Versions Compared

Old Version 32

changes.mady.by.user Mark Lizar

Saved on

compared with

New Version 33

changes.mady.by.user Mark Lizar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • SSI - Controller Credential for Know Your Business (KYB) interactions and governance control flows.
    • the specification addresses inherent risks due to a vulnerability, with technical identifier based systems.
      • the more powerful the technology, , the higher the sensitivity, the  
    • this risk is mitigated with a controller credential for proof of transparency and by the performance of data control. 
    • Announcement June 9: This work group  calls for interest in ToiP community to support the development and extension of decentralized data governance for decentralized digital identity management.   
    • This specification, specifies how to generate a controller credential by creating an ANCR's eNotice Record, and then using this record to generate an electronic eConsent Receipt. 
    • This document aims to bridge the ISO/IEC 29100  (formalized international security and privacy framework standard that is free) with ISO/IEC  27002 (formalized information security controls)  to the trust over IP governance framework.
    • The method is
      • to specify the extension of  notice records and consent receipts into micro-credentials with  DiD's to generate electronic eNotice and eConsent receipts utilizing ToiP Governance Framework ecosystem. 
    • The controller credential is an extension of the Kantara Initiative, ANCR Notice Record specification, and apart of the  eNotice record and eConsent receipt information structure used for the 0PN- AuthC (authorization default) Protocol.
  • to get access to the current draft - please join a work group call and request it. 

...

  • specific to this spec, (in the annex - mapping semantics between frameworks )
  •   

Transparency Governance Framework - For Transparency Trust 

...


Auth-C: Notice Alert Protocol  


3 Vectors of Governance 

  1. Personal Data Control (Gov) - (lower risk) uses micro-credentials 
    1. the individual controls the source of data and verification 
    2. attribute by attribute control 
    3. Logging the access to the attribute for processing 
  2. Co-Regulation : multi-party governed - 
    1. Data trusts, where the individual + regulator and service co-regulate
    2. Logging the access to the processing 
  3. Data Protection : Self-Regulated -
    1. the service provider regulates the processing of personal data
    2. Signed, verified and open code, with shared logging

...