Versions Compared

Old Version 8

changes.mady.by.user Mark Lizar

Saved on

compared with

New Version 9

changes.mady.by.user Mark Lizar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Privacy as Expected is explained technically in this as legal standard for human expectation used here to apply rights in Online context.    This use case for proving a general took for identity and trust governance interoperability.  E.g. the use of rights based controls
le decentralized identity and data governance semantic standards for notice and consent.  (Human centric Identity & Trust)  The ISO standardized notice and consent definition and terms provide an international basis for legal notice and consent governance semantics and interabioity.   These are used to standardize (or provider transparency over) system identity permissions and data controls, independent of the service, to provide a privacy as  expected signs.  

...

As humans we are decentralized, in the physical world the trust framework is local to a person.    To extend this digitally, these set of interoperable semantic standards ( are used to provide a broadcasted identity and trust  UI) that is human 'Consent Centric" and a legal baseline for notice and consent receipts.   

This PaE signalling enables consent lifecycles.  Which is why it is referred to as a consent gateway.  Conceptually this is a public operates on a  public set of rules/laws that  people can use locally to see, share and communicate about data surveillance, security and privacy risks. Independently of a digital identity management system or protocol.  Another term for this, is co-regulation.

...

Signalling Protocol for Active State for dynamic Risk Transparency


PaECG project, implements a simple visual signal that compares the anchor receipt against the current digital notice (using the standardized notice control language) to show the active state of the digital identity in a decentralized way.

...

In the PaE.G project we specify the use of the Active State Tranparency Risk signal for use with web browsers, and aim to show the active state of Surveillance capitalism is what people expect, and to provide a way for people to use their rights (with a receipt) independent of the website. 

What is the Challenge?

The internet is missing the active state, or context of people, and most identity management efforts are about activating the identifier for the individual. Representing the  signalling gap required to indicate a level of (trustworthiness)/transparency - independent of the service provider.  Specific to context.  An online privacy policy or static document doesn't provide active state information about the legal entity, purpose and context of use.   All of which is required in privacy legislation and security standards in one way or another. 

...

Simple in mechanics, the way it works, the first time a notice of the Controller identity is captured it generates an ANCR receipt, which is then linked for any additional receipts for that relationship.  The receipt is identity management/org relationship receipt.  Thisn ANCR receipt is used to provide proof of notice of legal identity, addressing key consent,  provide permission and for a person to manage their own consent.  an identifier relationship is created and tracked, this removes the need to provide the same notice of who the controller is, everytime a person access a website.  

Receipt Signal Protocol

The receipt signal is generated after the first notice is provided and a receipt is stored by the person.  (aka in a Master Identity Controller-plugin) and is usable of a proof of notice.  This first receipt becomes the ANCR receipt id for that relationship for the person and software used for personal data management. 

The next time a person comes to this website, a new notice of controller receipt is generated and then linked to the ANCR receipt ID.  If it is the same state - the signal in the icon will be green, if it is the same legal entity and same surveillance and  policy.  If there is a change, then the icon would be yellow or red, depending on how material the change in status of the legal entity (or more specifically the PII Controller) since the last time the receipt is provided.  Nominally this is defined by scope of the Surveillance and measured by the number of identity management relationships active at any one time. 

 In Context Notifications for identity system permissions

Identity Management Requires that a state change notification for privacy should at a minimum be linked to a log detailing the change using standard (semantics) so that this can automatically be understood by people.  

...