Versions Compared

Old Version 8

changes.mady.by.user Scott Perry

Saved on

compared with

New Version 9

changes.mady.by.user Scott Perry

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Layer 4  -  Ecosystem Layer
    • Governance Processes and Standards
      • Risk Assessment  - A subjective process to identify potential threats of a Governance Framework's scope upon its purpose and objectives and derive a proportionate plan to address them.  
      • Governance Authority 
        • Governance Authority Establishment - activities to convene stakeholders aligned to oversee a layer of the ToIP stack.
        • Governance Framework Establishment - activities used to draft and enact an initial document containing key directives of a Governance Authority.
        • Governance Framework Government
          • Member Application
            • Member Contracting - the presentment and agreement of terms that a Governance Authority has with its participating members.
            • Member Fee Management - the billing and collection of financial obligations required by a Governance Authority with its members.
          • Member Vetting - the unbiased due diligence of prospect members against a set of acceptance criteria.
          • Member Voting - collecting and tabulating definitive choices made to members on proposed Governance Authority actions.
        • Policy Management
          • Policy Establishment - activities used to draft and enact an initial set of requirements and guidance a Governance Authority has upon its scope aligned with its purpose and objectives.
          • Policy Adoption - the acceptance of rules and guidance that a Governance Authority presents to itself and its members.
          • Policy Enforcement - activities that a Governance Authority takes to hold itself and its members accountable of its rules and guidance.
          • Policy Amendment - The reevaluation and change of previously established rules and guidance.
        • Governance Authority Communication
          • DID Publication - The presentment of availability of a decentralized identifier.
          • DID Whitelisting - The collection and enablement of decentralized identifiers specifically allowed actions specified by a Governance Authority.
          • Verifiable Credential Publication - the availability establishment of verifiable credentials to stakeholders within an ecosystem.
          • Levels of Assurance - the pre-defined tiers of risk mitigation afforded a class of transactions within an ecosystem.
      • Member Directory Designation and Recognition - The collection and enablement of approved Member entries available for transaction consideration within a Governance Authority.
      • Credential Registry Designation and Recognition - The collection and enablement of approved Credential Registries for transaction consideration within a Governance Authority.
      • Authoritative Issuer Designation and Recognition - The collection and enablement of approved Authoritative Issuers for transaction consideration within a Governance Authority.
      • Authoritative Verifier Designation and Recognition - The collection and enablement of approved Verifiers for transaction consideration within a Governance Authority.
      • Verifiable Credential Standards - The set of rules enacted by a Governance Authority that apply to a set of verifiable credentials under its scope.
      • Governance Trust Assurance Processes - The set of governance activities enacted by a Governance Authority to hold its stakeholders accountable for its governance rules. 
    • Trust Mark Processes
      • Trust Mark Scheme Definition - The set of activities a Governance Authority defines to establish and regulate its issuance of Trust Marks.
      • Trust Mark Vetting Process - The evaluation of candidate actions against a pre-defined set of criteria to determine their eligibility for trust mark issuance.
      • Trust Mark Issuance Process - The presentment of Trust Marks to approved recipients.
      • Trust Mark Discovery Process - The search and identification activities of interested parties of a Governance Authority's Trust Marks
      • Trust Mark Revocation - The rescindment of a previously approved Trust Mark by a Governance Authority
      • Trust Mark Expiration - The state when a Trust Mark exceeds its stated approval period enacted by a Governance Authority
    • Trust Assurance Scheme Processes
      • Self-Certification - The assertion a stakeholder makes that it is compliant with trust criteria established by a Governance Authority.  This MAY or MAY not be supported with evidence.
      • Internal Attestation - The opinion of an internally independent arbiter over asserted claims by a stakeholder of its compliance to governance authority trust criteria.
      • External Attestation - The opinion of an externally independent arbiter over asserted claims by a stakeholder of its compliance to governance authority trust criteria.
      • Certification - The declaration of an approved  Certification Body that an entity under an approved assessment methodology has satisfies its vetting requirements against a set of trust criteria
    • Auditor Processes and Standards - The set of accepted practices guiding the attestation of of an entity's assertion over its compliance with established Governance Authority trust criteria.
    • Audit Accreditor Processes and Standards - The evaluation and oversight activities enacted by a an Auditor Accreditor to approve and regulate auditors for a Governance Authority
  • Layer 3  -  Credential Layer
    • Governance Processes and Standards - (See Layer 4)
    • Issuer Processes
      • Credential Enrollment Processes - The set of activities that establishes the initial application of a credential.
      • Issuer Vetting Process (Prior to Credential Issuance) - The due diligence activities an Issuer takes to validate evidence supporting information on a credential and/or the subject's rights associated with it. 
      • Credential Lifecycle Processes
        • Credential Signing - The application of cryptographic keys upon a credential by an Authoritative Issuer asserting its claims.
        • Credential Issuance - The presentment of a credential making it available to stakeholders. 
        • Credential Modification - The amendment of information (not keys) of a credential.
        • Credential Re-Keying - the replacement of cryptographic keys upon a previously issued credential.
        • Credential Renewal - the set of re-approval activities made to a previously issued credential upon reaching the end of its validity period.
        • Certificate Suspension - The subjective segregation of a previously approved credential to a non-available condition.
        • Credential Revocation - The set of denouncement activities that renege a credential's approval state. 
        • Credential Distribution - The transfer activities of a credential from an Issuer to a Holder or other stakeholder.
        • Credential Expiration - The state when a credential exceeds its stated approval period enacted by an Authoritative Issuer.
        • Credential Purge - The removal activities of a credential from an active repository after it has exceeded its useful life
        • Credential Archival - The long-term storage in an inactive repository of credential for the purpose of providing evidence to a claim.
      • Credential Status Services
        • Enabling Discovery of Invalid/Revoked Credentials - Presentment activities to allow Verifiers to check the revocation status of a credential.
        • Maintenance of Credential Status - The activities to amend revocation status of credentials and make them available to interested Verifiers.
        • Availability Processes of Credential Status - The infrastructure activities enacted to maintain availability of credential status according to governance rules.
      • Issuer Infrastructure Processes
        • Physical Protection - the set of physical security activities employed to preserve the operation of information technology assets needed by an Issuer
        • Environmental Protection - the set of environmental security activities employed to preserve the operation of information technology assets needed by an Issuer
        • Systems Development Life Cycle Processes - The set of activities that a developer of Issuer software employs to make approved changes and preserve the operational integrity of Issuer software.
        • Network Security Processes - The set of communication and perimeter protection activities employed to preserve the operation of information technology assets needed by an Issuer.
        • Trusted Personnel Processes
          • Hiring Practices - The set of pre-employment hiring activities employed by an Issuer to perform due diligence of Trusted personnel candidates that are slated to be involved with Issuer processes.
          • Vetting Processes - The set of due diligence process activities employed by an Issuer to validate that those personnel candidates slated to be involved with Issuer processes meet minimum standards.
          • Training Processes - The set of education process activities employed by an Issuer to ready personnel involved with Issuer processes to perform job responsibilities.
          • Removal Process - The set of activities involved with evaluating performance of Issuer personnel and removing them from their job responsibilities if they do not meet minimum standards.
        • Transaction Logging - The collection of Issuer activity records need to monitor Issuer performance and retain evidence for later claim adjudication.
        • Records Archival - The storage of activity attributes in a separate protected repository for the purpose of potential historical claims adjudication. 
        • Compromise / Disaster Recovery - The declaration that an Issuer's ability to properly perform its duties has been severely impaired and must be restored to a previous state of acceptable operation.
        • Private Key Management
          • Private Key Access - The activities whereby a rightful owner obtains access to a cryptographic to be used for signing activities.
          • Private Key Storage - The safekeeping activities of a cryptographic signing key by its rightful owner.
          • Private Key Backup - The duplication activities of a cryptographic signing key by its rightful owner to ensure its continued use in the event of loss.
          • Private Key Activation - The unveiling of protection measures that enables a rightful owner access to their cryptographic signing key.
          • Private Key Deactivation - The activities that make a cryptographic signing key unavailable for use by its rightful owner.
          • Private Key Destruction- The permanent disablement activities of a cryptographic signing key.
    • Holder Processes
      • Credential Request - The solicitation activities of a potential subject of a verifiable credential to an Authoritative Issuer
      • Proof Presentation - the presentment activities of a verifiable credential to a Verifier
      • Credential Acceptance
      • Credential Loading
    • Verifier Processes
      • Proof Request
      • Signature Verification
      • Credential Status Services
        • Credential Status Request
        • Responses to Invalid/Revoked Credential
  • Layer 2  -  Agent Layer
    • Governance Processes and Standards
    • Agent Processes
      • Agent Activation
      • Agent/Data Store Pairing
      • Data Store Synchronization
      • Agent Deactivation
      • Key Pair Storage
      • DID Exchange
      • Key Management System (KMS) Creation
      • KMS Recovery
    • Guardianship Processes
      • Guardianship Inception
      • Guardianship Creation
      • Guardianship Usage
      • Guardianship Termination
    • Hardware Developer Processes
      • Systems Development Life Cycle
    • Software Developer Processes
      • Systems Development Life Cycle
  • Layer 1  -  Utility Layer
    • Governance Processes and Standards
      • Permissioned/Permissionless
      • Steward Configuration
      • Consensus Model
      • Data Structures
        • Schemas
        • Credential Definitions
      • Data Security Methods
      • Data Privacy Methods
    • Transaction Initiation
    • Transaction Endorsement
    • Steward Operational Processes

...