Dynamic Registrar Controller: Data Access Assurance WG

Owned by Mark Lizar
Last updated: Apr 22, 2024
2 min read

ANCR Proposes a Registrar Dynamic Data Assurance WG proposal to start a workgroup at Kantara, inviting a  Multi-Industry Collaboration.  

Collaboration between the security industry with use cases specific to (emergency responders), the privacy industry (Data Privacy Officers) and the Digital Identity Industry,  

 Proposing a work effort at Kantara Initiative for a DPT-Registrar Notary Assurance Program  

 

Program Sub-Group  

  • The Security Architecture -   

  • The Registrars Code of Practice - (Discuss Plan?) 

  • Controller Credential – Code of Conduct  -   

 

With 3 areas of policy topics

  1. Registrar - Consent by Default Code of Practice  

  2. Dynamic Security Access Architecture Group 

  3. Digital Privacy Notary - Privacy Policy, Index and Ledger 

 

Security Architectures Currently use commercial identity management, which is really insecure 

  • Refers to terms that are redefined for technical purpose, which conflict with governance terms, in addition to locking in the requirement for people to provide identifiers and personal attributes to use security in online services  

  • Current risks for children can be seen in our slides  

  •  

  • PII Controller – is an Industry Security solution witch is ISO/IEC 27002- specified, using open to access privacy framework solutions to extend enterprise security architectures for decentralised data governance solutions, 

  • Up until now, digital identity technology has, for the most part, been specified and defined by commercial enterprises,  

  • A famous code is law, article for Lawrence Lessig, who started creative commons, explained how technology is making their own rules and not obeying the rules we think,  

  • This has cause significant issues in governance and delivery of market services,  

  • Thes are now seen in the security and surveillance industries in a number of ways, across many jurisdictions.   

  • In particular the digital identity management industry, and the generic identifier to attribute management standards, which aim to side step the data governance requirements with technical specifications, which are free from governance rules and restrictions,  

  • Security and Privacy issues now a key concern as commerical IDm Digital Trust solutions have made these systms insecure.  

Topics
Governance Authority, sovereign transparency - decentralised and distributed data governance, security and policy for regulators and industry engagement and approval, to enable new knowledge banking industry,   

This group would inherit updated ANCR Specification(s) as well as use of the ANCR TPS Benchmark Program – For Assessment and Assurance, of registry products and services for regulators,  

The program aims to produce, maintain and sustain the international policy framework for registrars in different industries, and jurisdictions to extend their governance authority with this framework.  

Specifically, planning to provide a common’s  policy extensions framework that governs the PII Controller Notice and Notary Credential Policy, to  enable children, youth, community security and privacy standard development.  

The Audience is OECD, CoE 108+ committee, Commonwealth, industry and Community of Registrars

ANCR Contributing
* AuthC -Consent by Default Protocol for digital identity management systems and surveillance. 

The AuthC protocol in development at ANCR would be to  extend existing identiyt management protocols., with a authorisation from consent.   

Digital Privacy as public digital infrastructure, and an industry unto –itself for the co-regulation of the data commons. Contributing to these efforts, CoE, OECD,