Versions Compared

Old Version 19

changes.mady.by.user Mark Lizar

Saved on

compared with

New Version 20

changes.mady.by.user Mark Lizar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Introduction

This specification refers to federated and decentralized digital identity systems and references the digital privacy transparency

Anchored Notice and Consent Records provide a framework for generating records of processing activities through for digital transparency. Specifying a PII Controller credential format to digitall identify the PII Controller and Data Privacy Officer. in this framework the legal privacy roles are defined in credential utilizing SO/IEC 29100 privacy and security techniques. International and authoritative law (Convntion 108+) and standard provides the direct requirements used to define digital identity in the ANCR Framework that are human interoperable at internet scale.

...

  1. Consent

  2. Contract

  3. Legitimate Interest

  4. Vital Interest of the PII Principal

  5. Vital Interest of the Public

  6. Legal Obligation

#1 is digital consent

Digital Transparency : Levels of Privacy Risk Assurance (or Levels of Trust)

The anchored trust framework refers to 4 Levels of Risk Assurances, provided for in the the notice record schema. The record represents a trust framework which start with authority and assessing authoritative requirements. Creating a trust framework for public, low assurance discovery and interaction. Whereby, the individual is authoritative providing for a level which starts at self-asserted and authorized in context, without authentication required from industrial / federated identity management systems frameworks.

The DTL Levels Of Digital Transparency Assurance: 

These levels of transparency assurance and for the PII Principal also referred to as Indiidual in this text.

...

DTL 3 - Operator (certified controller) Registrar - Industry Vertical Register - [Authorized, verified,   authenticated, risk assed as controller and service, monitored with active state (certified) data controls.]

LoDTA (requirements)

DTL 0

DTL 1

DTL 2

DTL 3

Authorized

X

X

X

X

Verified

X

X

X

Authenticated (biometric)

X

X

Validated (risk assessed)

X

X

Monitored (Code of Conduct)

X

X

Monitored ( Code of Practice)

X

DTL Stakeholder Types

PII Principal (designated individual)

...

Each stakeholder type can delegate authority and are first identified, once identified the stakeholder type can be mapped to the Digital Identity role, holder, issuer, verifier, validator, and authority. This architecture accounts for acting in multiple roles, with multiple legal justifications and specified purposes in a single context.

International Data Governance Adequacy

For a list of intention digital transparency legal requirements for digital transparency refer to this report published through a special interest group at DIACC “Report on the Adequacy of Identity Governance Transparency”,

What Are ANCR Records?

ANCR records are specified for public benefit and are contributed as public benefit technologies.

...

The specifications developed here are in reference to authoritative international law CoE Convention 108+ and the open ISO/IEC 29100 security and privacy techniques standard which defines the stakeholders and roles. The work has been curated to be licensed for the public benefit, to provide legal to technical framework for digital transparency. A technology and standard , personal data control and decentralizing data governance.

ANCR’d Trust Framework

  1. used autonomously to validate a current session

  2. notarized by a Referee

  3. Verified by a Regulated & Certified 3rd Party- like a bank which is a validator and proxy access to data profiles/accounts the individual controls.

ANCR Record Specifications

  1. Consent Receipt v1.1. & V2 i)

    1. A record created by a ‘privacy stakeholder’ [ref] Developed in the digital identity industry to provide people with records of Digital identity relationships, that can also be used to govern the digital relationship. Published in ISO/IEC 29184 Online privacy notice and consent, Appendix B, then adopted as basis or ISO/IEC 27560 [draft technical specification] consent record information structure.

  2. Transparency Performance Indicators (TPI’s) Draft v.00

    1. Digital Transparency metrics fo indicating operational state of transparency, useful to asses contextual conformance and compliance with laws, standards and personal expectations.

  3. Notice Record, (for Consent Receipts V2)

    1. this is the analogue concept of a notice record, to which a person (in a particular physical location, reads a notice and make their own record of who is control and accountable for their personal information, the core format of the consent receipt.

      1. with the addition of adding the use of a digital identifier to the notice recored, it can be used as extended to become a micro-notice credential

  4. Controller Notice Credential - (V.0.1) - an open digital identity credential that a PII Principal can create independently of the service providers, defined with International and enforceable law using ISO/IEC standard framework so as to be operationally authoritative.

Extensions in development:

  1. Micro-Notice Credential & Consent Token - the extension of a notice record with key and token management. A notice record stored as a micro-notice credential in an ANCR’d application can further be extended to become a consent receipt token, which is the transport format / vehicle for exchange of credential and controller information.

Acronym's, Terms and Definitions

Authentication

Authority

Authoritative

...