...
- SSI - Controller Credential for Know Your Business (KYB) interactions and governance control flows.
- the specification addresses inherent risks due to a vulnerability, with technical identifier based systems.
- the more powerful the technology, , the higher the sensitivity, the
- this risk is mitigated with a controller credential for proof of transparency and by the performance of data control.
- Announcement June 9: This work group calls for interest in ToiP community to support the development and extension of decentralized data governance for decentralized digital identity management.
- This specification, specifies how to generate a controller credential by creating an ANCR's eNotice Record, and then using this record to generate an electronic eConsent Receipt.
- This document aims to bridge the ISO/IEC 29100 (formalized international security and privacy framework standard that is free) with ISO/IEC 27002 (formalized information security controls) to the trust over IP governance framework.
- The method is
- to specify the extension of notice records and consent receipts into micro-credentials with DiD's to generate electronic eNotice and eConsent receipts utilizing ToiP Governance Framework ecosystem.
- The controller credential is an extension of the Kantara Initiative, ANCR Notice Record specification, and apart of the eNotice record and eConsent receipt information structure used for the 0PN- AuthC (authorization default) Protocol.
- the specification addresses inherent risks due to a vulnerability, with technical identifier based systems.
- to get access to the current draft - please join a work group call and request it.
...
- specific to this spec, (in the annex - mapping semantics between frameworks )
Transparency Governance Framework - For Transparency Trust
...
Auth-C: Notice Alert Protocol
3 Vectors of Governance
- Personal Data Control (Gov) - (lower risk) uses micro-credentials
- the individual controls the source of data and verification
- attribute by attribute control
- Logging the access to the attribute for processing
- Co-Regulation : multi-party governed -
- Data trusts, where the individual + regulator and service co-regulate
- Logging the access to the processing
- Data Protection : Self-Regulated -
- the service provider regulates the processing of personal data
- Signed, verified and open code, with shared logging
...