You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Introduction

This page represents the proposed structure of the ToIP Governance Metamodel. The purpose of the metamodel is to provide an overall template for ToIP-compatible governance frameworks from which the GSWG would then develop layer-specific templates. Each layer-specific template would be an instance of the metamodel that adds details such as:

  • Standard ToIP roles at that layer
  • Standard ToIP processes in which actors in those roles are engaged
  • Recommended policies for those processes
  • Standard risks against which assessment should be performed
  • Standard elements of a trust assurance framework to address those risks

The balance of this page is an outline of the proposed metamodel. 

All terms appearing in First Letter Caps MUST be added to the ToIP Glossary tagged for inclusion in the ToIP Governance Glossary.

Master Document

The Master Document is the "home page" for the governance framework (GF). The Master Document:

  1. MUST have a DID (Decentralized Identifier) that serves as an identifier of the entire GF.
  2. MUST have a unique DID URL to identify each specific version of the Master Document.
  3. MUST contain authoritative references to all other documents included in the GF, called the Controlled Documents.
  4. IMUST include policies stating how the Controlled Documents are governed by the Governance Authority.

Introduction

This section is a non-normative general introduction to the GF that orient first-time readers as to the overall context of the GF. The Introduction:

  1. SHOULD have a reference to the ToIP Foundation, the ToIP stack, and the ToIP Governance Template from which it was derived.
  2. MAY include an Acknowledgements section to acknowledge the contributors to the GF.

Purpose

This is a short, clear statement of the purpose of the GF. The Purpose section:

  1. SHOULD be as short and concise as possible—ideally one sentence, or only a few sentences.

Scope

This is a statement of the scope of the Trust Community for which the TF is intended to provide governance. The Scope section:

  1. SHOULD clearly state the stakeholders in the Trust Community.
  2. SHOULD clearly state their overall shared trust objectives.
  3. SHOULD, if possible, clearly state who and what are out of scope.

Principles

This section states the Principles by which all members of the Trust Community have agreed to abide. The Principles section:

  1. SHOULD serve as a guide to the development of any Policies based on each Principle ("Principles guide Policies").
  2. SHOULD refer to existing Principles—whether defined by ToIP-Compatible GFs or by other bodies—whenever possible.
  3. SHOULD NOT define Principles against which conformance can be tested directly—those should be Policies.

Core Policies

This section contains the Policies that apply generally across the entire GF. The Core Policies section:

  1. SHOULD include Policies that apply generally to governance of the entire Trust Community and that guide the development of more specific policies within the Controlled Documents.
  2. SHOULD NOT include any Policies that apply in a specific context addressed by one of the Controlled Documents.
  3. SHOULD be listed within categories if that is helpful to understanding their intent.

Governance

The Governance section covers how the GF is governed. The Governance section:

  1. MUST state the full legal identity and contact information for the Governance Authority.
  2. MUST include Policies clearly explaining Governance of the GF—specifically how any revisions to the GF are developed and approved.
  3. MUST include references to any separate Controlled Documents that constitute Governance documents for the Governance Authority (e.g., Charter, Bylaws, Operating Rules, etc.)

Schedule of Controlled Documents

This is a listing of all Controlled Documents. The Schedule of Controlled Documents:

  1. MUST include authoritative references to all Controlled Documents in the GF.
  2. MUST identify each Controlled Document with a unique, permanent DID URL.
  3. SHOULD include a Web link to each Controlled Document in the Web version of the GF.
  4. SHOULD include a brief description of the purpose and scope of each Controlled Document to make it easy for readers to navigate the GF.

Controlled Documents

Each Controlled Document covers a specific specialized area of the GF. The following are categories of Controlled Documents where each category MAY include zero or more Controlled Documents.

Glossary

xxx

Risk Assessment

xxx

Trust Assurance Framework

xxx

Governance Rules

xxx

Business Rules

xxx

Technical Rules

xxx

Security, Privacy, Data Protection

xxx

Inclusion, Accessibility, Equity

xxx

Legal Agreements

xxx



  • No labels