Versions Compared

Old Version 25

changes.mady.by.user Mark Lizar

Saved on

compared with

New Version 26

changes.mady.by.user Mark Lizar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Finish draft of intro and split the OTLoRA into its own document

...

Key ANCR Assurance Specification documents

  1. This introduction to Level Levels of Trust Operational Transparency Risk Assurance,

  2. The Notice Receipt/Record and PII Controller Notice Credential format to identify the PII Controller (AP + Data Privacy Officer).

  3. Transparency Code of Conduct (International Convention 108+ for governance interoperability with ISO/IEC 29100 security and privacy framework for systems (as digital privacy is not valid without security)

    1. For Levels of Trust Operational Transparency Assurance

  4. Consent Receipt v2 ANCR Credential Set (Consent Tokens)

Framework Component Specifications

  1. Differential Transparency (universal AuthC Protocol)

  2. Two Factor Concentric Notice

  3. Concentric Notice Labels

  4. Data Control Risk Assessment

Purpose of Use

  • Digital Privacy - Co-Regulatory Framework for all stakeholders

  • Consent for trans-boarder flows - with Consent Tokens for the individual to authorize trans-boarder flow and access control to PII Principals PII

...

As a result, and through active participating through Kantara ISO/IEC Liaison, and active participation with NIST, DIACC, W3C, and Kantara Community this work is contributed in multiple ways. Comments, Calls for Contribution, as a specification Editors, advocates and importantly, through the production of specifications. Like the Consent Receipt v1.1 used for trust assurance infrastructure.

Scope

The ANCR WG assurance framework and credential specifications are for a governance framework that an individual can apply independently, which mutually inclusive and collectively exhaustive. Meaning it applies to all contexts for surveillance, break the glass emergencies, security, fraud, and public data trusts.

Data Governance authority and trust assurance centric to the individual’s context, can be broken down int any of the 6 legal justifications (or categories) for processing, information using online / digital services. These 6 legal justifications have their own obligations and limitations, which are requied to be explicitly derogated in a code of practice profile.

These six legal justifications are;

  1. Consent

  2. Contract

  3. Legitimate Interest

  4. Vital Interest of the PII Principal

  5. Vital Interest of the Public

  6. Legal Obligation

#1 is digital consent

Levels of Trust Assurance

The anchored trust framework refers to 4 Levels of Risk Assurances, provided for in the the notice record schema. The record represents a trust framework which start with authority and assessing authoritative requirements. Creating a trust framework for public, low assurance discovery and interaction. Whereby, the individual is authoritative providing for a level which starts at self-asserted and authorized in context, without authentication required from industrial / federated identity management systems frameworks.

The DTL Levels Of Digital Transparency Assurance: 

These levels of transparency assurance and for the PII Principal also referred to as Indiidual in this text.

DTL 0,  - Notice Record and Credential - Minimum viable public interest specification for an ANCR record  (also referred too as the notice controller credential) [authorized not authenticated. ] [any stakeholder can use]

DLT 1 -  Controller Credential is a register for the credential.  This is usable for purpose specification in this framework, and required for generating records and receipts for consent and surveillance service applications. [Authorized, verified}   authenticated and risk assed as owner and DPO] [Authorized, verified,   authenticated, risk assed as controller and service ]

DTL 2 - Certified Controller (AKA Operator) Credential - this is certified to code of industry practice, or regulator approved code of conduct. Monitored Actively per-session -[Authorized, verified,   authenticated, risk assed as controller and service, monitored ]

DTL 3 - Operator (certified controller) Registrar - Industry Vertical Register - [Authorized, verified,   authenticated, risk assed as controller and service, monitored with active state (certified) data controls.]

...

LoDTA (requirements)

...

DTL 0

...

DTL 1

...

DTL 2

...

DTL 3

...

Authorized

...

X

...

X

...

X

...

X

...

Verified

...

X

...

X

...

X

...

Authenticated (biometric)

...

X

...

X

...

Validated (risk assessed)

...

X

...

X

...

Monitored (Code of Conduct)

...

X

...

X

...

Monitored ( Code of Practice)

...

X

DTL Stakeholder Types

PII Principal (designated individual)

PII Controller (joint Controller, Sub-Contoller) [DPO / Owner Roles]

PII Processor (joint processor, sub-processor)

Regulating Authority

Each stakeholder type can delegate authority and are first identified, once identified the stakeholder type can be mapped to the Digital Identity role, holder, issuer, verifier, validator, and authority. This architecture accounts for acting in multiple roles, with multiple legal justifications and specified purposes in a single context.

International Data Governance Adequacy

For a list of intention digital transparency legal requirements for digital transparency refer to this report published through a special interest group at DIACC “Report on the Adequacy of Identity Governance Transparency”,

What Are ANCR Records?

ANCR records are specified for public benefit and are contributed as public benefit technologies.

These are:

  • An ANCR’d record refers to a record the Individual (PII Principal) owns and controls, that contains a record of the controller credential information.

    • Governance Driven : trust framework From the context of a human’s physical privacy, the ANCR record captures the digital information that represents privacy and it’s security online. A links this to the purpose and record of processing practices for that organization.

    • The trust utility of an anchored record is for the PII Principal to be able to validate the active state of security and privacy, independently of the service providers.

    • An ANCR used in a trust framework refers to the PII Principle’s capacity (or performance of transparency for the PII Principle) to see, authorize, idenrtyf and assurmanaged and control the processing of personal information, autonomously, or with a Trusted 3rd party (like a bank) that is regulated by enforceable privacy and security law.

      • Unlike digital identity assurance / trust frameworks, ANCR records are used by the individual to validate tranaprecy and trust in digital identity systems,.

Critically, digital identity management technology has native security flaws and weaknesses as a technical surveillance technology, that provide the ability to exploit people and society in many levels that may not apparent. The method of addressing these flaws in an ANCR record framejjk us by digitally twinning the records of transparency and processing.

And adding levels of assurance to an ANCR record, the both enhance digital transaprency and operational use of digital security and privacy technologies,.

Identity Relationship Records

Poignantly, people do not currently own their own records which are used to profile people online, most commonly called users, while in fact, it is the services that are using digital identity and personal data provide services. Data governance, a broad term which includes all of our micro-data, identifiers and attributes, associated with an individual. An ANCR’d record is a record that an individual owns controls and holds, for example a consent receipt. The consent receipt, becomes an ANCR’d record when it is used by an Individual to verify the active state of cybersecurity and digital privacy, as a trust handshake, prior to processing, data control and digital evidence of consent as opposed to (analogue).

All of the ANCR specifications including the Consent Receipt, can be anchored to generate a personal profile from ones own record of digital relationships. The policy architecture, which is supported with this framework is the ANCR - Zero Public Network Architecture, in which an ANCR’d Record can be validated by a regulated 3rd party Certified Service Provider, or a cyber-notary, (AKA NIST Referee[ref NIST 800-63].

In ZPNA - the trust framework is agnostic to digital identity technologies, instead aiming to be interoperable with a standardized human governed data control framework, to interoperate broadly with digital identity. For example, requiring the use verified credentials for zero knowledge proof, in context where people control their own records, with a public proxy in-between online services. Rather than big tech services as the intermediary.

ANCR Record are intended to provide people with digital security and transparency that people can trust, without intermediaries.

The specifications developed here are in reference to authoritative international law CoE Convention 108+ and the open ISO/IEC 29100 security and privacy techniques standard which defines the stakeholders and roles. The work has been curated to be licensed for the public benefit, to provide legal to technical framework for digital transparency. A technology and standard , personal data control and decentralizing data governance.

ANCR’d Trust Assurance Framework

Assurance mechanisms identified for verifying micro-notice credentials, are:

  1. used autonomously to validate a current session

  2. notarized by a Referee

  3. Verified by a Regulated & Certified 3rd Party- like a bank which is a validator and proxy access to data profiles/accounts the individual controls.

ANCR Record Specifications

  1. Consent Receipt v1.1. & V2 i)

    1. A record created by a ‘privacy stakeholder’ [ref] Developed in the digital identity industry to provide people with records of Digital identity relationships, that can also be used to govern the digital relationship. Published in ISO/IEC 29184 Online privacy notice and consent, Appendix B, then adopted as basis or ISO/IEC 27560 [draft technical specification] consent record information structure.

  2. Transparency Performance Indicators (TPI’s) Draft v.00

    1. Digital Transparency metrics fo indicating operational state of transparency, useful to asses contextual conformance and compliance with laws, standards and personal expectations.

  3. Notice Record, (for Consent Receipts V2)

    1. this is the analogue concept of a notice record, to which a person (in a particular physical location, reads a notice and make their own record of who is control and accountable for their personal information, the core format of the consent receipt.

      1. with the addition of adding the use of a digital identifier to the notice recored, it can be used as extended to become a micro-notice credential

  4. Controller Notice Credential - (V.0.1) - an open digital identity credential that a PII Principal can create independently of the service providers, defined with International and enforceable law using ISO/IEC standard framework so as to be operationally authoritative.

Components Specifications in development:

  1. Consent Token v2

    1. Micro-Notice Credential & Consent Token - the extension of a notice record with key and token management. A notice record stored as a micro-notice credential in an ANCR’d application can further be extended to become a consent receipt token, which is the transport format / vehicle for exchange of credential and controller information.

Acronym's, Terms and Definitions

Authentication

Authority

Authoritative

ANCR (Anchored Notice and Consent Record ; An ANCR’d records is used by an individual to verify and validate each and every new, digital session, with a service provider. digital identifiers and

Data governance, refers to the policy architectures, made of laws, standards, contracts and the many supporting policy elements that regulate flows of data and it’s control in all of our human contexts.

Decentralized Data Governance

Micro-Notice Credential & Consent token: notice record formats that are extended for digital transparency using what is specificed as a two factor consent notice (2FCN). This is a notice, notification or disclosure with an embedded credential. The credential is used when the notice is engaged with, to generate a micro-notice credential for any legal justification. IN turn the micro-notice credential can be used to mint a consent token.

Monitoring

Validation

Verification

ZPN - Zero Public Network - refers to cyber security architects which aims to limit the exposure of personal identifiers and digital identities, using instead verified credentials and digital consent to authorize, verify and validate access to services and the flow of data.