Update the Scope-section in ICM README.md

[AxelNennker]

The scope section in our README.md does not fit. https://github.com/camaraproject/IdentityAndConsentManagement/?tab=readme-ov-file#scope

---

Scope

Service APIs for “IdentityAndConsentManagement” (see [APIBacklog.md](https://github.com/camaraproject/APIBacklog/blob/main/documentation/APIbacklog.md))
Telco operator exposure platforms implementing CAMARA APIs should be built with a privacy-by-default approach to fully comply with data protection regulations, such as the GDPR regulation in Europe, which emphasises on user privacy. These regulations note that some CAMARA APIs may require user consent to be accessed. This forces the operators to provide means and appropriate solutions to capture, store and manage this consent through its lifecycle. Otherwise, the scoped CAMARA APIs cannot be rolled out in production networks. Building such a solution also means bringing in scope the identity of the end user and/or the subscriber (as both could be different) and making sure that end user experience of using the API is not compromised while doing so.
Describe, develop, document and test the APIs (with 1-2 Telcos)
Started: March 2023

---

At least we should remove these sentences:

• Service APIs for “IdentityAndConsentManagement” (see APIBacklog.md)
• Describe, develop, document and test the APIs (with 1-2 Telcos)

The text between them was inspired from the text in https://github.com/camaraproject/WorkingGroups/blob/main/APIBacklog/documentation/SupportingDocuments/API%20proposals/APIFamilyproposal_Identity%26Consent.md But could be spruced-up, I think.

Topics for an introduction:

• No business without access control (which client has access to which API for which user/subscriber)
• No business without following privacy-regulation. GDPR - user consent
• No business without security
• OpenId Connect, CIBA, OAuth2 are THE standards for API security, privacy and consent.
• Many OIDF certified implementations of (open source) Identity Providers and client libraries https://openid.net/developers/certified-openid-connect-implementations/
• OIDC, CIBA, OAuth2 "easy" for operators AND clients
• Liaison with OpenId Foundation
• Operator experience with MobileConnect
• ....

Scope: Define profiles of the OIDF and IETF standard for foster interoperability and strengthen security. Define "purpose" Define consent management Recommend to subprojects on how to specify API security in openapi yaml Define format of everything "identity": device identifiers, X-identifers

Check that we do not extend the scope of ICM over what was approved by TSC. Get TSC approval for the scope text.