+### Steps to add a new dependency to the commoncollector
+
+When a dependency to a new specification is introduced in any of the CAPIF specifications, see example below, the following steps should be performed:
+
+For the CAPIF specification "TS29222_CAPIF_Discover_Service_API" a new dependency like the following has been introduced.
+
+ websockNotifConfig:
+ $ref: ✅TS29122_CommonData.yaml#/components/schemas/WebsockNotifConfig✅'
+
+1. Copy the part between the checkboxes of the reference and add it to the `definitions.txt` file. This step is not needed if the type is already defined in the file.
+2. Look in the `generate.sh` script, between the "<replacements_start>" and "<new_replacement>" tags, to see if "TS29122_CommonData"
+ has already been replaced in "TS29222_CAPIF_Discover_Service_API".
+3. If it has not been replaced, add a replacement above the "<new_replacement>" tag by copying and adapting the two rows above the tag.
+
+### Security in CAPIF
+
+The security requirements applicable to all CAPIF entities include providing an authorization mechanism for service APIs from third-party API providers and supporting a common security mechanism for all API implementations to ensure confidentiality and integrity protection.
+
+In the current implementation Keycloak is being used as identity and access management (IAM) solution that provides authentication, authorization, and user management for applications and services. Keycloak provides robust authentication mechanisms, including username/password, two-factor authentication, and client certificate authentication that complies with CAPIF security requirements.
+
+A docker-compose file is included to start up keycloak.
+