Create wip version of call pre-announcement API#46
Conversation
alpaycetin74
requested review from
DanXu-ChinaTelecom,
Jason-ZTE and
stroncoso-quobis
as code owners
🦙 MegaLinter status: ✅ SUCCESS
See detailed report in MegaLinter reports MegaLinter is graciously provided by |
|
Dear @camaraproject/verified-caller_codeowners , for your review please. Thank you. |
|
@alpaycetin74 , sorry I didn't see your PR I left a comment in PR #43 mine Thanks Cetin |
Rename the resource as a verb. Rename clientId to customerId to avoid confusion with the client_id in auth flows.
Thank you, @GillesInnov35 . I renamed as such. I also changed clientId to customerId. |
|
Could you review this as well, @stroncoso-quobis ? Thank you |
stroncoso-quobis
left a comment
stroncoso-quobis
left a comment
There was a problem hiding this comment.
Couple of comments after the review of #40 and comparing with this one:
- If we approve this PR we will have two YAML files. The discussion is still ongoing as per last meeting notes... My impression is that a single file will help to identify these two functionalities as a whole: registrar and announce. But is just a comment, not a request.
- No GET Action? a GET action could help to clarify how a validation is done for SIP calling... We can separate it as an enhancement on a different PR.
Also, I included of inlne comments about:
- The usage of
customerIdthat I will suggest to improve usingregistrationId - Parameter name
announcementIdrename topreAnnounceId - Resourrece name
pre-anouncerename toregistrations(plural)
Please, @alpaycetin74 , take a look and let me know your impressions. I will review again after your comments.
Best regards,
| - name: Create Pre-announcement | ||
| description: Create a call pre-announcement for a Calling and Called Party | ||
| paths: | ||
| /pre-announce: |
There was a problem hiding this comment.
- Following the same "uniformization" rule: why
pre-anounce(singular) butregistrationsplural? - Should not this be
pre-announces?
There was a problem hiding this comment.
This is the imperative form of the verb, it was a comment by @GillesInnov35 .
My initial proposal was preannouncements (plural noun). I would agree to either option.
| $ref: '#/components/schemas/PhoneNumber' | ||
| timeToLive: | ||
| $ref: '#/components/schemas/TimeToLive' | ||
| customerId: |
There was a problem hiding this comment.
- Not really sure about the usage of
customerIdon the API POST request. Why not userregistrationId, as it is the result of the brand registration API? Also,customerIdis an optional parameter in both request and response. This must be an error. - I get from Start discussion on the Verified Caller API parameters #24 that customerId is an optional parameter for branding, but shouldn't be more secure if we use the response of the registration itself for that purpose?
There was a problem hiding this comment.
I see your point, passing the registration id looks safe and reasonable. And the registration record already points to the clientId if there is one.
@olsi-korkuti any comments here ?
the pre-announcement parameters then would be a number, b number, registration id, ttl
There was a problem hiding this comment.
Hi @alpaycetin74 @stroncoso-quobis
yes I also like the registrationID. But how would it work on those solutions where a carrier (or integrator) does not use the Registration API but prefer to store the numbers via a GUI? I believe in the proposal from China Telecom the Registration API was left out of scope.
We need to make sure that PreAnnouncement API works for all implementations. But we can still call the parameter registrationID which is defined from the Enterprise either manually or as a result of the Registration API, right?!
There was a problem hiding this comment.
well yes, the registrationIdm may have been assigned to the caller as a part of their brand registration which was handled in another process. In any case the parameter should be mandatory as it establishes the basis for the caller's claim to brand a specific call.
In the description we can explain this registrationId may be a the result of the registration api, if used by the service provider or any other process. In the latter case, the service provider is responsible for delivering it to the caller.
| type: object | ||
| description: "Object to represent the creation of a single pre-announcement in the service platform" | ||
| properties: | ||
| announcementId: |
There was a problem hiding this comment.
- Not really sure about the response parameter name
announcementId. As the API POST action resource ispre-announce, shouldn't be more accurate to usepreAnnounceIdas the corresponding identifier parameter (as done withregistrations<->regsitrationId)?
There was a problem hiding this comment.
maybe preAnnouncementId is the best :)
There was a problem hiding this comment.
Hello @alpaycetin74 , announcementId and timeToLive in the Response are not mandatory right?
There was a problem hiding this comment.
Hi @DENGYONG18 that's correct. The response attributes will be optional and could serve as an opportunity for future implementations where Operator/Network vendors could be inject them as a token to the SIP call.
- Aligned parameters due camaraproject#40 merge - Reviewed aggregator role on preannounce - Updated params due camaraproject#46 proposition - General visual and response updated
|
@alpaycetin74 |
|
@alpaycetin74 @GillesInnov35 @stroncoso-quobis @DENGYONG18 Thank you for today's session. I have published the minutes of meetings. https://lf-camaraproject.atlassian.net/wiki/spaces/CAM/pages/156729345/2025-07-03+VerifiedCaller+Minutes Main topic to be reviewed and agreed and merge this PR. Please lets close the format and options for some agreed fields. Pre-Announce Request
Pre-Announce Response
|
sure, I'll do it amongst other changes. |
myunderstanding is this field serves as a dynamic caller id, or sms message text depending on the strategy. And there could be other uses in the future. I'd recommend we rename it to something more generic, e.g. "dynamicInformation" ?
should that be timeToLive (relative value as in the request), or a timestamp (absolute value). Either one is ok for me. |
File extension of verifiedcaller-preaanounce has been changed from .yml to .yaml to avoid linter issues. No change in file content.
|
thanks @olsi-korkuti . I wonder if pre-announceId is a useful information ? From what I read the pre-annouce session is not always saved, and so no id will be generated. Do you know what this identifier could be used ? |
|
Hi @alpaycetin74 ,
🤔 not really sure. I'm in favor to add flexibility, but I would prefer if each field corresponds to a specific purpose. I will keep the easy clear I did not recall the SMS text, we were designing just for the Once said this. I fully open to include an optional --
My vote for an absolute timestamp. Is up to the device to be correctly synchronized with the network time. -- Regarding @GillesInnov35 question
The pre-announce is not always saved? I did not understand it in that way... But, yes, you are right, you can send an SMS, RCS and simply discard the pre-announce information... In that case, of course, this ID won't bring any useful info. My intention was always to have a unique identifier of the pre-announce, store it and use in other contexts, for instance: accounting and token verification of future SIP calls. |
|
oh ok @stroncoso-quobis , I understood the purpose wrong. I'll revert to displayName as before. |
|
Thanks @alpaycetin74 , let me known when you are ready to review and approve. |
|
Ready for review now @olsi-korkuti @stroncoso-quobis @camaraproject/verified-caller_codeowners |
stroncoso-quobis
left a comment
stroncoso-quobis
left a comment
There was a problem hiding this comment.
LGTM!
POST parameters
201 Created response
IMHO it is a really great first version! 🎉
Thanks all for your contributions!
Hi @GillesInnov35, I assume the pre-announcementID wont be used by most of the Telcos due to difficulty of adoption, so in that case they wont need to store it. If the pre-announcement is injected to the SIP Invite headers (not sure if new or an existing field can be used in SIP), then it is used as a token together with calling number and reconciliated with the content in the Pre-Announce API DB. I think a good start for Telcos could be to adopt it for calls where A and B party belong both to them. |
I believe we agreed to only have callingParticipant and registrationId as mandatory. I would make Strategy field optional, because most of the times the Operator will only have one implementation and will apply the default one. |
Are you ok with converting strategy to optional, @stroncoso-quobis ? |
|
@DENGYONG18 Could you also review this PR and #46 (comment) and let us know if this aligns also with the China Telecom proposal and implementation? In the previous proposal and the documentation/API_documentation/Verified Caller API Introduction.pptx the below parameters were suggested: I believe with the parameters we're agreeing today, I understand the implementation to brand via SMS is also supported.
I understand that we are missing the Callbackurl string, but we can all work together on a version 2, to adopt the same. Please review and let us know if we can unify everything under the same path /pre-announce: instead of using proprietary /smssend. If you disagree then a second path could be added for version 2 of the API. Thank you! |
Yes, I think that this is a first iteration. And the telco will use the default strategy on their backend. For next releases, we can include a response
Keeping it optional now is a way to speed up things, and in the very end, it does not require being mandatory, as far as the user and the telco are agreed in what is the "default" behavior. We have time to decide in the future 👍 |
|
Thank you, I'll make it optional in the submission to the release candidate PR. |
|
hello @ALL , I see that registrationId is mandatory. Perhaps I haven't read all discussions concerning this field, I'm sorry. But in my opinion this parameter should be optional. In some cases an API consumer won't start with a registration creation by the API but by another way. It means that in some cases the id won't be known by the consumer. WDYT ? |
|
Hi @GillesInnov35 , We discussed it last meeting, but at the very end, maybe you left already... The main idea is to have a pre-register validation field, at least, one. The main discussion was to use
If not, how are you going to verify?, you don't have a pre-registration, you neither have a token, neither a limit on the TTL, neither a b-numer. You are simple saying that "a caller is calling", and in that case, why even bother to use this API? Simply use an SMS API, or send RCS APIs or simple call and hope for the best. My thought is that we need to put a limit somewhere, and a mandatory previous registration won't hurt, even if you decide to do your own pre-registration out of the CAMARA APIs. And remember that this is a first iteration, we can keep discussing this point on a dedicated issue. Best regards to all. |
|
hi @stroncoso-quobis , thanks for your comment. I'm sorry I had to leave the last meeting before the end. I understand your answer. |
Hi @GillesInnov35, |
@GillesInnov35 as one of the actions of last Meeting was to propose you to become a codeowner can you please follow the same steps as we did with Cetin, by creating an issue then a PR for it like below? |
|
yes sure, thanks @olsi-korkuti |
|
@olsi-korkuti , thanks a lot for your answer. I understand your meaning.
In my opinion mandatory is an impactful decision for the backend service because it couldn't be managed as an optional field if it has been declared as mandatory in the swagger file. It will also impact for example GSMA certification tests which are developped and based on CAMARA specifications. |
|
@hdamker, may I ask you to create a PR link to issue #50 as it has been done for @alpaycetin74 #50. It has been approved during last meeting . |
See #50 (comment) ... I won't do the PR (as I then won't be able to approve it anymore). |
Hi @GillesInnov35 @stroncoso-quobis @DENGYONG18 @alpaycetin74 @camaraproject/verified-caller_codeowners I have discussed thoroughly with the VF Product team (who are in liaison with VF Privacy, Regulation and other MNOs Product teams). After careful consideration and keeping in mind the adoption of this API I agree with this change. If through this API we somehow "enable" the fraudsters to brand spoofed calls that has consequences for the MNOs. 1- Banks can place thousands of calls a day from the same A-number, so they are practically at all times on call and the announcements are always active. 2- The same is valid for the usage of the Registration ID. As long as it is not sent via SIP INVITE header it is useless. The same Fraudster in usecase above all they have to do is try calling within that TTL interval. Regarding Privacy concern in each country, I think that is sensitive to only when 3rd parties are in the Pre-announce call flow who are not intended to "see" the B-number. That solution should stay out of scope of this Fall release. Afterall the Bank can decide to consume the API without a 3rd party. We can think of improving that later with some pseudonymization. Apologies for the forth and back on this topic. Please respond if you agree to make B-number mandatory and for convenience as per Gilles' proposal we can make registrationID optional, because with A-number, B-number and TTL the solution would be rock solid. . |
|
hi @olsi-korkuti , that is the first proposal I supported. Many Thanks |
Those are good questions. I think the simplest way, this will be solved contractually via legal teams where the 3rd parties should not persist the B numbers or use for any other purpose. The other option, the Enterprise/Brand (API consumer) could call a Phone Lookup API to discover the owner of B-number and pre-announce the call directly to the Branding platform owned by the MNO. This could be to circumvent the 3rd party in those countries where privacy rules are strict. Regarding monetisation, generally the service is charged per branded call and not per number of pre-announcements. Pre-announcements are only enablers to secure the call before branding it. If the calls fail to be branded they should not be charged. The Branding Platform (MNO) would charge the party they have a contract with (the brand or the reseller/aggregator). |
|
Hi team, I don't agree, but I understand the situation, and if we have a majority that supports this change, I will abide by it without problems, the idea is to move in the right direction. But the more we argue, the more sense it makes me a service discriminator, to be clear what you are getting in return for your The Best regards, |
7 participants
What type of PR is this?
What this PR does / why we need it:
To establish the API Signature for the Verified Caller Call Pre-Announcement API
Which issue(s) this PR fixes:
Fixes #24
Special notes for reviewers:
.
Changelog input
.
Additional documentation