...
- this specification is used to extend the ANCR Record Specification into a Controller Credential using DiD for the generation of verifiable credentials, micro-credentials and micro-consent tokens.
- this specification has 3 key objectives
- Addressing a Critical digital trust security flaw - digital security defaults for iDm systems (common baseline)
- Address Key Cyber Security and Data gov Liability Issues
- Who control’s, how much control,
- Who benefits, how they benefit
- Who’s in controls cred
- Adding x Fields
- Address Key Cyber Security and Data gov Liability Issues
- Update on ANCR Record to make a Controller credential that embeds all the required transparency / security data into notice, notification and disclosures
- Utilizes did’s and VC for controller credential identifier’s
- Adding identifiers - did field
- adding other fields types
- accountable person +
- Utilizes did’s and VC for controller credential identifier’s
- Scale International data gov framework for consent online to SSI /ToiP with eConsentto extend ISO framework to the SSI /ToiP governance framework,
- Semantic Mapping
- eConsent
- mapping authoritative data governance roles and human control semantics to the functional roles and semantics of the ToiP governance framework.
- Annex Assessment
- Assessing the transparency of an identifier / SSI implementation
- how many parties is the identifier shared with ?
- Assessing the transparency of an identifier / SSI implementation
- Annex Interop -Mapping
- Addressing a Critical digital trust security flaw - digital security defaults for iDm systems (common baseline)
- this specification has 3 key objectives
DeCon for SSI:
- This document aims to bridge the ISO/IEC 29100 (formalized international security and privacy framework standard that is free) with ISO/IEC 27002 (formalized information security controls) to the trust over IP governance framework.
- The method is
- to specify the extension of notice records and consent receipts into micro-credentials with DiD's to generate electronic eNotice and eConsent receipts utilizing ToiP Governance Framework ecosystem.
- The controller credential is an extension of the Kantara Initiative, ANCR Notice Record specification, and apart of the eNotice record and eConsent receipt information structure used for the AuthC (authorization default) Protocol.
- to get access to the current draft - please join a work group call and request it.
...
- Controller Type[Ctype]:
- Notice Controller,
- PII notice controller,
- PII controller,
- PII surveillance controller , (info not provided by PII Principle)
- [Ctype] controller operator,
- Accountable Person Type
Security Considerations
...