Versions Compared

Old Version 36

changes.mady.by.user Mark Lizar

Saved on

compared with

New Version 37

changes.mady.by.user Mark Lizar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This specification for a controller credential is required to operationalize the electronic notice and eConsent framework.   This specification distinguishes between what is referred to as consent by services online, with eConsent, which is a digital version of consent for use by digital identity systems to enable self-sovereign identity governance to scale from the physical world to the digital world. 

Today what is called consent online is a capture of a consent preference as permission with the use of a contract or licensee agreement (terms of use).  And is regulated with a privacy policy for this contract. 

In this electronic architecture data governance policy is implemented with privacy law and then made scalable with contracts and terms and conditions.  This is made possible by updating standardizing the required privacy controller information and its presentation, to include the accountable person and how the credential is linked, presented, recorded, shared, logged and stored.  

Mission: " a public utility register for human centric transparency, identifier control and trust" 

The controller credential is for implementing decentralized identity control transparency.  Public utility for  data governance used for automating personal data control transparency.

Mission: "towards a public utility for human centric transparency and data control " 

(Note to Reader) This specification is a work in progress and is being updated week of July 4th, 

Scope 

This specification is extends the ANCR Record Specification into a Controller Credential and has  3 key objectives 

  1. Addressing a Critical digital trust security flaw as identified in the ANCR Notice Record.
    1. digital security defaults for iDm systems (common baseline)
      1. Address Key Cyber Security and Data gov Liability Issues 
        1. Who control’s, how much control, 
        2. Who benefits, how they benefit  
      2. Who’s in controls cred
      3. Adding x Fields 
  2. Update on ANCR Record to make a Controller credential that embeds all the required transparency / security data into notice, notification and disclosures
    1. Utilizes did’s and VC for controller credential identifier’s
      1. Adding identifiers - did field
      2. adding other fields types
      3. accountable person + 
  3. Scale International data gov framework for consent  to extend ISO framework to the  SSI /ToiP governance framework,
    1. mapping authoritative data governance roles
    2. Governance Framework Mapping 
      1. Authoritative  roles and semantics to the ToiP governance framework generic did based roles
    3. Use Cases
      1. Annex Assessment 
        1. Assessing the transparency of an identifier / SSI implementation 
          1. how many parties is the identifier shared with ? 
      2. Annex Interop -Mapping

DeCon for SSI: 

...

  • This document aims to bridge the ISO/IEC 29100  (formalized international security and privacy framework standard that is free) with ISO/IEC  27002 (formalized information security controls)  to the trust over IP governance framework.
  • The method is
    • to specify the extension of  notice records and consent receipts into micro-credentials with  DiD's to generate electronic eNotice and eConsent receipts utilizing ToiP Governance Framework ecosystem. 
  • The controller credential is an extension of the Kantara Initiative, ANCR Notice Record specification, and apart of the  eNotice record and eConsent receipt information structure used for the AuthC (authorization default) Protocol.

...

 

Implementing true SSI with electronic notice and consent - using international governance frameworks for hyperlocal transparency and data control

Process in progress:

  1. Updated March 24
  2. Notice Controller Credential Specification
  3. Papers (in progress)
    1. Decentralized Data Governance 
    2. identity interoperability

Notice & Consent Task Force 

Project owner:

Mark Lizar 

Editors

Surveillance Controller EditorSalvatore DAgostino

OCA Schema Editor: 


Status

ACTIVE 




Notice Controller Credential add's additional fields to an existing consent record formant for notice and consent 


Introduction

In privacy regulations globally transparency is a key requirement.   transparency is most often represented by the requirements for notice and specifying a legal justification and purpose for processing.

In this regard standards for the transparency and notice are required for transparency to scale. As a result there is a critical security issue in which people are not able to see who is in control of their personal data, what the legal justification and authority is used to processing personal - which makes it almost impossible to consent to transfer or exchange personal data across boarders.

This specification specifies the creation of a notice controller credential, which is used to generate micro-credential, signing a receipt to authorise  a specific purpose of use to implement international records of processing. 

Default - consent (representing shared understanding - as starting point)  - is provided in relationships record. 

  • the default presented to the controller - using the controller credential 
  • a notice request is the provided aka - a request to track - to  update the understanding 

Scenario of Use 

  • For decentralized digital identity, utilizing decentralized data governance to...

Governance Reference Architecture 

These represent the analogue legal requirements. Modern privacy law has additional requirements in which transparency over rights and identity based controls should be proportionate to the technology and risk.   Current digital identity notice and consent mechanisms are governed by terms, conditions and contracts and are most often defined by system permissions rather than the purpose of use.  As a result analogue / human consent and control does not scale online to govern and control digital identifiers. 

This is a significant security challenge for decentralized identity as lack of transparency over who controls and benefits from the digital identifier is a) not standardized and b) not provided until after digital identifiers are created and used to permission access and controls to an eco-system. 

To scale transparency and data controls online, digital data controller information (and identitifiers) are required to automate rights based controls are to autonomously provide a  stateful privacy signal.  Required so that people can understand, access and effectively operationalize privacy for interoperability.   Without standardized digital transparency and privacy controls,  decentralized identifier control is not possible.   

This additional controller 'digital trust' information is used to generate an electronic two factor notice (2FN) for eConsent.  

Governance & Risk

3 Vectors of Governance 

  1. Personal Data Control (Gov) - (lower risk) uses micro-credentials 
    1. the individual controls the source of data and verification 
    2. attribute by attribute control 
    3. Logging the access to the attribute for processing 
  2. Co-Regulation : multi-party governed - 
    1. Data trusts, where the individual + regulator and service co-regulate
    2. Logging the access to the processing 
  3. Data Protection : Self-Regulated -
    1. the service provider regulates the processing of personal data
    2. Signed, verified and open code, with shared logging

3 Tiers of  Controller Assurance


0 - Self Asserted Identifier 

  1. Public verifiable 
  2. Digitally verifiable & Legal (service delegation)
  3. Operator Controller - Certified and legal 


International standards are used to address limitation  to internet scale data governance in national standards frameworks. 

This controller credential utilizes a reference architecture that began with 1980 OECD Guidelines, and has been worked on for international /internet scalable data governance.  This work has driven regulatory reform and convergence internationally. GDPR refer framework for digital. 

...

The controller credential can be generated by any stakeholder, and is use to generate eNotice and eConsent records and receipts, that are defined here as micro-credentials.

 be verified and validated for legal proof and evidence. 

Terms & Definitions

The terms and definitions presented here and defined here are in addition to the references, this cover the field names specified for the controller. 

  • specific to this spec, (in the annex - mapping semantics between frameworks )
  •   

Auth-C: Notice Alert Protocol  

3 Vectors of Governance 

  1. Personal Data Control (Gov) - (lower risk) uses micro-credentials 
    1. the individual controls the source of data and verification 
    2. attribute by attribute control 
    3. Logging the access to the attribute for processing 
  2. Co-Regulation : multi-party governed - 
    1. Data trusts, where the individual + regulator and service co-regulate
    2. Logging the access to the processing 
  3. Data Protection : Self-Regulated -
    1. the service provider regulates the processing of personal data
    2. Signed, verified and open code, with shared logging

3 Tiers of  Controller Assurance

0 - Self Asserted Identifier 

...




Specification Overview 

This specification builds upon the Kantara ANCR Record specification (and Consent Reciept)(ref) to build a notice controller credential for recording the controller and contract information in a notice. 

...

The field data for the records and receipts are specified from numerous sources, in particular the W3C Data Privacy Vocabulary, for 



Fields Added to ANCR Record to Create Verifiable Credential

ANCR Record spec - is here (enter link)

...

  1. Controller Type[Ctype]:  
    1. Notice Controller,  
    2. PII notice controller,  
    3. PII controller,    
    4. PII surveillance controller , (info not provided by PII Principle) 
    5. [Ctype] controller operator, 
  2. Accountable Person Type

Security Considerations

how to specify the 

To address the security gap, the controller credential is presented in a privacy or security notice, prior to surveillance.

...

Human security, discovers or generates a controller credential to create human trust anchor record and credential (dial tone)independent of the Controller/Service provider. 

Type 2: Technical Trust 


Mitigation Risk

Using standard framework for transparency of control with data control defaults 


Micro-Credential 

defined as a credential specified to a specific purpose. 

...

Assessment of transparency and performance of a micro-credential to mitigate risks with SSI


 Examples

  1. Security, 
    1. evidence 
      1. fraud, traceabilty
      2. permission and access control transparency. 
    2. Security of Security 
      1. schema struture and use of object identifiers 
      2. NIST - Privacy and Security Control framework 
        1. NIST Language - 
  2. Auditing a ToiP implementation



Glossary

Controller Credential 

Micro Credential

Privacy Stakeholders - ISO 29100

Privacy Stakeholders

ISO Definition


Regulator / 
Privacy Regulator for individuals 
PII Principal

PII Controller

Joint PII Controller

PII Processor

3rd Party
another person, or police, 


Annex: Privacy Stakeholder Mapping to Functional ToiP Roles

Continuing of the ANCR Record Assessment to identify the controller credential,

...




Delegated 

Regulator

Ombudsman
PII Principal

Guardian/Parent/School
PII Controller

Joint-Controller
PII Processor

Sub-Processor
3rd Party

turtles 


References for Controller Credential, Infrastructure and Legal Framework

Standard/Specifications

Title

Description 

Resource Status

ISO 29100

Information technology — Security techniques — Privacy framework

ISO/IEC 29100:2011 provides a privacy framework which

  • specifies a common privacy terminology;
  • defines the actors and their roles in processing personally identifiable information (PII);
  • describes privacy safeguarding considerations; and
  • provides references to known privacy principles for information technology.
Status - Is publicly available - https://www.freestandardsdownload.com/iso-iec-29100-2011.html
ISO/IEC 29184:2020Online privacy notice and consent
(just published - not available to public - we are working on publishing a report/appendix for use with this group )
W3C DPV  0.01Data Privacy Vocabulary
  • legal ontology for technically breaking down and mapping legal ontology to a data legal ontology - 
  • the Notice +  CR V1.2 and W3C DPV, also use a common set of purpose categories. and the Kantara CR v1.1 for purpose specification
  • (note shared by initial FIHR approach - now much more evolved) 

Reference: OPN: Open Notice  (+ Consent) Receipt Schema: Starters Guide to Unified Data Control Schema

Lizar, M. & Pandit, H.J., OPN: Open Notice Receipt Schema, 14th International Conference on Semantic Systems (SEMANTiCS 2019), Karlsruhe, Germany, 2019 [Published http://www.tara.tcd.ie/handle/2262/91576 [accessed July 1, 2020]

...