Summary
- The controller credential is an extension of the Kantara Initiative, ANCR Notice Record specification, and apart of the notice record and receipt information structure used in the 0PN- AuthC Protocol.
- to get acces to the current draft - please join a work group call and request it.
...
(Draft specification in progress)
Process in progress:
| Notice & Consent Task ForceProject owner: Editors Surveillance Controller EditorSalvatore DAgostino OCA Schema Editor: | StatusACTIVE |
Notice Controller Credential add's additional fields to an existing consent record formant for notice and consent builds on the Kantara ANCR, Consent Receipt Record format, to provide a digital controller credential, |
Introduction
In privacy regulations globally the notice and notification requirements in legislation are the most consistent across jurisdictions. In all regulations the identity of the PII Controller is required to be provided to the person before, at the time, or as soon as possible, when processing personal information.
This specification uses ISO/IEC standard semantics to generate a controller notice receipt for each digital identifier based relationship, and in doing so implement privacy rights to control the use of the personal information related to the identifier(s).
Problem Statement
- Security
This specification also addresses security as a part of privacy (there won't be any "considerations" at the end). Current security approaches tend to look at privacy risk less wholistically. This specification addresses this key, no pun, security challenge - for example effectively KYC enhanced with a new authorization flow that that reflects - KYB - know your business (with whom does the identifier have a relationship).
Examples include:
- Verifying people for service use as security focus
- Verfify a notice, its controller credential and its authority to process personal data
- Using an open standards framework (an appendix to this specification, e.g. ISO 29100, Kantara Notice and Consent Receipts, W3C Vocabulary for Notice and Notifications ( text which fills the receipt fields).
- Operational Privacy (Identity and Security) (Engineering) Design Principles
- Principal of "Transparency, Proportionality, and Control Reciprocity - Dynamic Data Controls"
- Next steps toward this (outside this specification)
- Code of Conduct and Practice (Ethical Operation)
- Must have a receipt (with operational Privacy Controller Credential) to engage in the Dynamic Data Control ecosystem, aka dynamic data economy, from a privacy rights and self-soveign data control perspective.
- Privacy Controller Credential is used to automate purpose driven online services, to enhance or even replace federated identity systems with self-sovering identity governance.
...
and for decentralized identity, transparency is a key requirement. As identifiers are personal, used to track, surveil and profile its not only important to know who controls personal information, but it's required for consent, a critical component of security and a pre-requisite for digital privacy. Most notices, notifications, T&C's don't use standards to provide the transparency over who control's personal information.
This is the focus of the Kantara ANCR Record, which is the prefix to consent receipts.
This controller credential utilizes a reference architecture that began with 1980 OECD Guidelines, and has been worked on for international /internet scalable data governance. This work has driven regulatory reform and convergence internationally. GDPR refer framework for digital.
This controller credential specification extends this international governance standard to the Trust over IP Governance Framework and is used to generate purpose specific micro-credentials for the governance of digital information with SSI's. This enables the use of this reference architecture to scale analogue notice and consent to electronic eNotice and eConsent for digital exchanges and interoperability.
Reference Architecture
- 0PN Transparency WG: Decentralized Data Governance
- eNotice and eConsent identity & data governance information structure
- ISO/IEC 29100
- ISO/IEC 29100:2011 provides a privacy framework which. specifies a common privacy terminology; defines the actors and their roles in processing personally identifiable information (PII); describes privacy safeguarding considerations; and. provides references to known privacy principles for information technology.
- ISO/IEC 29184 Online Privacy Notice & Consent
- ISO/IEC 27560 WD 5 Consent record information structure
- ISO 27002 Series : WG 5 SC27
- ISO 27001 sets forth the compliance requirements needed to become certified. In contrast, ISO 27002 is a set of guidelines that are designed to help you introduce and implement ISMS best practices.
- CoE 108+
- International GDPR -
- data governance framework which provides the international enforcement policy baseline suitable for internet scale data control, identity transparency governance and consent
- International GDPR -
- W3C Data Privacy Vocabulary
- V.5
- Kantara
- ANCR Notice Record
Specification Overview
This specification builds upon the Kantara ANCR Record specification (and Consent Reciept)(ref) to build a notice controller credential for specifying all of the PII Controller's information in a eNotice record.
The ANCR Record provides Consent Types to anchor a trust record, which the individual owns and controls In a personal data store and profile.
The Record and Receipt specification uses ISO/IEC 29100 Security and Privacy techniques ref (free ISO specification) terms and definitions to identify the legal stakeholders(ref) and their roles in the processing and control of personal information. Using international standards for creation of a regulated data controller credential and for its utility in generating eNotice records and eConsent receipts.
ISO/IEC 29184 - Online Privacy Notice and Consent Controls -
Fields Added to ANCR Record to Create Verifiable Credential
ANCR Record spec - is here (enter link)
This credential is for transparency and accountability for data (and identifier) governance,
The eNotice (PII) Controller Cresdential, is used to generate eNotice record, for micro-credential PII Principal
- PII Controller Identifier [DiD]
- Credential ID
- Accountable Person
- Accountable Person role
- Controller Notice Record Identifier
- As a DiD: Verified Credential
- Controller Type[Ctype]:
- Notice Controller,
- PII notice controller,
- PII controller,
- PII surveillance controller , (info not provided by PII Principle)
- [Ctype] controller operator,
- Accountable Person Type
Assessment
ANCR Record provides a PII Controller Digital privacy transparency KPI, be assessing a notice for digital and physical controller identification and privacy access information, as required for the operational use and management of digital identifiers.
The Controller Credential assessment tests this credential for its transparency performance.
Security Considerations
The use of blinding identity taxonomy for personal identifiers includes the Accountable person identifiers, which are required to be published and available in accordance to local legislation.
The identifiers used in the controller credential are specified according to regulation and implemented with standards in order to be subject to regulation and regulatory considerations,
Mitigation Risk
Using standard framework for transparency of control with data control defaults
Examples
- Security,
Controller Credential
Micro-Credential
defined as a credential specified to a specific purpose.
Glossary
Privacy Stakeholders - ISO 29100
Privacy Stakeholders | ISO Definition | |
---|---|---|
Regulator / | Privacy Regulator for individuals | |
PII Principal | ||
PII Controller | ||
Joint PII Controller | ||
PII Processor | ||
3rd Party |
Applying international governance
- Assessing a ToiP / SSI / Verified Credential Implementations
Assessment Semantics
another person, or police, |
Annex: Privacy Stakeholder Mapping to Functional ToiP Roles
Continuing of the ANCR Record Assessment to identify the controller credential,
Map the ToiP functional role to the legal authority, justification and role of the stakeholder.
Questions:
Is the controller the holder, verifier, or issuer?
ISO Term | TOIP Terms | ||||||||
---|---|---|---|---|---|---|---|---|---|
Controller | Holder, verifier, issuer | ||||||||
Principal | |||||||||
Processor | |||||||||
controller | Legal Semantic Element | semantic description | functional usage | fields Required | |||||
controller | controller_identity | controller address registered | controller address (mailing) | controller contact | extend consent termination for a control point |
...
Delegated | |||
---|---|---|---|
Regulator | Ombudsman | ||
PII Principal | Guardian/Parent/School | ||
PII Controller | Joint-Controller | ||
PII Processor | Sub-Processor | ||
3rd Party | turtles |
References for
...
Controller Credential, Infrastructure and Legal Framework
Standard/Specifications | Title | Description | Resource Status |
---|---|---|---|
ISO 29100 | Information technology — Security techniques — Privacy framework | ISO/IEC 29100:2011 provides a privacy framework which
| Status - Is publicly available - https://www.freestandardsdownload.com/iso-iec-29100-2011.html |
ISO/IEC 29184:2020 | Online privacy notice and consent | (just published - not available to public - we are working on publishing a report/appendix for use with this group ) | |
W3C DPV 0.01 | Data Privacy Vocabulary |
|
|
Reference:
...
OPN: Open Notice (+ Consent) Receipt Schema: Starters Guide to Unified Data Control Schema
Lizar, M. & Pandit, H.J., OPN: Open Notice Receipt Schema, 14th International Conference on Semantic Systems (SEMANTiCS 2019), Karlsruhe, Germany, 2019 [Published http://www.tara.tcd.ie/handle/2262/91576 [accessed July 1, 2020]
...