Update ProjectStructureAndRoles.md - Add ICM WG #157
Conversation
MarkusKuemmerle
requested review from
hdamker,
eric-murray and
bigludo7
as code owners
|
@camaraproject/identity-and-consent-management_codeowners Would you please have a short view on this PR? |
| **Identity and Consent Management** | ||
|
|
||
| In the Identity and Consent Management Working Group solutions are defined and developed to identify users/subscribers, to capture, store and manage user consent, and to make sure that end user experience of using the API is not compromised. | ||
|
|
There was a problem hiding this comment.
I assume that the Working Group “Identity and Consent Management” (as Commonalities) also works under the supervision of the TSC.
On the other hand, as Commonalities, all subprojects must be consistent (comply) with the work of the Identity and Consent Management Working Group.
Finally, we can also mention the ICM work around API access definitions and the Security and Interoperability Profile, which includes CAMARA definitions for AuthN/AuthZ flows.
These are just suggestions :)
ProjectStructureAndRoles.md
Outdated
| **Identity and Consent Management** | ||
|
|
||
| In the Identity and Consent Management Working Group solutions are defined and developed to identify users/subscribers, to capture, store and manage user consent, and to make sure that end user experience of using the API is not compromised. | ||
|
|
There was a problem hiding this comment.
| **Identity and Consent Management** | |
| In the Identity and Consent Management Working Group solutions are defined and developed to identify users/subscribers, to capture, store and manage user consent, and to make sure that end user experience of using the API is not compromised. | |
| **Identity and Consent Management** | |
| The Identity and Consent Management Working Group, operating under the supervision of the Technical Steering Committee (TSC), focuses on defining and developing comprehensive solutions for user/subscriber identification, consent capture, storage, and management. These solutions ensure that user experience with the API remains seamless and uncompromised. | |
| All Sub Projects must comply with the work in the "Identity and Consent Management" Working Group. The Working Group's efforts include defining API access parameters and developing the Security and Interoperability Profile, which encompasses CAMARA definitions for authentication and authorization (AuthN/AuthZ) flows. |
Does this look good? Please feel free to change anything you like.
There was a problem hiding this comment.
Fair point to express the same level of governance and compliance for Identity and Consent Management.
Small changes in my proposal below:
- I haven't understood what is meant with "defining API access parameters" so I left it out.
- Proposal to not start a new explanation after the sentence "All Sub Projects must comply with the work in the Identity and Consent Management Working Group."
- replaced "uncompromised" (which my syntax check does not like) with "protected".
| **Identity and Consent Management** | |
| In the Identity and Consent Management Working Group solutions are defined and developed to identify users/subscribers, to capture, store and manage user consent, and to make sure that end user experience of using the API is not compromised. | |
| **Identity and Consent Management** | |
| The Identity and Consent Management Working Group, operating under the supervision of the Technical Steering Committee (TSC), focuses on defining and developing comprehensive solutions for user/subscriber identification, consent capture, storage, and management. These solutions ensure that user experience with the API remains seamless and protected. | |
| The Working Group's efforts include developing the Security and Interoperability Profile, which encompasses CAMARA definitions for authentication and authorization (AuthN/AuthZ) flows. | |
| All Sub Projects must comply with the work in the Identity and Consent Management Working Group. |
There was a problem hiding this comment.
I do not want it to be too complicated but usually there is no "user identification".
Telcos do identify the subscriber but we do not identify the user. At least not what commonly is understood as the "user".
Also, I would rephrase making it clearer that "storage, and management" are related to consent.
The Identity and Consent Management Working Group, operating under the supervision of the Technical Steering Committee (TSC), focuses on defining and developing privacy-first solutions for subscriber identification, and user authentication, and the purpose of the API access, and user consent capture, storage, and management. These solutions ensure that the API access is always authorized and secure.
That got somewhat lengthy...
Co-authored-by: Axel Nennker <[email protected]>
What type of PR is this?
What this PR does / why we need it:
Which issue(s) this PR fixes:
Fixes #147
Special notes for reviewers:
Additional documentation