Compendium of Legal, Regulatory, and Business Requirements Applicable to Identity Management

From ITUwiki

This Compendium was initially prepared within the Requirements Working Group of ITU-T Focus Group on Identity Management, and represented the first known attempt to identify and structure these requirements. It is being maintained as a "living" compendium by the former Working Group Chair and current editor of the draft standard Requirements for Global Interoperability Management, Rec. X.Idmreq, Tony Rutkowski, mailto:trutkowski@verisign.com

The Compendium includes 36 different requirements grouped into 12 topic areas. Three of the topic areas dealing with national identity systems, identity-related crime, and identity-related international law have been excluded from the ITU-T work, but are included here to complete the compendium.

• Critical Infrastructure protection; National Security/Emergency Preparedness/Emergency Telecommunication Service
  • Public communications and SCADA infrastructure protection
  • Incident Response
  • Priority access during major emergencies
  • Services restoration after major disasters
  • Security related service provisioning constraints

• Public Safety
  • Citizen emergency calls/messages
  • Authority emergency alert messages

• Assistance to lawful authority
  • Lawful Interception
  • Retained data
  • Cybercrime forensics
  • Anonymity or false identity

• Competition requirements
  • Minimizing barriers to market entry; open Identity Services provisioning
  • Avoiding market dominance

• Identifier resource management
  • Identifier/numbering allocation and assignment
  • Administrative requirements
  • Number portability; unbundling

• Consumer needs
  • Delegation; agency
  • Universal service; equitable availability; social good funding and public policy objectives
  • User Privacy and Preventing Unwanted Intrusions
    • DoNotCall; Opt-Out
    • Trusted CallerID
    • Prevention of SPAM
    • Anti-Cyberstalking
    • Anti-Cyberpredators
  • User Privacy and CPNI Protection
    • Use and access controls
    • Transparency
    • Notice
  • User Privacy and Anonymity
  • Prevention of identity theft
  • Revocation/repudiation
  • Disability assistance

• Business needs
  • Network interoperability
  • Intercarrier compensation
  • Roaming
  • Distribution management
  • Preventing and minimizing fraud and identity theft
  • Contracts
  • Risk assumptions and allocation; torts and negligence

• Intellectual Property Protection
  • Digital rights management
  • Protection of privileged or sensitive information

• Juridical
  • Evidence; judicial discovery
  • Conflict of Laws

• National Identity Systems
  • Establishment of identities

• Identity-Related Crime

• Identity-Related International Law