(Draft specification in progress)
Summary
- SSI - Controller Credential for Know Your Business (KYB) interactions and governance control flows.
- the specification addresses inherent risks due to a vulnerability, with technical identifier based systems.
- the more powerful the technology, , the higher the sensitivity, the
- this risk is mitigated with a controller credential for proof of transparency and by the performance of data control.
- Announcement June 9: This work group calls for interest in ToiP community to support the development and extension of decentralized data governance for decentralized digital identity management.
- This specification, specifies how to generate a controller credential by creating an ANCR's eNotice Record, and then using this record to generate an electronic eConsent Receipt.
- This document aims to bridge the ISO/IEC 29100 (formalized international security and privacy framework) with 27002 (formalized information security controls) to the trust over IP governance framework.
- The method is
- to specify the extension of notice records and consent receipts into micro-credentials with DiD's for eNotice and eConsent receipts that can utilize ToiP Governance Framework ecosystem.
- The controller credential is an extension of the Kantara Initiative, ANCR Notice Record specification, and apart of the eNotice record and eConsent receipt information structure used for the 0PN-AuthC Protocol.
- the specification addresses inherent risks due to a vulnerability, with technical identifier based systems.
- to get access to the current draft - please join a work group call and request it.
- In SSI the individual can create their own relationship record, proof of notice, and rights request receipt to demonstrate evidence of consent
Implementing true SSI with electronic notice and consent - using international governance frameworks for hyperlocal transparency and data control
Process in progress:
| Notice & Consent Task ForceProject owner: Editors Surveillance Controller EditorSalvatore DAgostino OCA Schema Editor: | StatusACTIVE |
Notice Controller Credential add's additional fields to an existing consent record formant for notice and consent builds on the Kantara ANCR, Consent Receipt Record format, to provide a digital controller credential, |
Introduction
In privacy regulations globally and for decentralized identity, transparency is a key requirement. transparency is most often represented by the requirements for notice and specifying a legal justification and purpose for processing.
In this regard standards for the transparency and notice are required for transparency to scale. As a result there is a critical security issue in which people are not able to see who is in control of their personal data, what the legal justification and authority is used to processing personal - which makes it almost impossible to consent to transfer or exchange personal data across boarders.
This specification specifies the creation of a notice controller credential, which is used to generate micro-credential, signing a receipt to authorise a specific purpose of use to implement international records of processing.
Default - consent (representing shared understanding - as starting point) - is provided in relationships record.
- the default presented to the controller - using the controller credential
- a notice request is the provided aka - a request to track - to update the understanding
Security , Transparency & Governance Gap
At this time people can't verify the services that are processing their personal information, or control the source of information that is processed.
There are 3 vectors of governance that this specification is designed to cater for which affect the privacy and security risks
Between,
Transparency Governance Framework - For Transparency Trust
3 Vectors of Governance
- Personal Data Control (Gov) - (lower risk) uses micro-credentials
- the individual controls the source of data and verification
- attribute by attribute control
- Logging the access to the attribute for processing
- Co-Regulation : multi-party governed -
- Data trusts, where the individual + regulator and service co-regulate
- Logging the access to the processing
- Data Protection : Self-Regulated -
- the service provider regulates the processing of personal data
- Signed, verified and open code, with shared logging
3 Tiers of Controller Assurance
0 - Self Asserted Identifier
- Public verifiable
- Digitally verifiable & Legal (service delegation)
- Operator Controller - Certified and legal
As identifiers are personal, used to track, surveil and profile its not only important to know who controls personal information, but it's required for consent, a critical component of security and a pre-requisite for digital privacy. Most notices, notifications, T&C's don't use standards to provide the transparency over who control's personal information.
This is the focus of the Kantara ANCR Record, which is the prefix to consent receipts.
This controller credential utilizes a reference architecture that began with 1980 OECD Guidelines, and has been worked on for international /internet scalable data governance. This work has driven regulatory reform and convergence internationally. GDPR refer framework for digital.
This controller credential specification extends this international governance standard to the Trust over IP Governance Framework and is used to generate purpose specific micro-credentials for the governance of digital information with SSI's. This enables the use of this reference architecture to scale analogue notice and consent to electronic eNotice and eConsent for digital exchanges and interoperability.
Reference Architecture
- 0PN Transparency WG: Decentralized Data Governance
- eNotice and eConsent identity & data governance information structure
- ISO/IEC 29100
- ISO/IEC 29100:2011 provides a privacy framework which. specifies a common privacy terminology; defines the actors and their roles in processing personally identifiable information (PII); describes privacy safeguarding considerations; and. provides references to known privacy principles for information technology.
- ISO/IEC 29184 Online Privacy Notice & Consent
- ISO/IEC 27560 WD 5 Consent record information structure
- ISO 27002 Series : WG 5 SC27
- ISO 27001 sets forth the compliance requirements needed to become certified. In contrast, ISO 27002 is a set of guidelines that are designed to help you introduce and implement ISMS best practices.
- CoE 108+
- International GDPR -
- data governance framework which provides the international enforcement policy baseline suitable for internet scale data control, identity transparency governance and consent
- International GDPR -
- W3C Data Privacy Vocabulary
- V.5
- Kantara
- ANCR Notice Record
Specification Overview
This specification builds upon the Kantara ANCR Record specification (and Consent Reciept)(ref) to build a notice controller credential for recording the controller and contract specifying all of the PII Controller's information in a noticeeNotice record.
The ANCR Record provides Consent Types to anchor the record trust record and an individual's understanding of the relationship. Specifically, root of trust record for the individuala trust record, which the individual owns and controls In a personal data store and profile.
Two types of Trust: OECD ref
type 1.
The individual trusting the system
type 2
the individual prooving who they are. so the system can trust them. e.g. with zero knowledge proof
The Record and Receipt specification uses ISO/IEC 29100 Security and Privacy techniques ref (free ISO specification) terms and definitions to identify the legal stakeholders(ref) and their roles in the processing and control of personal information. Using international standards for creation of record and receipts publicly a regulated data controller credential and for its utility in generating eNotice records and eConsent receipts.
ISO/IEC 29184 - Online Privacy Notice and Consent Controls - The field data for the records and receipts are specified from numerous sources, in particular the W3C Data Privacy Vocabulary, for
Fields Added to ANCR Record to Create Verifiable Credential
ANCR Record spec - is here (enter link)
...
- PII Controller Identifier [DiD]
- Credential ID
- Accountable Person
- Accountable Person rolerole
- Controller Notice Record Identifier
- Controller Receipt Identifier
- : As a DiD: Verified Credential
- Controller Type[Ctype]:
- Notice Controller,
- PII notice controller,
- PII controller,
- PII surveillance controller , (info not provided by PII Principle)
- [Ctype] controller operator,
- Accountable Person Type
Security
To address the security gap, the controller credential is presented in a privacy or security notice, prior to surveillance.
The individual can use this controller credential to provide consent for a specific purpose, as well as specifying the source of data, by providing a consent receipt, signed to be a micro-credential.
There are a series of steps which need to take place to establish two types of trust
Type 1: Transparency Trustframework -
Human security, discovers or generates a controller credential to create human trust anchor record and credential (dial tone)independent of the Controller/Service provider.
Type 2: Technical Trust
This Controller Credential is
...
Assessment
ANCR Record provides a PII Controller Digital privacy transparency KPI, be assessing a notice for digital and physical controller identification and privacy access information, as required for the operational use and management of digital identifiers.
The Controller Credential assessment tests this credential for its transparency performance.
Security Considerations
The use of blinding identity taxonomy for personal identifiers includes the Accountable person identifiers, which are required to be published and available in accordance to local legislation.
The identifiers used in the controller credential are specified according to regulation and implemented with standards in order to be subject to regulation and regulatory considerations,
Mitigation Risk
Using standard framework for transparency of control with data control defaults
Examples
- Security,
- evidence
- fraud, traceabilty
- permission and access control transparency.
- Security of Security
- schema struture and use of object identifiers
- NIST - Privacy and Security Control framework
- NIST Language -
- Auditing a ToiP implementation
Glossary
Controller Credential
...
Controller Credential
Micro-Credential
defined as a credential specified to a specific purpose.
Glossary
Privacy Stakeholders - ISO 29100
Privacy Stakeholders | ISO Definition | |
---|---|---|
Regulator / | Privacy Regulator for individuals | |
PII Principal | ||
PII Controller | ||
Joint PII Controller | ||
PII Processor | ||
3rd Party | another person, or police, |
Annex: Privacy Stakeholder Mapping to Functional ToiP Roles
Continuing of the ANCR Record Assessment to identify the controller credential,
...
Delegated | |||
---|---|---|---|
Regulator | Ombudsman | ||
PII Principal | Guardian/Parent/School | ||
PII Controller | Joint-Controller | ||
PII Processor | Sub-Processor | ||
3rd Party | turtles |
References for Controller Credential, Infrastructure and Legal Framework
Standard/Specifications | Title | Description | Resource Status |
---|---|---|---|
ISO 29100 | Information technology — Security techniques — Privacy framework | ISO/IEC 29100:2011 provides a privacy framework which
| Status - Is publicly available - https://www.freestandardsdownload.com/iso-iec-29100-2011.html |
ISO/IEC 29184:2020 | Online privacy notice and consent | (just published - not available to public - we are working on publishing a report/appendix for use with this group ) | |
W3C DPV 0.01 | Data Privacy Vocabulary |
|
|
Reference: OPN: Open Notice (+ Consent) Receipt Schema: Starters Guide to Unified Data Control Schema
Lizar, M. & Pandit, H.J., OPN: Open Notice Receipt Schema, 14th International Conference on Semantic Systems (SEMANTiCS 2019), Karlsruhe, Germany, 2019 [Published http://www.tara.tcd.ie/handle/2262/91576 [accessed July 1, 2020]
...