...
- Attributes of Class:
- Credentials covered under minimum guidance of the ToIP Foundation : Includes most unregulated verifiable claims
- Example credentials: College degree credentials, non-title provenance claims
- Credential defined in a Governance Framework at a stated level of assurance: Yes at Class 2
- The degree of commensurate assurance that the public key of the signer in a verifiable credential is matched to the possessor of the private key (early OMB guidance): Level 2
- The degree of authentication of data that is performed on the contents of a verifiable credential: Authentication Procedures are in place and self-asserted
- The security and protection of the wallet containing the credential: ToIP Compliant Wallet Optional
- The security and availability of a registry containing in the credential (if not held in a wallet): Moderate controls identified in Class 2 Credential Policy
- The security and availability of the public key in a credential for verification purposes: Moderate controls identified in Class 2 Credential Policy
- The trustworthiness of the personnel and infrastructure of the Issuer of a verifiable credential: Moderate controls identified in Class 2 Credential Policy
- The asserted policies of the Issuer: Class 2 Credential Policy
- The degree that practices that meet the Issuer policies are part of a trust assurance scheme: A Defined Trust Assurance Framework
- The rigor of a trust assurance scheme of the ecosystem that governs the credential: Self-Assertion by ecosystem roles
- Mapped Level to other Standards:
- NIST 800-63-3: IAL2, AAL1, FAL1
- PCTF: Level 2
- eIDAS: Between low and substantial
- Vectors of Trust: P2, Ce, Mb, Ab?
Class 3 – Asset Value Grade Credentials
- Attributes of Class:
- Identity Credential Used for Asset Transfer such as digital driver's license, passport or bank identity credential, title claims
- Credential defined in a Governance Framework at a stated level of assurance: Yes at Class 3
- The degree of commensurate assurance that the public key of the signer in a verifiable credential is matched to the possessor of the private key (early OMB guidance): Level 3
- The degree of authentication of data that is performed on the contents of a verifiable credential: Authentication Procedures are in place, asserted and attested by a third party
- The security and protection of the wallet containing the credential: ToIP Compliant Wallet Required (Layer2)
- The security and availability of a registry containing in the credential (if not held in a wallet): Medium level controls identified in Class 3 Credential Policy
- The security and availability of the public key in a credential for verification purposes: Medium level controls identified in Class 3 Credential Policy
- The trustworthiness of the personnel and infrastructure of the Issuer of a verifiable credential: Medium level controls identified in Class 3 Credential Policy
- The asserted policies of the Issuer: Class 3 Credential Policy
- The degree that practices that meet the Issuer policies are part of a trust assurance scheme: A Defined Trust Assurance Framework
- The rigor of a trust assurance scheme of the ecosystem that governs the credential: Assertion by ecosystem roles and attestation by independent third party
- Mapped Level to other Standards:
- NIST 800-63-3: IAL2, AAL2, FAL2
- PCTF: Level 3
- eIDAS: Substantial
- Vectors of Trust: P2, Cf, Mc, Ac?
...