Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

APIproposal_IdentityAndConsentManagement_Cellcard #167

Open
prasadcj opened this issue Jan 11, 2025 · 2 comments · May be fixed by #166
Open

APIproposal_IdentityAndConsentManagement_Cellcard #167

prasadcj opened this issue Jan 11, 2025 · 2 comments · May be fixed by #166
Labels
API Proposal

Comments

@prasadcj
Copy link

Problem description
The use case behind this is that the Cambodian government wants to securely query SIM profie from each mobile operator. To achieve this, they have requested all operators to provide APIs for secure data access.

Possible evolution
The current API query used to retrieve a subscriber's SIM profile exposes specific personal and technical information associated with a mobile subscriber's account. This includes sensitive data such as the subscriber's name, date of birth, ID card details, and SIM status. While this information is essential for identity verification, service eligibility checks, and account management, the exposure of such sensitive data raises significant concerns about data privacy and security, necessitating stringent controls and safeguards to mitigate potential risks.

Alternative solution
We are a Cambodian mobile service provider called Cellcard. We have developed this API and plan to publish it under the CMARA project. This initiative aims to establish a common API standard that all mobile communication providers can adopt for similar use cases, promoting consistency, interoperability, and operational efficiency across the industry.
Additionally, we had a meeting with GSMA, where they suggested we make a proposal to the CAMARA EKYC project, as this API aligns more closely with EKYC-related initiatives

Additional context
Please find the full API Documentation URL : https://drive.google.com/file/d/1zDhR9Ca13O_zyuHGnXNY3bmdwnU2R1L4/view?usp=sharing.
@prasadcj prasadcj added the enhancement New feature or request label Jan 11, 2025
@prasadcj prasadcj changed the title Secure SIM Profile Query API APIproposal_IdentityAndConsentManagement_Cellcard Jan 15, 2025
@jgarciahospital jgarciahospital linked a pull request Jan 21, 2025 that will close this issue
Open
@jgarciahospital jgarciahospital added API Proposal and removed enhancement New feature or request labels Jan 21, 2025
@hdamker
Copy link
Collaborator

hdamker commented Jan 22, 2025

Looking on the provided documentation, I have the impression that the name of the proposal is misleading. The functionality is actually very similar to kyc-fill-in, looking on the request (phoneNumer) and response parameter in the document on Google Drive. For sure, this are privacy sensitive information and the therefore the mechanisms defined in IdentityAndConsentManagement are relevant here to protect the API.

BTW: is my understanding correct that providing the access to this API is required by law?

@jgarciahospital
Copy link
Collaborator

Agree with Herbert's comment, API seems very similar to current CAMARA KYC Fill-in API and not so related to proposal title of Identity&Consent.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
API Proposal
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Create APIproposal_IdentityAndConsentManagement_Cellcard.md pcjayasinghe/APIBacklog
3 participants
@hdamker @jgarciahospital @prasadcj