Versions Compared

Old Version 7

changes.mady.by.user Scott Perry

Saved on

compared with

New Version 8

changes.mady.by.user Scott Perry

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Credential defined in a Governance Framework at a stated level of assurance
  • The degree of assurance that the public key of the signer in a verifiable credential is matched to the possessor of the private key
  • The degree of authentication of data that is performed on the contents of a verifiable credential
  • The security and protection of the wallet containing the credential
  • The security and availability of a registry containing in the credential (if not held in a wallet)
  • The security and availability of the public key in a credential for verification purposes
  • The trustworthiness of the personnel and infrastructure of the Issuer of a verifiable credential
  • The asserted policies of the Issuer
  • The degree that practices that meet the Issuer policies are part of a trust assurance scheme
  • The rigor of a trust assurance scheme of the ecosystem that governs the credential

Class 1 – Untrusted Credentials

Attribute of class: Credentials that are not under standard or ToIP guidance

Examples: Peer to peer transactions, convenience credentials

  • Credential defined in a Governance Framework at a stated level of assurance: No
  • The degree of assurance that the public key of the signer in a verifiable credential is matched to the possessor of the private key: No assurance
  • The degree of authentication of data that is performed on the contents of a verifiable credential: None
  • The security and protection of the wallet containing the credential: None
  • The security and availability of a registry containing in the credential (if not held in a wallet): No controls
  • The security and availability of the public key in a credential for verification purposes: No requirements
  • The trustworthiness of the personnel and infrastructure of the Issuer of a verifiable credential: No requirements
  • The asserted policies of the Issuer: No requirements
  • The degree that practices that meet the Issuer policies are part of a trust assurance scheme: No trust assurance scheme
  • The rigor of a trust assurance scheme of the ecosystem that governs the credential: No trust assurance scheme
  • Mapped Level to other Standards:
    • NIST 800-63-3: IAL1, AAL1, FAL1
    • PCTF: Level 1
    • eIDAS: Low
    • Vectors of Trust: P0, C0 , Ma, Aa

Class 2 – Minimum Internet Grade Credentials

  • Attributes of Class:
    • Credentials covered under minimum guidance of the ToIP Foundation :  Includes most unregulated verifiable claims
  • Example credentials: College degree credentials, non-title provenance claims
  • Credential defined in a Governance Framework at a stated level of assurance:
    • Minimum Level of Assurance Covered by ToIP Foundation Guidance
  • Examples of Transactions: Identity Credential Used for non-Asset Transfer
  • Examples of Verifiable Credentials
  • Governance Mechanisms
  • Underlying Infrastructure
  •  Yes at Class 2
  • The degree of assurance that the public key of the signer in a verifiable credential is matched to the possessor of the private key: Moderate Assurance
  • The degree of authentication of data that is performed on the contents of a verifiable credential: Authentication Procedures are in place and self-asserted
  • The security and protection of the wallet containing the credential: ToIP Compliant Wallet Optional
  • The security and availability of a registry containing in the credential (if not held in a wallet): Moderate controls identified in Class 2 Credential Policy
  • The security and availability of the public key in a credential for verification purposes: Moderate controls identified in Class 2 Credential Policy
  • The trustworthiness of the personnel and infrastructure of the Issuer of a verifiable credential: Moderate controls identified in Class 2 Credential Policy
  • The asserted policies of the Issuer: Class 2 Credential Policy
  • The degree that practices that meet the Issuer policies are part of a trust assurance scheme: A Defined Trust Assurance Framework
  • The rigor of a trust assurance scheme of the ecosystem that governs the credential: Self-Assertion by ecosystem rolesTrust Assurance Practices
  • Mapped Level to other Standards:
    • NIST 800-63-3: IAL2, AAL2AAL1, FAL?FAL1
    • PCTF: Level 2
    • eIDAS: Simple: Between low and substantial
    • Vectors of Trust: P2, Ce, Mb, Ab?


  • Class 3 – Asset Value Grade Credentials
  • Attributes of Class:
    • Identity Credential Used for Asset Transfer
  • Examples of Transactions: AML/CFT
  • Examples of Verifiable Credentials
  • Governance Mechanisms
  • Underlying Infrastructure
    • such as digital driver's license, passport or bank identity credential, title claims
  • Credential defined in a Governance Framework at a stated level of assurance: Yes at Class 3
  • The degree of assurance that the public key of the signer in a verifiable credential is matched to the possessor of the private key: Medium Assurance
  • The degree of authentication of data that is performed on the contents of a verifiable credential: Authentication Procedures are in place, asserted and attested by a third party
  • The security and protection of the wallet containing the credential: ToIP Compliant Wallet Required (Layer2)
  • The security and availability of a registry containing in the credential (if not held in a wallet): Medium level controls identified in Class 3 Credential Policy
  • The security and availability of the public key in a credential for verification purposes: Medium level controls identified in Class 3 Credential Policy
  • The trustworthiness of the personnel and infrastructure of the Issuer of a verifiable credential: Medium level controls identified in Class 3 Credential Policy
  • The asserted policies of the Issuer: Class 3 Credential Policy
  • The degree that practices that meet the Issuer policies are part of a trust assurance scheme: A Defined Trust Assurance Framework
  • The rigor of a trust assurance scheme of the ecosystem that governs the credential: Assertion by ecosystem roles and attestation by independent third partyTrust Assurance Practices
  • Mapped Level to other Standards:
    • NIST 800-63-3: IAL2, AAL3AAL2, FAL?FAL2
    • PCTF: Level 3
    • eIDAS: Qualified: Substantial
    • Vectors of Trust: P2, Cf, Mc, Ac?


Class 4 – High Assurance Grade Credentials

  • Attributes of Class:
    • Examples of Transactions:
    • Examples of Verifiable Credentials
    • Governance Mechanisms
    • Underlying Infrastructure
      • Identity Credential Used for High Assurance, High Value, Sensitive Purposes
    • Credential defined in a Governance Framework at a stated level of assurance: Yes at Class 4
    • The degree of assurance that the public key of the signer in a verifiable credential is matched to the possessor of the private key: High Assurance
    • The degree of authentication of data that is performed on the contents of a verifiable credential: Authentication Procedures are in place, asserted and attested by a third party and certified by a recognized certification body
    • The security and protection of the wallet containing the credential: ToIP Compliant Wallet Required (Layer2) that is FIPS 140-2 3 compliant
    • The security and availability of a registry containing in the credential (if not held in a wallet): High level controls identified in Class 4 Credential Policy
    • The security and availability of the public key in a credential for verification purposes: High level controls identified in Class 4 Credential Policy
    • The trustworthiness of the personnel and infrastructure of the Issuer of a verifiable credential: High level controls identified in Class 4 Credential Policy
    • The asserted policies of the Issuer: Class 4 Credential Policy
    • The degree that practices that meet the Issuer policies are part of a trust assurance scheme: A Defined Trust Assurance Framework
    • The rigor of a trust assurance scheme of the ecosystem that governs the credential: Assertion by ecosystem roles and attestation by independent third party and certified by a recognized certification bodyTrust Assurance Practices
    • Mapped Level to other Standards:
      • NIST 800-63-3: IAL3, AAL3, FAL?FAL3
      • PCTF: Level 4
      • eIDAS: Qualified: High
      • Vectors of Trust: P3, Cf, Mc, Ad?