Equitable Origin Governance Framework
Equitable Origin Governance Framework
1. Primary Document
1.1. Introduction
This document articulates the governance framework for Equitable Origin as an issuer of a verifiable credential (layer four application of the Trust Over IP Foundation (ToIP) model).
The development of this documentation follows the governance framework created by the Trust over IP Foundation (ToIP) Governance Metamodel Specification created by the Governance Stack Working Group (GSWG).
These materials are made available under and are subject to the Creative Commons Attribution 4.0 International license.
THESE MATERIALS ARE PROVIDED “AS IS.” The Trust Over IP Foundation, established as the Joint Development Foundation Projects, LLC, Trust Over IP Foundation Series ("ToIP"), and its members and contributors (each of ToIP, its members and contributors, a "ToIP Party") expressly disclaim any warranties (express, implied, or otherwise), including implied warranties of merchantability, non-infringement, fitness for a particular purpose, or title, related to the materials. The entire risk as to implementing or otherwise using the materials is assumed by the implementer and user.
IN NO EVENT WILL ANY ToIP PARTY BE LIABLE TO ANY OTHER PARTY FOR LOST PROFITS OR ANY FORM OF INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER FROM ANY CAUSES OF ACTION OF ANY KIND WITH RESPECT TO THESE MATERIALS, ANY DELIVERABLE OR THE ToIP GOVERNING AGREEMENT, WHETHER BASED ON BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, AND WHETHER OR NOT THE OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Acknowledgements
This governance framework includes structural elements from the Trust over IP Metamodel that were developed by Governance Stack Working Group of the Trust over IP Foundation, the eSSIF Lab Glossary and Mental Models, were contributed to the Trust Over IP Foundation under the CC BY-SA 4.0 license. There have also been contributions from the Concepts & Terminology Working Group at ToIP, the Human Experience Working Group at ToIP and the Ecosystem Foundry Working Group at ToIP, the work of the Governance Framework Working Group at Sovrin Foundation is also acknowledged in providing support.
1.2. Terminology and Notation
Glossary - General Trust Over IP Terms
Requirements include any combination of Machine-Testable Requirements and Human-Auditable Requirements. Unless otherwise stated, all Requirements MUST be expressed as defined in RFC 2119.
- Mandates are Requirements that use a MUST, MUST NOT, SHALL, SHALL NOT or REQUIRED keyword.
- Recommendations are Requirements that use a SHOULD, SHOULD NOT, or RECOMMENDED keyword.
- Options are Requirements that use a MAY or OPTIONAL keyword.
Machine-Testable Requirements are those with which compliance can be verified using an automated test suite and appropriate scripting or testing software.
Rules are Machine-Testable Requirements that are written in a Machine-Readable language and can be processed by a Rules Engine. They are expressed in a structured rules language as specified by the Governance Framework.
Human-Auditable Requirements are those with which compliance can only be verified by an audit of people, processes, and procedures.
Policies are Human-Auditable Requirements written using standard conformance terminology. The Policies used in the Governance Framework will use the standard terminology detailed in RFC 2119 keywords. Note that all RFC 2119 keywords have weight from an auditing perspective. An implementer MUST explain why a SHOULD or RECOMMENDED requirement was not implemented and SHOULD explain why a MAY requirement was implemented.
Specifications are documents containing any combination of Machine-Testable Requirements and Human-Auditable Requirements needed to produce technical interoperability.
1.3. Localization
The standard language for this Governance Framework (GF) is American English.
1.4. Governing Authority
Equitable Origin is the Governing Authority responsible for this Governance Framework (GF). The contact information for Equitable Origin during the pilot phase of development is:
- Name: Soledad Mills
- Title: Chief Executive Officer
- Organization: Equitable Origin
- Email: smills@equitableorigin.org
1.5. Administering Authority
Energy and Mines Digital Trust (EMDT) is the Administering Authority on behalf of PricewaterhouseCoopers (PwC) during the pilot phase of development.
The contact information for EMDT is:
- Name: Kyle Robinson
- Title: Senior Strategic Advisor, Digital Trust Ecosystems
- Organization: Briartech Consulting Inc.
- Email: kyle.robinson@briartech.ca
1.6. Purpose
The purpose of this governance framework is to describe the rules/policies/procedures for verifiable credential exchanges involving Equitable Origin Services Inc. with the open global community. The purpose of the rules is to enable all actors to understand agreed upon standards, terminology and processes that allow the community to interact with Equitable Origin in a trusted manner. This will help determine a governing framework and operating model for a global ecosystem that identifies how credentials can be issued, held, and verified.
1.7. Scope
Equitable Origin is a participant in an open ecosystem and the focus of this framework is to describe the process Equitable Origin uses for digital exchanges on Indy networks.
1.8. Objectives
This section states the high-level outcomes desired by the trust community through its adoption of the GF.
- SHOULD specify tangible, achievable results (e.g. SMART criteria and Fit-for-Purpose criteria).
- MUST only contain outcomes over which the GF has the authority and mechanisms to achieve within its scope.
- MUST be consistent with the principles of the GF (below).
1.9. Principles
TBD - These are standard principals from ToIP, to be edited by Equitable Origin
- Sustainability
- Stewardship
- Public good
- Transparency
- Citizen Engagement
- Digital Sovereignty
- Security
- Confidence
- Synchronization
1.10. General Requirements
TBD
1.11. Revisions
Version 1.0
TBD - How and when Equitable Origin would change governance framework
1.12. Extensions
There are no extensions to this Governance Framework.
1.13. Schedule of Controlled Documents
TBD
2. Controlled Documents
2.1. Glossary
2.2. Risk Assessment
TBD
2.3. Trust Assurance and Certification
TBD
2.4. Governance Requirements
2.5. Business Requirements
2.5.1. Establishment of Connection
- Equitable Origin MUST send an invitation to the other business entity via email to initiate the exchange of information.
- The receiving party MUST accept invitation in order to establish a secure connection.
2.5.2. Issuance of EO100 Credential
- Using the established connection, Equitable Origin MUST receive a credential request from the business entity.
- Continuing from step 1, the business entity MUST provide all of the following attributes in the credential request as outlined in the EO100 Credential Governance:
certificate_issuer, certificate_number, operator, ucp_name, ucp_location_city, ucp_location_province, ucp_location_country, certification_date, expiration_date, certification_standard, assessor_name
- Equitable Origin MUST receive and review the request
- Any clarification questions MAY be asked via the secure messaging function
- Once all data is entered and correct, Equitable Origin SHALL offer the credential to the business entity
- Business entity MAY choose to accept or negotiate the credential to request changes
2.6. Technical Requirements
MUST have an Aries compatible business wallet.
2.7. Information Trust Requirements
Equitable Origin's Privacy Policy
2.8. Inclusion, Equitability and Accessibility Requirement
TBD
2.9. Legal Agreements
TBD
End of Document