Versions Compared

Old Version 26

changes.mady.by.user Mark Lizar

Saved on

compared with

New Version 27

changes.mady.by.user Mark Lizar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

There are 3 vectors of governance that this specification is designed to cater for which affect the privacy and security risks

Between, 

Transparency Governance Framework - For Transparency Trust 

3 Vectors of Governance 

  1. Personal Data Control (Gov) - (lower risk) uses micro-credentials 
    1. the individual controls the source of data and verification 
    2. attribute by attribute control 
    3. Logging the access to the attribute for processing 
  2. Co-Regulation : multi-party governed - 
    1. Data trusts, where the individual + regulator and service co-regulate
    2. Logging the access to the processing 
  3. Data Protection : Self-Regulated -
    1. the service provider regulates the processing of personal data
    2. Signed, verified and open code, with shared logging

3 Tiers of  Controller Assurance


0 - Self Asserted Identifier 

  1. Public verifiable 
  2. Digitally verifiable & Legal (service delegation)
  3. Operator Controller - Certified and legal 

...

The ANCR Record provides Consent Types to anchor the records relationship, and individuals understanding of the relationship.record trust record and an individual's understanding of the relationship.  Specifically, root of trust record for the individual, which the individual owns and controls In a personal data store and profile. 

Two types of Trust: OECD ref

type 1. 

The individual trusting the system 

type 2

the individual prooving who they are. digital (don't need to trust)  technology like zero knowledge, 


The Record and Receipt specification uses ISO/IEC 29100 Security and Privacy techniques ref (free ISO specification) terms and definitions to identify the legal stakeholders(ref) and their roles in the processing and control of personal information.    Using international standards for creation of  record and receipts publicly. 

...

The field data for the records and receipts are specified from numerous sources, in particular the W3C Data Privacy Vocabulary, for 

Fields Added to ANCR Record to Create Verifiable Credential

ANCR Record spec - is here (enter link)

This credential is for transparency and accountability for data (and identifier) governance,

The  eNotice (PII) Controller Cresdential, is used to generate eNotice record, for micro-credential PII Principal 

  1. PII Controller Identifier [DiD] 
    1. Credential ID Fiels specified here are added to the ANCR Notice Record, 
    1. Accountable Person 
    2. Accountable Person and role 
    1. Controller Notice Record Identifier 
    1. Controller Receipt Identifier 
    1. : DiD: Verified Credential  

...

The individual can use this controller credential to provide consent for a specific purpose, as well as specifying the source of data, by providing a consent receipt, signed to be a micro-credential. 

There are a series of steps which need to take place to establish two types of trust 

Type 1: Transparency Trustframework - 

Human security, discovers or generates a controller credential to create human trust anchor record and credential (dial tone)independent of the Controller/Service provider

Type 2: Technical Trust 

This Controller Credential is 


Micro-Credential Use Cases

...

Privacy Stakeholders

ISO Definition


Regulator / 
Privacy Regulator for individuals 
PII Principal

PII Controller

Joint PII Controller

PII Processor

3rd Party
another person, or police, 


Annex: Privacy Stakeholder Mapping to Functional ToiP Roles

...