Service APIs for “IdentityAndConsentManagement” (see [APIBacklog.md](https://github.com/camaraproject/APIBacklog/blob/main/documentation/APIbacklog.md))
Telco operator exposure platforms implementing CAMARA APIs should be built with a privacy-by-default approach to fully comply with data protection regulations, such as the GDPR regulation in Europe, which emphasises on user privacy. These regulations note that some CAMARA APIs may require user consent to be accessed. This forces the operators to provide means and appropriate solutions to capture, store and manage this consent through its lifecycle. Otherwise, the scoped CAMARA APIs cannot be rolled out in production networks. Building such a solution also means bringing in scope the identity of the end user and/or the subscriber (as both could be different) and making sure that end user experience of using the API is not compromised while doing so.
Describe, develop, document and test the APIs (with 1-2 Telcos)
Started: March 2023
At least we should remove these sentences:
Service APIs for “IdentityAndConsentManagement” (see APIBacklog.md)
Describe, develop, document and test the APIs (with 1-2 Telcos)
OIDC, CIBA, OAuth2 "easy" for operators AND clients
Liaison with OpenId Foundation
Operator experience with MobileConnect
....
Scope:
Define profiles of the OIDF and IETF standard for foster interoperability and strengthen security.
Define "purpose"
Define consent management
Recommend to subprojects on how to specify API security in openapi yaml
Define format of everything "identity": device identifiers, X-identifers
Check that we do not extend the scope of ICM over what was approved by TSC. Get TSC approval for the scope text.
The scope section in our README.md does not fit. https://github.com/camaraproject/IdentityAndConsentManagement/?tab=readme-ov-file#scope
Scope
At least we should remove these sentences:
The text between them was inspired from the text in https://github.com/camaraproject/WorkingGroups/blob/main/APIBacklog/documentation/SupportingDocuments/API%20proposals/APIFamilyproposal_Identity%26Consent.md But could be spruced-up, I think.
Topics for an introduction:
Scope: Define profiles of the OIDF and IETF standard for foster interoperability and strengthen security. Define "purpose" Define consent management Recommend to subprojects on how to specify API security in openapi yaml Define format of everything "identity": device identifiers, X-identifers
Check that we do not extend the scope of ICM over what was approved by TSC. Get TSC approval for the scope text.