Versions Compared

Old Version 4

changes.mady.by.user Scott Perry

Saved on

compared with

New Version 5

changes.mady.by.user Scott Perry

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Layer 4  -  Ecosystem Layer
    • Governance Processes and Standards
      • Risk Assessment  - A subjective process to identify potential threats of a Governance Framework's scope upon its purpose and objectives and derive a proportionate plan to address them.  
      • Governance Authority 
        • Governance Authority Establishment - activities to convene stakeholders aligned to oversee a layer of the ToIP stack.
        • Governance Framework Establishment - activities used to draft and enact an initial document containing key directives of a Governance Authority.
        • Governance Framework Government
          • Member Application
            • Member Contracting - the presentment and agreement of terms that a Governance Authority has with its participating members.
            • Member Fee Management - the billing and collection of financial obligations required by a Governance Authority with its members.
          • Member Vetting - the unbiased due diligence of prospect members against a set of acceptance criteria.
          • Member Voting - collecting and tabulating definitive choices made to members on proposed Governance Authority actions.
        • Policy Management
          • Policy Establishment - activities used to draft and enact an initial set of requirements and guidance a Governance Authority has upon its scope aligned with its purpose and objectives.
          • Policy Adoption - the acceptance of rules and guidance that a Governance Authority presents to itself and its members.
          • Policy Enforcement - activities that a Governance Authority takes to hold itself and its members accountable of its rules and guidance.
          • Policy Amendment - The reevaluation and change of previously established rules and guidance.
        • Governance Authority Communication
          • DID Publication - The presentment of availability of a decentralized identifier.
          • DID Whitelisting - The collection and enablement of decentralized identifiers specifically allowed actions specified by a Governance Authority.
          • Verifiable Credential Publication - the availability establishment of verifiable credentials to stakeholders within an ecosystem.
          • Levels of Assurance - the pre-defined tiers of risk mitigation afforded a class of transactions within an ecosystem.
      • Member Directory Designation and Recognition - The collection and enablement of approved Member entries available for transaction consideration within a Governance Authority.
      • Credential Registry Designation and Recognition - The collection and enablement of approved Credential Registries for transaction consideration within a Governance Authority.
      • Authoritative Issuer Designation and Recognition - The collection and enablement of approved Authoritative Issuers for transaction consideration within a Governance Authority.
      • Authoritative Verifier Designation and Recognition - The collection and enablement of approved Verifiers for transaction consideration within a Governance Authority.
      • Verifiable Credential Standards - The set of rules enacted by a Governance Authority that apply to a set of verifiable credentials under its scope.
      • Governance Trust Assurance Processes - The set of governance activities enacted by a Governance Authority to hold its stakeholders accountable for its governance rules. 
    • Trust Mark Processes
      • Trust Mark Scheme Definition - The set of activities a Governance Authority defines to establish and regulate its issuance of Trust Marks.
      • Trust Mark Vetting Process - The evaluation of candidate actions against a pre-defined set of criteria to determine their eligibility for trust mark issuance.
      • Trust Mark Issuance Process - The presentment of Trust Marks to approved recipients.
      • Trust Mark Discovery Process - The search and identification activities of interested parties of a Governance Authority's Trust Marks
      • Trust Mark Revocation - The rescindment of a previously approved Trust Mark by a Governance Authority
      • Trust Mark Expiration - The state when a Trust Mark exceeds its stated approval period enacted by a Governance Authority
    • Trust Assurance Scheme Processes
      • Self-Certification - The assertion a stakeholder makes that it is compliant with trust criteria established by a Governance Authority.  This MAY or MAY not be supported with evidence.
      • Internal Attestation - The opinion of an internally independent arbiter over asserted claims by a stakeholder of its compliance to governance authority trust criteria.
      • External Attestation - The opinion of an externally independent arbiter over asserted claims by a stakeholder of its compliance to governance authority trust criteria.
      • Certification - The declaration of an approved  Certification Body that an entity under an approved assessment methodology has satisfies its vetting requirements against a set of trust criteria
    • Auditor Processes and Standards - The set of accepted practices guiding the attestation of of an entity's assertion over its compliance with established Governance Authority trust criteria.
    • Audit Accreditor Processes and Standards - The evaluation and oversight activities enacted by a an Auditor Accreditor to approve and regulate auditors for a Governance Authority
  • Layer 3  -  Credential Layer
    • Governance Processes and Standards - (See Layer 4)
    • Issuer Processes
      • Credential Enrollment Processes - The set of activities that establishes the initial application of a credential.
      • Issuer Vetting Process (Prior to Credential Issuance) - The due diligence activities an Issuer takes to validate evidence supporting information on a credential and the subject's rights associated with it. 
      • Credential Lifecycle Processes
        • Credential Signing - The application of cryptographic keys upon a credential by an Authoritative Issuer asserting its claims.
        • Credential Issuance - The presentment of a credential making it available to stakeholders. 
        • Credential Modification - The amendment of information (not keys) of a credential.
        • Credential Re-Keying - the replacement of cryptographic keys upon a previously issued credential.
        • Credential Renewal - the set of re-approval activities made to a previously issued credential upon reaching the end of its validity period.
        • Certificate Suspension - The subjective segregation of a previously approved credential to a non-available condition.
        • Credential Revocation - The set of denouncement activities that renege a credential's approval state. 
        • Credential Distribution - The transfer activities of a credential from an Issuer to a Holder or other stakeholder.
        • Credential Expiration - The state when a credential exceeds its stated approval period enacted by an Authoritative Issuer.
        • Credential Purge - The removal activities of a credential from an active repository after it has exceeded its useful life
        • Credential Archival - The long-term storage in an inactive repository of credential for the purpose of providing evidence to a claim.
      • Credential Status Services
        • Enabling Discovery of Invalid/Revoked Credentials
        • Maintenance of Credential Status 
        • Availability Processes of Credential Status
      • Issuer Infrastructure Processes
        • Physical Protection
        • Environmental Protection
        • Systems Development Life Cycle Processes
        • Network Security Processes
        • Trusted Personnel Processes
          • Hiring Practices
          • Vetting Processes
          • Training Processes
          • Removal Process
        • Transaction Logging
        • Records Archival
        • Compromise / Disaster Recovery
        • Private Key Management
          • Private Key Access
          • Private Key Storage
          • Private Key Backup
          • Private Key Activation
          • Private Key Deactivation
          • Private Key Destruction
    • Holder Processes
      • Credential Request
      • Proof Presentation
      • Credential Acceptance
      • Credential Loading
    • Verifier Processes
      • Proof Request
      • Signature Verification
      • Credential Status Services
        • Credential Status Request
        • Responses to Invalid/Revoked Credential
  • Layer 2  -  Agent Layer
    • Governance Processes and Standards
    • Agent Processes
      • Agent Activation
      • Agent/Data Store Pairing
      • Data Store Synchronization
      • Agent Deactivation
      • Key Pair Storage
      • DID Exchange
      • Key Management System (KMS) Creation
      • KMS Recovery
    • Guardianship Processes
      • Guardianship Inception
      • Guardianship Creation
      • Guardianship Usage
      • Guardianship Termination
    • Hardware Developer Processes
      • Systems Development Life Cycle
    • Software Developer Processes
      • Systems Development Life Cycle
  • Layer 1  -  Utility Layer
    • Governance Processes and Standards
      • Permissioned/Permissionless
      • Steward Configuration
      • Consensus Model
      • Data Structures
        • Schemas
        • Credential Definitions
      • Data Security Methods
      • Data Privacy Methods
    • Transaction Initiation
    • Transaction Endorsement
    • Steward Operational Processes

...