Operational Design Assessment: Difference between revisions

Jessica (talk | contribs)
Jessica (talk | contribs)
Line 10: Line 10:
# getting ready for operation: ICANN org outsources non-governmental identity, affiliation, and representation verification to a Central Accreditation Authority (Central AA), which uses government-issued identification to certify affiliation or representation. Governmental users are verified by their country or territory’s designated Accreditation Authority (AA).
# getting ready for operation: ICANN org outsources non-governmental identity, affiliation, and representation verification to a Central Accreditation Authority (Central AA), which uses government-issued identification to certify affiliation or representation. Governmental users are verified by their country or territory’s designated Accreditation Authority (AA).
# Timeline to develop and implement: 5 to 6 years.
# Timeline to develop and implement: 5 to 6 years.
# How the SSAD would operate: (Either ICANN-designated central or government-designated) AAs are the only point of contact with SSAD for gTLD registration data requestors. Next, the AAs relay the requests through the automated Central Gateway, which routes them to the appropriate [[Contracted Party]] for review and consideration. Then disclosure is approved or denied, and the requestor is permitted to query the data from the Contracted Parties’ Registration Data Access Protocol ([[RDAP]]) service.
# How the SSAD would operate: (Either ICANN-designated central or government-designated) AAs are the only point of contact with SSAD for gTLD registration data requestors. Next, the AAs relay the requests through the automated Central Gateway, which routes them to the appropriate [[CPH|Contracted Party]] for review and consideration. Then disclosure is approved or denied, and the requestor is permitted to query the data from the Contracted Parties’ Registration Data Access Protocol ([[RDAP]]) service.
# Systems and tools needed: Central AA and Central Gateway System to be outsourced. ICANN.org website, ICANN’s RDAP client (lookup.icann.org), and the Naming Services portal (NSp) will need enhancements.
# Systems and tools needed: Central AA and Central Gateway System to be outsourced. [https://www.icann.org/ ICANN.org], [https://lookup.icann.org/ ICANN’s RDAP client], and the [https://www.icann.org/resources/pages/nsp-registry-operators-2020-08-04-en Naming Services portal (NSp)] need enhancements.
# Vendors and third parties needed: a Central Gateway Manager, a Central AA, an independent auditor, an SSAD Misuse Investigator, system development, customer service, and public relations firm for an awareness campaign.
# Vendors and third parties needed: a Central Gateway Manager, a Central AA, an independent auditor, an SSAD Misuse Investigator, system development, customer service, and public relations firm for an awareness campaign.
# Resources and staffing: outsourced and [[:Category:ICANN Staff|ICANN personnel]] required.
# Resources and staffing: outsourced and [[:Category:ICANN Staff|ICANN personnel]] required.
# Costs: 20 to 27 million USD to develop and 14 to 106 million USD to run.
# Costs: 20 to 27 million USD to develop and 14 to 106 million USD to run.
# Fee Structure: should allow for a five-year payback period.
# Fee Structure: should allow for a five-year payback period.
# Risks include: maintaining compliance with evolving data protection laws, attractive target to online criminals, over complexity, financial unsustainability due to uncertain demand; reputational risks to ICANN.
# Risks include: maintaining compliance with evolving [[data Privacy|data protection]] laws, such as the [[GDPR]], attractive target to [[cybercrime|online criminals], complexity, financial unsustainability due to uncertain demand, and reputational risks to ICANN.
# [[Global Public Interest]]: SSAD appears to be in the public's interest but more feedback is needed.
# [[Global Public Interest]]: SSAD appears to be in the public's interest but more feedback is needed.
# [[Contractual Compliance]: needs to develop processes and procedures to investigate complaints and make interventions.  
# [[Contractual Compliance]]: needs to develop processes and procedures to investigate complaints and make interventions.  
# Audits: will be based on compliance with established accreditation policies and procedures posted via the Central Gateway.
# Audits: will be based on compliance with established accreditation policies and procedures posted via the Central Gateway.