Versions Compared

Old Version 34

changes.mady.by.user Mark Lizar

Saved on

compared with

New Version 35

changes.mady.by.user Mark Lizar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • this specification is used to extend the ANCR Record Specification into a Controller Credential using DiD for the generation of verifiable credentials, micro-credentials and micro-consent tokens.
    • this specification has 3 key objectives 
      1. Addressing a Critical digital trust security flaw - digital security defaults for iDm systems (common baseline)
        1. Address Key Cyber Security and Data gov Liability Issues 
          1. Who control’s, how much control, 
          2. Who benefits, how they benefit  
        2. Who’s in controls cred
        3. Adding x Fields 
      2. Update on ANCR Record to make a Controller credential that embeds all the required transparency / security data into notice, notification and disclosures
        1. Utilizes did’s and VC for controller credential identifier’s
          1. Adding identifiers - did field
          Blinding identity 
          1. adding other fields types
          2. accountable person + 
      3. Scale International data gov framework for consent  online to SSI /ToiP with eConsentto extend ISO framework to the  SSI /ToiP governance framework,
        1. Semantic Mapping 
        2.  eConsent
          1. mapping authoritative data governance roles and human control semantics to the functional roles and semantics of the ToiP governance framework. 
      4. Annex Assessment 
        1. Assessing the transparency of an identifier / SSI implementation 
          1. how many parties is the identifier shared with ? 
      5. Annex Interop -Mapping


DeCon for SSI: 

    • This document aims to bridge the ISO/IEC 29100  (formalized international security and privacy framework standard that is free) with ISO/IEC  27002 (formalized information security controls)  to the trust over IP governance framework.
    • The method is
      • to specify the extension of  notice records and consent receipts into micro-credentials with  DiD's to generate electronic eNotice and eConsent receipts utilizing ToiP Governance Framework ecosystem. 
    • The controller credential is an extension of the Kantara Initiative, ANCR Notice Record specification, and apart of the  eNotice record and eConsent receipt information structure used for the AuthC (authorization default) Protocol.
  • to get access to the current draft - please join a work group call and request it. 

...

  1. Controller Type[Ctype]:  
    1. Notice Controller,  
    2. PII notice controller,  
    3. PII controller,    
    4. PII surveillance controller , (info not provided by PII Principle) 
    5. [Ctype] controller operator, 
  2. Accountable Person Type

Security Considerations

...