rartych · rartych · Aug 8, 2025 · Sep 3, 2025 · Sep 3, 2025 · Sep 3, 2025
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,7 @@
 # Changelog Commonalities
 
 ## Table of Contents
+- **[r3.4](#r34)**
 - **[r3.3](#r33)**
 - **[r3.2](#r32)**
 - **[r3.1](#r31)**
@@ -15,6 +16,26 @@
 - **[v0.2.0](#v020)**
 - **[v0.1.0 - Initial version](#v010---initial-version)**
 
+# r3.4
+## Release Notes
+
+This release contains Commonalities version 0.6.1, a patch release from [r3.3](#r33).
+* Commonalities approved deliverables in **[documentation](https://github.com/camaraproject/Commonalities/tree/r3.4/documentation)** folder.
+* Commonalities approved artifacts in **[artifacts](https://github.com/camaraproject/Commonalities/tree/r3.4/artifacts)** folder.
+
+**The relevant details of authentication and consent collection are covered by [release 3.3](https://github.com/camaraproject/IdentityAndConsentManagement/releases) of Identity and Consent Management Working Group documents.**
+
+### Fixed
+* ErrorInfo schema properties order in template files aligned to [CAMARA API Design Guide](/documentation/CAMARA-API-Design-Guide.md) by @PedroDiez in https://github.com/camaraproject/Commonalities/pull/517
+* Fixed typo in [Gherkin Device Errors Template](/artifacts/testing/C01-device-errors.feature) by @PedroDiez in https://github.com/camaraproject/Commonalities/pull/523
+* Fixed link and description of `SubscriptionId` in  event-subscription-template.yaml by @rartych in https://github.com/camaraproject/Commonalities/pull/536
+* Changed networkAccessIdentifier and notification server example to use `example.com` by @Kevsy in https://github.com/camaraproject/Commonalities/pull/530
+
+### Removed
+* Removed "Hashing Passwords" subsection from  CAMARA API Design Guide by @AxelNennker in https://github.com/camaraproject/Commonalities/pull/511
+
+**Full Changelog**: https://github.com/camaraproject/Commonalities/compare/r3.3...r3.4
+
 # r3.3
 ## Release Notes
 

@@ -42,7 +42,7 @@ NOTE: Guidelines for Release Management of API versions, e.g. the API-Readiness-
 
 
 ## Status and released versions
-* Version 0.6.0 of guidelines and assets for Fall25 meta-release of CAMARA APIs is available with the [r3.3 tag](https://github.com/camaraproject/Commonalities/tree/r3.3)
+* Version 0.6.1 of guidelines and assets for Fall25 meta-release of CAMARA APIs is available with the [r3.4 tag](https://github.com/camaraproject/Commonalities/releases/tag/r3.4)
 * Previous releases and pre-releases are available in https://github.com/camaraproject/Commonalities/releases
 
 For changes see [CHANGELOG.md](https://github.com/camaraproject/Commonalities/blob/main/CHANGELOG.md).

@@ -5,7 +5,7 @@ info:
   license:
     name: Apache 2.0
     url: https://www.apache.org/licenses/LICENSE-2.0.html
-  version: wip
+  version:  wip
   x-camara-commonalities: 0.6
 
 paths: {}
@@ -100,7 +100,7 @@ components:
     NetworkAccessIdentifier:
       description: A public identifier addressing a subscription in a mobile network. In 3GPP terminology, it corresponds to the GPSI formatted with the External Identifier ({Local Identifier}@{Domain Identifier}). Unlike the telephone number, the network access identifier is not subjected to portability ruling in force, and is individually managed by each operator.
       type: string
-      example: "123456789@domain.com"
+      example: "123456789@example.com"
 
     DeviceIpv4Addr:
       type: object
@@ -795,3 +795,5 @@ components:
                 status: 504
                 code: TIMEOUT
                 message: Request timeout exceeded.
+
+
@@ -552,7 +552,7 @@ components:
 
     SubscriptionId:
       type: string
-      description: The unique identifier of the subscription in the scope of the subscription manager. When this information is contained within an event notification, this concept SHALL be referred as `subscriptionId` as per [Commonalities Event Notification Model](/documentation/API-design-guidelines.md#122-event-notification).
+      description: The unique identifier of the subscription in the scope of the subscription manager. When this information is contained within an event notification, it SHALL be referred to as `subscriptionId` as per the Commonalities Event Notification Model.
       example: qs15-h556-rt89-1298
 
     CloudEvent:
@@ -609,7 +609,7 @@ components:
         - Application-specific identifier:
           * /cloudevents/spec/pull/123
           * 1-555-123-4567
-      example: "https://notificationSendServer12.supertelco.com"
+      example: "https://notificationSendServer12.example.com"
 
     DateTime:
       type: string

@@ -43,7 +43,7 @@ info:
   license:
     name: Apache 2.0
     url: https://www.apache.org/licenses/LICENSE-2.0.html
-  version: wip
+  version:  wip
 externalDocs:
   description: Product documentation at CAMARA
   url: https://github.com/camaraproject/Commonalities
@@ -153,7 +153,7 @@ components:
         - Application-specific identifier:
           * /cloudevents/spec/pull/123
           * 1-555-123-4567
-      example: "https://notificationSendServer12.supertelco.com"
+      example: "https://notificationSendServer12.example.com"
 
     CloudEvent:
       description: The notification callback
@@ -333,7 +333,7 @@ components:
     QOS_STATUS_CHANGED_EXAMPLE:
       value:
         id: "123e4567-e89b-12d3-a456-426655440000"
-        source: "https://notificationSendServer12.supertelco.com"
+        source: "https://notificationSendServer12.example.com"
         type: "org.camaraproject.quality-on-demand.v0.qos-status-changed"
         specversion: "1.0"
         time: "2023-01-17T13:18:23.682Z"

@@ -318,8 +318,8 @@ In the following, we elaborate on the existing client errors. In particular, we
 
 **Mandatory Errors** to be **documented in CAMARA API Spec YAML** are the following:
 
-- For event subscriptions APIs, the ones defined in Event Subscription section of [CAMARA API Event Subscription and Notification Guide](/documentation/CAMARA-API-Event-Subscription-and-Notification.md)
-- For event notifications flow, the ones defined in Event Notification section of [CAMARA API Event Subscription and Notification Guide](/documentation/CAMARA-API-Event-Subscription-and-Notification.md)
+- For event subscriptions APIs, the ones defined in Event Subscription section of [CAMARA API Event Subscription and Notification Guide](/documentation/CAMARA-API-Event-Subscription-and-Notification-Guide.md)
+- For event notifications flow, the ones defined in Event Notification section of [CAMARA API Event Subscription and Notification Guide](/documentation/CAMARA-API-Event-Subscription-and-Notification-Guide.md)
 - For the rest of APIs:
   - Error status 401
   - Error status 403
@@ -938,10 +938,6 @@ In the API response, provide relevant error message.
 Usernames, passwords, session tokens, and API keys SHOULD NOT appear in the URL, as this can be captured in web server logs, making them easily exploitable.
 See section [6.5. POST or GET for transferring sensitive or complex data](#65-post-or-get-for-transferring-sensitive-or-complex-data).
 
-5. **Hashing passwords**.
-
-   Passwords SHOULD never be transmitted in API bodies; however, if it becomes absolutely necessary, they MUST be hashed to protect the system and minimize potential damage in the event of a compromise. Utilizing strong hashing algorithms is crucial for password security. Effective options include Argon2, PBKDF2, bcrypt, and scrypt, which are designed to securely hash passwords and withstand various attack vectors.
-
 For further guidance, please refer to the [OWASP API Security Project](https://owasp.org/www-project-api-security/). This resource offers comprehensive insights and best practices for securing APIs against common vulnerabilities and threats.
 
 ### 6.2. Security Definition

@@ -508,7 +508,7 @@ curl -X 'POST' \
  ```json
 {
   "id": 123654,
-  "source": "https://notificationSendServer12.supertelco.com",
+  "source": "https://notificationSendServer12.example.com",
   "type": "org.camaraproject.device-roaming-subscriptions.v1.roaming-status",
   "specversion": "1.0",
   "datacontenttype": "application/json",
@@ -545,7 +545,7 @@ curl -X 'POST' \
  ```json
 {
   "id": 123658,
-  "source": "https://notificationSendServer12.supertelco.com",
+  "source": "https://notificationSendServer12.example.com",
   "type": "org.camaraproject.api.device-roaming-subscriptions.v1.subscription-ended",
   "specversion": "1.0",
   "datacontenttype": "application/json",