System for Standardized Access/Disclosure: Difference between revisions
No edit summary |
|||
Line 18: | Line 18: | ||
==SSAD Components== | ==SSAD Components== | ||
= | [[ICANN Organization]] gave an update on the SSAD's key components in November 2021.<ref>[https://www.icann.org/en/system/files/files/presentation-ssad-odp-project-update-18nov21-en.pdf SSAD ODP Update Presentation, Nov 2021, ICANN]</ref> | ||
{| class=wikitable | |||
! Actors !! Subcategories !! Roles !! Subsystems !! Requests | |||
|- | |||
| Data disclosure requestors || natural and legal persons || * submits the data disclosure request <br/> * To be accredited and periodically renewed by the accreditation authority in order to submit data disclosure requests and for verification of requestor identity <br/> * Manages authentication details, such as supported electronic IDs (eID) and SSAD-specific identity credentials || [[RDAP]] clients || can be for:<br/>* Specific domain names<br/>* non-public fields (RFC 8982 - RDAP partial response)<br/> * Supporting documentation; <br/> * Verified requestor identity (name, organization, country/territory);<br/> * Verified requestor declarations;<br/> * Confidentiality classification <br/> need to include purpose and legal basis <br/> priority:<br/> * Urgent<br/> * ICANN administrative proceedings | |||
|- | |||
|| || Governments and IGOs || * submits the data disclosure request <br/> * submits the data disclosure request <br/> * To be accredited and periodically renewed by the accreditation authority in order to submit data disclosure requests and for verification of requestor identity <br/> * Manages authentication details, such as supported electronic IDs (eID) and SSAD-specific identity credentials || || || | |||
|- | |||
| Accreditation Authorities || Central Accreditation Authority || * validates request and relays to the central gateway;<br/> * vendor contracted to develop and operate the system that acts as the sole interface with SSAD requestors for verifying requestor identity, managing disclosure requests, authenticating requestors on behalf of the central gateway and contracted parties;<br/> * notifies requestor;<br/> * Manage billing process for requestors;<br/> * Transfer request-processing fees to the central gateway;<br/> * delegate some functions to “identity providers” in English;<br/> * support verifying requestor declarations of trademark ownership;<br/> * billing for accreditation/Identity verification, requestor declaration verification, and disclosure request processing; <br/> * support federated authentication of requestors using OpenID Connect || * Web portal<br/> *API || | |||
|- | |||
|| ||Country/territory governmental accreditation authorities || * designated by country/territory government to Implement the same interfaces as the central accreditation;<br/> * notifies requestor;<br/> * integrate with the central gateway and contracted parties in their chosen languages;<br/> * support the verification of declarations for requests processed automatically (as described in Recommendations 9.4.1 and 9.4.2); <br/> * billing for accreditation/Identity verification, requestor declaration verification, and disclosure request processing; <br/> * support federated authentication of requestors using OpenID Connect || || || | |||
|- | |||
| Central Gateway || ||* verifies criteria for automated processing (Rec. 9.4);<br/> * notifies contracted parties via email and poll message through the API;<br/> * relays determination to accreditation authority;<br/> * vendor contracted to develop and operate the system;<br/> * can implement a recommendation engine for contracted parties on whether to approve or deny disclosure requests || * Web portal<br/> *API || || | |||
|- | |||
| Abuse Investigator || ||* vendor contracted to investigate abuse;<br/> * Monitors standard operation metrics, requestor compliance with SSAD terms of service <br/> * verifies abuse reports contracted parties and data subjects/public<br/> * Provides requestors’ redress mechanism (rec. 13.1.3) || || || | |||
|- | |||
| Contracted parties || [[Registries]] || * (secondary) reviews the request and communicates determination back to the central gateway;<br/> * may opt out/request an exemption for automated processing of any specific category of disclosure requests from recommendation 9.4;<br/> * the sole authorizers of data disclosure requests directed at them || [[RDAP]] service || | |||
|- | |||
|| ||ICANN-accredited [[registrars]] || * (primary) reviews the request and communicates determination back to the central gateway;<br/> * may opt out/request an exemption for automated processing of any specific category of disclosure requests from recommendation 9.4;<br/> * the sole authorizers of data disclosure requests directed at them || [[RDAP]] service || || | |||
|- | |||
| Auditors || || * vendor contracted to audit system || || || | |||
|- | |||
| [[ICANN Community|Data subjects]] || || || || | |||
|- | |||
| [[ICANN Organization|ICANN org]] || || Publishes on a quarterly basis a summary of the: * Number of disclosure requests received, Approved/Denied, Automated/Manual<br/> * Third-Party purposes/justifications<br/> * Per priority level with average response times<br/> * Information about the financial sustainability of SSAD<br/> * New EDPB guidance or new topical jurisprudence <br/> * Technical or system difficulties<br/> * Operational and system enhancements <br/> * [[Contractual Compliance]] is responsible for the investigation of: Contracted parties’ potential abusive behavior in SSAD and<br/> Escalating non-compliance with SLA || * icann.org portal<br/> * NSp || || | |||
|} |