...
Solution
Specification Overview
This specification contributes and builds upon the record and receipt information structure.
Record and Receipt Info Structure
ANCR Record - (receipt prefix)
...
Fields Added
- PII Controller Identifier [DiD]
- Credential ID
- Fiels specified here are added to the ANCR Notice Record,
- Accountable Person and role
- Controller Notice Record Identifier
- Controller Receipt Identifier
- : DiD: Verified Credential
- Controller Type[Ctype]:
- Notice Controller,
- PII notice controller,
- PII controller,
- PII surveillance controller , (info not provided by PII Principle)
- [Ctype] controller operator,
- Accountable Person Type
Security
...
Baseline
Use Case : Controller Credential: use of Verifiable Credential and Decentralized iDentifier to make Micro-Credentials
2 Examples
- Security,
- evidence
- fraud, traceabilty
- permission and access control transparency.
- Security of Security
- schema struture and use of object identifiers
- NIST - Privacy and Security Control framework
- NIST Language -
- evidence
- Auditing a ToiP implementation
...
ISO 29100 Privacy Stakeholders
Annex
Privacy Stakeholder Mapping to Functional ToiP Roles
Privacy Stakeholders | ISO Definition | |
---|---|---|
Regulator / | ||
PII Principal | ||
PII Controller | ||
PII Processor | ||
3rd Party |
Use Case 1:
Use Case 2: Applying international governance
- Assessing a ToiP / SSI / Verified Credential Implementations
Semantics
Legal Semantic Element | semantic description | functional usage | fields Required | |
---|---|---|---|---|
controller | ||||
controller_identity | ||||
controller address registered | ||||
controller address (mailing) | ||||
controller contact | extend consent termination for a control point |
...
Delegated | |||
---|---|---|---|
Regulator | Ombudsman | ||
PII Principal | Guardian/Parent/School | ||
PII Controller | Joint-Controller | ||
PII Processor | Sub-Processor | ||
3rd Party | turtles |
References for
...
Controller Credential, Infrastructure and Legal Framework
Standard/Specifications | Title | Description | Resource Status |
---|---|---|---|
ISO 29100 | Information technology — Security techniques — Privacy framework | ISO/IEC 29100:2011 provides a privacy framework which
| Status - Is publicly available - https://www.freestandardsdownload.com/iso-iec-29100-2011.html |
ISO/IEC 29184:2020 | Online privacy notice and consent | (just published - not available to public - we are working on publishing a report/appendix for use with this group ) | |
W3C DPV 0.01 | Data Privacy Vocabulary |
|
|
Reference:
...
OPN: Open Notice (+ Consent) Receipt Schema: Starters Guide to Unified Data Control Schema
Lizar, M. & Pandit, H.J., OPN: Open Notice Receipt Schema, 14th International Conference on Semantic Systems (SEMANTiCS 2019), Karlsruhe, Germany, 2019 [Published http://www.tara.tcd.ie/handle/2262/91576 [accessed July 1, 2020]
...