|Description||Identity Information Access Control: Service Providers should ensure that identity information is only be accessible to authorized entities subject to applicable regulation and policy. Specifically,
(a) an entity (e.g., relying party or requesting party) requesting identity data should be authenticated, and its authorization to obtain the requested information verified before access to the information is provided or the requesting identity data is exchanged.
(b) policy and rules for requesting and exchanging identity data among multiple parties involved (e.g., users, relying party and identity provider) should be clearly defined and enforced.
|Network Type(s)||Cable; Internet/Data; Satellite; Wireless; Wireline|
|Industry Role(s)||Service Provider|
|Keyword(s)||Cyber Security;Encryption;Information Protection;Intrusion Detection;|
|Reference/Comments||ITU-T Y.2720, NGN Identity Management Framework
ITU-T Y.2721, NGN Identity Management Requirements and Use Cases
ATIS-1000035, NGN Identity Management Framework