valid access token but is not authorised to verify the age of the user of the line
WDYT
Gilles
There was a problem hiding this comment.
wdyt?
| If the API consumer has a valid access token but is not authorised to obtain tenure information for the specified network subscription, then a `403 PERMISSION_DENIED` error is returned. | |
| If the API consumer has a valid access token but is not authorised to request an age verification for the specified network subscription, then a `403 PERMISSION_DENIED` error is returned. | |
What type of PR is this?
What this PR does / why we need it:
Which issue(s) this PR fixes:
Special notes for reviewers:
Changelog input
Additional documentation