You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Background of this Stack

  1. A key challenge to interoperability is addressed with the International ISO/IEC standards framework 29100 and 29184. This provides a semantic control framework to address the lack of semantic harmonization for personal data control  which provides security for the portability and control of private information and is a required for people to be able to independently consent and control personal information.  This challenge first presented the W3C DoNotTrack Conference in Berkeley California. 'Opening Up the Online Infrastructure
  2.  This turned into a Kantara Specification effort in 2014 and now, last year, ISO voted to fast track this to a standard 27560, to be used with ISO 29184 to address what was know by the  phrased of the Biggest Lie on the Internet, was a focus of a movie Terms and Condition's May Apply. With an international governance rule set, people can use independently of Terms and Conditions. 
  3. With the success of this work as an international standard this Task Force aims to collaborate to support an International data governance authority framework as an open resource for master identity control transparency over personal information (with standardized notification for the PII Principle)

Overview

For privacy transparency and accountaibilty  to ensure trustworthiness - Required from decentralized identity - without the use of frederated systems for access control

Key Security Challenge the PCC address 

  • Verifying people for service use has been the main security approach 
  • Altenrative approach is to verfify their privacy controller credential and use privacy law for defining purpose specific services - 
  • Using standards fromework (ISO) with ANCR Receipt and the W3C Vocabulary for Notice and Notifications text (which fills the receipt fields) 
  • Advanced Security for Human Centric Privacy/Policy Controls that scale
    • Must have a receipt (with operational Privacy Controller Credential) to engage in the Dynamic Data Control Ecosystem from a privacy rights and self-soveign data control
    • Privacy Controller Credential is used to automate purpose driven online services, to enhance or even replace federated identity systems with self-sovering identity governance
    • Key aspect is  (addressing the systemic weak online controller transparency) where privacy controller credential are not available for using privacy rights 

The credential is use for - credential - 

The credential has 0-3 levels of Privacy Controller Credential Assurance specifiedL: 

  1. Self Asserted Notice Controller
  2. Privacy Controller 
  3. Operating Privacy Controller 

Each level requires addition verification of th4e accountable person, their role and the providence of the LEI processing personal data. 

This specification formalizes the format for these 3 tiers of Privacy Assurance 


Format is using ISO etc, 

Tier 1  Notice Controller Credential 

Tier 2 Privacy Notice Controller Credential (AKA PII/Data Controller)

Tier 3 High Transparency Assurance over the providence of processing - 

  • Asserting benificial owner, codes of conduct and codes of practice 


The credential record for this is as follows 

PII Controller info 

Standards controller meta-data 

OCA Translation of Controller Credential for Rights Automation 


-- Next Week - Reveiwq and fill out outline  for this aspect 

  • No labels