You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Executive Summary

The following process and role descriptions were first derived from "The Trust Over IP Stack", a concept RFC issued by the Hyperledger Aries Project.  The contents of the RFC can be found at https://github.com/hyperledger/aries-rfcs/blob/master/concepts/0289-toip-stack/README.md.  These definitions were created as a companion to Governance Authorities developing ToIP-compatible Governance Frameworks as a majority set for consideration..  It enables Governance Authorities to use consistent terminologies to describe stakeholders and their processes that participate in a ToIP ecosystem.  These frameworks include an assortment of rules; there rules apply to roles which execute processes identified in this document.  All of these roles and processes MAY NOT appear in governance frameworks and some roles and processes appearing in frameworks MAY NOT be listed in this document. 

Roles

  • Roles Acting within Layer 4 - Ecosystem
    • Ecosystem Governance Authority  -  An entity that establishes and operates a framework (Ecosystem Governance Framework (EGF)) of policies, rules, procedures and accountabilities of roles within Layer 4 (Ecosystem)
    • Interoperable Ecosystem Governance Authority  -  An entity that establishes a TSS (ToIP Standard Specification) that defines the standard requirements for the Ecosystem Governance Authority to conform.
    • Member Directory - Provides both human- and machine-searchable listings of the public DIDs and other searchable attributes of participants in the EGF.
    • Auditor - An entity which can independently attest to participants assertion of compliance with EGF requirements.
    • Audit Accreditor - An Entity that qualifies Auditors and provides auditing standards
    • Accreditation Authority - An authoritative entity responsible for declaring that a certification body under its assessment methodology has satisfies its vetting requirements 
    • Certification Body  -  An authoritative entity responsible for declaring that an entity under its assessment methodology has satisfies its vetting requirements against a set of trust criteria
  • Roles Acting within Layer 3 - Credential
    • Credential Governance Authority -  An entity that establishes and operates a framework of policies, rules, procedures and accountabilities of roles within Layer 3 (Credential)
    • Credential Registry - are alternative holders of credentials to support other uses, such as public searchable directory services.
    • Authoritative Issuer - are credential issuers authorized by the ecosystem and/or credential governance authority to issue specific types of credentials at specific levels of assurance
    • Insurer - An entity which provides insurance to issuers operating under the terms of a governance framework.
    • Escrow Service - An entity that holds keys in escrow for legal. compliance and recovery purposes.

    • Biometric Service Provider  -  can be used to strengthen confidence in the binding between a credential and its authorized holder.

  • Roles Acting within Layer 2 - Provider
    • Provider Governance Authority -  -  An entity that establishes and operates a framework of policies, rules, procedures and accountabilities of roles within Layer 2 (Provider)
    • Hardware Provider - An entity who provides ToIP-compliant hardware, e.g., secure enclaves, trusted execution environments, HSMs.
    • Software Provider - An entity who provides ToIP-compliant agents, wallets, secure data stores, etc.
    • Agency - AN entity who hosts ToIP-compliant cloud agents for individuals, organizations, and guardians.
    • Secure Data Store  - A database with three special properties:
      1. It is controlled exclusively by the DID controller (person, organization, or thing) and not by any intermediary or third party.
      2. All the data is encrypted with private keys in the subject’s KMS.
      3. If a DID controller has more than one secure data store, the set of stores can be automatically synchronized according to the owner’s preferences.
    • Digital Guardian - an individual or organization willing to take legal responsibility for managing that cloud agent/wallet on behalf of a person under a guardianship mandate
    • Digital Delegate - One who receives digital authority and responsibility to carry out limited digital tasks on behalf of another
    • Digital Dependent - An Individual whose circumstances or capabilities, in a given context, requires dependence upon another operating under a guardianship mandate, to administer an that person's identity data
    • Thing Controller - An individual who digitally controls something that is by its nature incapable of acting on its own behalf
  • Roles Acting within Layer 1 - Utility (Verifiable Data Registry)
    • Utility Governance Authority -  An entity that establishes and operates a framework of policies, rules, procedures and accountabilities of roles within Layer 1 (Utility)
    • Transaction Author - An entity that initiates transactions a add records on a distributed ledger
    • Transaction Endorser - An entity that executes permission transactions for Transaction Authors
    • Steward - A node operator of a distributed ledger
  • Roles Acting Independent of Layer
    • Jurisdictional Authority - A legal authority that has established laws in the geographic territory of a participating ecosystem
    • Industry Authority - A recognized body in the governance authority's industry (or related industry) that has established standards and reputation that governance authority desires alignment and/or conformance
    • Standards Authority - A recognized body that has established standards and reputation that an governance authority desires alignment and/or conformance

Processes

  • Layer 4  -  Ecosystem Layer
    • Governance Processes and Standards
      • Risk Assessment  - A subjective process to identify potential threats of a Governance Framework's scope upon its purpose and objectives and derive a proportionate plan to address them.  
      • Governance Authority 
        • Governance Authority Establishment - activities to convene stakeholders aligned to oversee a layer of the ToIP stack.
        • Governance Framework Establishment - activities used to draft and enact an initial document containing key directives of a Governance Authority.
        • Governance Framework Government
          • Member Application
            • Member Contracting - the presentment and agreement of terms that a Governance Authority has with its participating members.
            • Member Fee Management - the billing and collection of financial obligations required by a Governance Authority with its members.
          • Member Vetting - the unbiased due diligence of prospect members against a set of acceptance criteria.
          • Member Voting - collecting and tabulating definitive choices made to members on proposed Governance Authority actions.
        • Policy Management
          • Policy Establishment - activities used to draft and enact an initial set of requirements and guidance a Governance Authority has upon its scope aligned with its purpose and objectives.
          • Policy Adoption - the acceptance of rules and guidance that a Governance Authority presents to itself and its members.
          • Policy Enforcement - activities that a Governance Authority takes to hold itself and its members accountable of its rules and guidance.
          • Policy Amendment - The reevaluation and change of previously established rules and guidance.
        • Governance Authority Communication
          • DID Publication - The presentment of availability of a decentralized identifier.
          • DID Whitelisting - The collection and enablement of decentralized identifiers specifically allowed actions specified by a Governance Authority.
          • Verifiable Credential Publication - the availability establishment of verifiable credentials to stakeholders within an ecosystem.
          • Levels of Assurance - the pre-defined tiers of risk mitigation afforded a class of transactions within an ecosystem.
      • Member Directory Designation and Recognition - The collection and enablement of approved Member entries available for transaction consideration within a Governance Authority.
      • Credential Registry Designation and Recognition - The collection and enablement of approved Credential Registries for transaction consideration within a Governance Authority.
      • Authoritative Issuer Designation and Recognition - The collection and enablement of approved Authoritative Issuers for transaction consideration within a Governance Authority.
      • Authoritative Verifier Designation and Recognition - The collection and enablement of approved Verifiers for transaction consideration within a Governance Authority.
      • Verifiable Credential Standards - The set of rules enacted by a Governance Authority that apply to a set of verifiable credentials under its scope.
      • Governance Trust Assurance Processes - The set of governance activities enacted by a Governance Authority to hold its stakeholders accountable for its governance rules. 
    • Trust Mark Processes
      • Trust Mark Scheme Definition - The set of activities a Governance Authority defines to establish and regulate its issuance of Trust Marks.
      • Trust Mark Vetting Process - The evaluation of candidate actions against a pre-defined set of criteria to determine their eligibility for trust mark issuance.
      • Trust Mark Issuance Process - The presentment of Trust Marks to approved recipients.
      • Trust Mark Discovery Process - The search and identification activities of interested parties of a Governance Authority's Trust Marks
      • Trust Mark Revocation - The rescindment of a previously approved Trust Mark by a Governance Authority
      • Trust Mark Expiration - The state when a Trust Mark exceeds its stated approval period enacted by a Governance Authority
    • Trust Assurance Scheme Processes
      • Self-Certification - The assertion a stakeholder makes that it is compliant with trust criteria established by a Governance Authority.  This MAY or MAY not be supported with evidence.
      • Internal Attestation - The opinion of an internally independent arbiter over asserted claims by a stakeholder of its compliance to governance authority trust criteria.
      • External Attestation - The opinion of an externally independent arbiter over asserted claims by a stakeholder of its compliance to governance authority trust criteria.
      • Certification - The declaration of an approved  Certification Body that an entity under an approved assessment methodology has satisfies its vetting requirements against a set of trust criteria
    • Auditor Processes and Standards - The set of accepted practices guiding the attestation of of an entity's assertion over its compliance with established Governance Authority trust criteria.
    • Audit Accreditor Processes and Standards - The evaluation and oversight activities enacted by a an Auditor Accreditor to approve and regulate auditors for a Governance Authority
  • Layer 3  -  Credential Layer
    • Governance Processes and Standards - (See Layer 4)
    • Issuer Processes
      • Credential Enrollment Processes - The set of activities that establishes the initial application of a credential.
      • Issuer Vetting Process (Prior to Credential Issuance) - The due diligence activities an Issuer takes to validate evidence supporting information on a credential and the subject's rights associated with it. 
      • Credential Lifecycle Processes
        • Credential Signing - The application of cryptographic keys upon a credential by an Authoritative Issuer asserting its claims.
        • Credential Issuance - The presentment of a credential making it available to stakeholders. 
        • Credential Modification - The amendment of information (not keys) of a credential.
        • Credential Re-Keying - the replacement of cryptographic keys upon a previously issued credential.
        • Credential Renewal - the set of re-approval activities made to a previously issued credential upon reaching the end of its validity period.
        • Certificate Suspension - The subjective segregation of a previously approved credential to a non-available condition.
        • Credential Revocation - The set of denouncement activities that renege a credential's approval state. 
        • Credential Distribution
        • Credential Expiration
        • Credential Purge
        • Credential Archival
      • Credential Status Services
        • Enabling Discovery of Invalid/Revoked Credentials
        • Maintenance of Credential Status 
        • Availability Processes of Credential Status
      • Issuer Infrastructure Processes
        • Physical Protection
        • Environmental Protection
        • Systems Development Life Cycle Processes
        • Network Security Processes
        • Trusted Personnel Processes
          • Hiring Practices
          • Vetting Processes
          • Training Processes
          • Removal Process
        • Transaction Logging
        • Records Archival
        • Compromise / Disaster Recovery
        • Private Key Management
          • Private Key Access
          • Private Key Storage
          • Private Key Backup
          • Private Key Activation
          • Private Key Deactivation
          • Private Key Destruction
    • Holder Processes
      • Credential Request
      • Proof Presentation
      • Credential Acceptance
      • Credential Loading
    • Verifier Processes
      • Proof Request
      • Signature Verification
      • Credential Status Services
        • Credential Status Request
        • Responses to Invalid/Revoked Credential
  • Layer 2  -  Agent Layer
    • Governance Processes and Standards
    • Agent Processes
      • Agent Activation
      • Agent/Data Store Pairing
      • Data Store Synchronization
      • Agent Deactivation
      • Key Pair Storage
      • DID Exchange
      • Key Management System (KMS) Creation
      • KMS Recovery
    • Guardianship Processes
      • Guardianship Inception
      • Guardianship Creation
      • Guardianship Usage
      • Guardianship Termination
    • Hardware Developer Processes
      • Systems Development Life Cycle
    • Software Developer Processes
      • Systems Development Life Cycle
  • Layer 1  -  Utility Layer
    • Governance Processes and Standards
      • Permissioned/Permissionless
      • Steward Configuration
      • Consensus Model
      • Data Structures
        • Schemas
        • Credential Definitions
      • Data Security Methods
      • Data Privacy Methods
    • Transaction Initiation
    • Transaction Endorsement
    • Steward Operational Processes


  • No labels