From dcab486151274ae4a93cdd86eeb7842852de9f76 Mon Sep 17 00:00:00 2001 From: kor Date: Mon, 26 Aug 2024 16:01:56 +0200 Subject: [PATCH 1/5] =?UTF-8?q?Add=20banner=20with=20notification=20(?= =?UTF-8?q?=E2=80=9Cis=20archived=E2=80=9D)=20and=20redirect=20link?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- glossary.html | 1625 +++++++++++++++++++++++++++++++++++-------------- 1 file changed, 1162 insertions(+), 463 deletions(-) diff --git a/glossary.html b/glossary.html index 5b58218..78e3991 100644 --- a/glossary.html +++ b/glossary.html @@ -1,475 +1,1174 @@ + Glossary - General Trust Over IP Terms + - - - - - - - - - - - -
Glossary - General Trust Over IP Terms
- - -
-
-
A -
actor #toip
-

actor in the #essiflab glossary here.

-

version 4, commit 6716f25, created 2021-06-23, last modified 2022-01-23, contributors Drummond Reed - Rieks - RieksJ

-
- -
administering authority #toip
-

The party tasked with operating the management of a particular governance framework. The administering authority may or may not be the governing authority. For example, a government may be the governing authority for a governance framework administered by an NGO as the administering authority.

-

version 1, commit e90f97f, created 2021-11-20, contributors ScottPerryCPA

-
- -
agent #toip
-

agent in the #essiflab glossary here.

-

version 4, commit 9ded51f, created 2021-06-23, last modified 2022-01-23, contributors Drummond Reed - Rieks - RieksJ

-
- -
audit accreditor #gswg#toip
-

The party which evaluates an applicant auditor for their competence, independence and quality control measures and approves them to make [attestations] about governed parties under the authority of a governance framework.

-

version 2, commit b5df919, created 2021-11-20, last modified 2021-11-21, contributors Drummond Reed - ScottPerryCPA

-
- -
auditor #toip
-

The party which acts as an independent professional trained in evaluating technology-based evidence provided from governed parties asserting that they are in compliance with audit criteria set forth by audit Accreditors. An auditor issues a report attesting its opinion over a governed party's compliance assertion which enables a governing party to issue compliance credentials to the governed party and may place it on a credential registry and add their entry to the trust registry.

-

version 4, commit 1b71b67, created 2021-11-20, last modified 2022-08-29, contributors Henk van Cann - ScottPerryCPA

-
- -
authority #toip
-

An Authority is a party of which certain decisions, ideas, rules etc. are followed by other parties. We distinguish between two kinds of authority:

-
    -
  • centralized authority, also known as the power or right to give orders, make decisions that other parties must follow, and enforce obedience. This kind of authority ignores the natural autonomy of other parties.
    • -
  • decentralized authority, also known as the power or right that is freely endowed by other parties to the authority, to make decisions, phrase ideas, set rules etc, which these parties will adopt and follow because they think it is in their own interest to do so.
    • -
-

version 2, commit 4b05e92, created 2021-06-23, last modified 2021-11-22, contributors Rieks - RieksJ

-
- -
C -
community #toip
-

A Community is an organization that seeks to facilitate the cooperation between at least two parties (referred to as its 'members') based on interests that these parties share as each of them seeks to realize its own, individual objectives.

-

A community is a specialization of the more generic ecosystem in the sense that it is an organization (which an ecosystem need not be) that (actively) facilitates the cooperation between its members, whereas in non-community ecosystems, this cooperation is not actively organized.

-

version 2, commit 475a32f, created 2021-06-23, last modified 2021-11-22, contributors Rieks - RieksJ

-
- -
credential registry #gswg#toip
-

An accessible repository of verifiable credentials issued by a party and made available to be verified in accordance with a governance framework.

-

version 1, commit 11316ac, created 2021-11-20, contributors ScottPerryCPA

-
- -
D -
did chain #toip
-

A set of DIDs linked in a hierarchical model where each DID (except the root) digitally signs the next DID in the chain. DID chains can be verified for cryptographic trust by “walking the chain” back to the root of trust. See also trust registry. Contrast with X.509 certificate chain.

-

version 1, commit fcefb2b, created 2021-06-23, contributors RieksJ

-
- -
digital trust ecosystem #toip
-

An ecosystem of governed parties that interoperate to achieve a set of trust objectives online. Layer 4 of the ToIP stack is designed to support digital trust ecosystems.

-

version 1, commit a11d47c, created 2022-01-23, contributors Drummond Reed

-
- -
E -
ecosystem #toip
-

A Ecosystem is a set of at least two (autonomous) parties (the members of the ecosystem) whose individual work complements that of other members, and is of benefit to the set as a whole.

-

An ecosystem is distinct from a community in the sense that it is not (necessarily) an organization that (actively) facilitates the cooperation between its members. A community is considered a specialization of the more generic 'ecosystem' concept.

-

version 2, commit 54b130f, created 2021-06-23, last modified 2021-11-22, contributors Rieks - RieksJ

-
- -
entity #toip
-

entity in the #essiflab glossary here.

-

version 5, commit 314d521, created 2021-06-23, last modified 2022-01-23, contributors Drummond Reed - Rieks - Daniel Hardman - RieksJ

-
- -
G -
governance #toip
-

governance in the #essiflab glossary here.

-

version 3, commit 44a46cc, created 2021-06-23, last modified 2022-01-23, contributors Drummond Reed - Rieks - RieksJ

-
- -
governance framework #toip
-

governance framework in the #gswg glossary here.

-

version 6, commit 39af4c5, created 2021-11-16, last modified 2022-01-23, contributors Drummond Reed - Daniel Hardman

-
- -
governed party #gswg#toip
-

A party whose actors perform in a [role] defined by a governance framework.

-

version 3, commit a55a75b, created 2021-11-20, last modified 2022-01-23, contributors Drummond Reed - ScottPerryCPA

-
- -
governing authority #toip
-

The party responsible for governing a particular governance framework. The governing authority may or may not be the administering authority. For example, a government may be the governing authority for a governance framework administered by an NGO as the administering authority.

-

version 1, commit c843189, created 2021-11-16, contributors Drummond Reed

-
- -
governing party #toip
-

An organization that is part of the governing authority of a trust community.

-

version 2, commit ffeed70, created 2022-01-16, last modified 2022-01-16, contributors Nicky Hickman

-
- -
I -
identifier #toip
-

An Identifier is a character string that is being used for identification purposes (by a specific party).[^1] This includes names and labels, as they are (obviously) used for such purposes.

-

Note that while an identifier is used for identification purposes, this does not automatically imply that it actually identifies (singles out) anything. It also depends on what RFC 3986 calls the 'scope of identification', or what Pfitzmann and Hansen (2010) refer to as an 'identifiability set', which are relevant for explaining whether or not (and if so: what) an identifier actually identifies (singles out) in a given context. See the Discussion below.

-

version 2, commit 43f62ce, created 2021-06-23, last modified 2021-11-22, contributors Rieks - RieksJ

-
- -
identity #toip
-

Identity is a term that is heavily debated. For our purposes, it is useful to see the identity of a person as the union of all characteristics, judgements and other knowledge that parties have about that person. Generalizing this idea, we say that the identity of any entity consists of the combined knowledge (that is: of all parties that know) about this entity.

-

Inspired by Pfitzmann and Hansen (2010), we define a partial identity (of an entity) as all the knowledge that a single, specific party has about that entity (= the 'subject' of the partial identity). The identity of an entity is then the union/collection of all of its partial identities.

-

The Self-Identity or Self-concept of a party is the partial identity of which it is both the subject and the owner.

-

version 2, commit 505fa2d, created 2021-06-23, last modified 2021-11-22, contributors Rieks - RieksJ

-
- -
J -
jurisdiction #toip
-

A Jurisdiction is the composition of a (non-empty) set of objectives, one scope, one legal system and one party (called the Governor of the Jurisdiction) that operates the legal system within that scope. While most people are familiar with what we call legal jurisdictions, please observe that organizations habitually will have rules (business policies) in place, enforce them (to some extent), and have ways of resolving conflicts, and therefore qualify as a jurisdiction. Specifically, multi-national organizations are known to govern multiple jurisdictions, aliging the scopes with the scopes of other (often legal) jurisdictions for the purpose of preventing situations in which conflicting rules apply, which would lead to many effort-intensive conflict-resolution cases.

-

The Jurisdictions pattern provides an overview of how this concept fits in with related concepts.

-

version 2, commit 7a47eef, created 2021-06-23, last modified 2021-11-22, contributors Rieks - RieksJ

-
- -
K -
knowledge #toip
-

Knowledge is the (intangible) sum of what is known, the familiarity, awareness or understanding of someone or something (WikiPedia). It includes facts (propositional knowledge), skills (procedural knowledge), or objects (acquaintance knowledge). Knowledge can be acquired in many different ways and from many different sources, including but not limited to experience, reason, memory, testimony, scientific inquiry, education, and practice.

-

We limit the scope of a Knowledge to a party so as to allow for the existence of multiple such Knowledges, where each of them is internally consistent, yet may be inconsistent with other Knowledges.

-

version 2, commit b2799fc, created 2021-06-23, last modified 2021-11-22, contributors Rieks - RieksJ

-
- -
L -
-
-

A Legal Entity is an entity that is known by and recognized to exist in a jurisdiction. For legal jurisdictions, this usually means that the entity is registered. Legal jurisdictions usually have a registration for its citizens, foreigners, enterprises, fellonies, etc. Non-legal jurisdictions (e.g. a soccer club) register their members, donators, staff, properties, etc., either on the record, or off the record.

-

The Jurisdictions pattern provides an overview of how this concept fits in with related concepts.

-

version 2, commit 3191797, created 2021-06-23, last modified 2021-11-22, contributors Rieks - RieksJ

-
- - -

A Legal System is a system in which rules are defined (legislature) and a mechanism for their enforcement is implicitly or explicitly defined (executive), as well as a mechanism for conflict resolution (judiciary). A legal system is designed and governed by a single party. A legal system can be operationalized by assigning it a scope within which enforcement and conflict resolution are implemented. The associated operational tasks may be mandated or delegated to other parties. Depending on the individual legal system, 'rules' may be called 'laws', 'regulations', 'directives', 'policies', 'working instructions', etc. Other terms exist for specializations of these terms, e.g. 'order', 'mandate', and others.

-

The Jurisdictions pattern provides an overview of how this concept fits in with related concepts.

-

version 2, commit 227ee73, created 2021-06-23, last modified 2021-11-22, contributors Rieks - RieksJ

-
- -
O -
objective #toip
-

Objectives drive parties as they make their goals explicit, the primary one of which is also referred to as the mission of that party. A party's objectives are part of its knowledge. When made available to agents of that party, these agents can do the work that is needed to reach these goals (realize the party's objectives).

-

version 2, commit f7bec33, created 2021-06-23, last modified 2021-11-22, contributors Rieks - RieksJ

-
- -
organization #toip
-

An Organization is a party that is associated with a group of actors that work to realize its objectives. Enterprises and governments are the prototypical examples. However, parts of enterprises (e.g. divisions, departments, business units) should also be considered organizations. This also holds for governments and governmental bodies.

-

version 2, commit 0a6b027, created 2021-06-23, last modified 2021-11-22, contributors Rieks - RieksJ

-
- -
owner #toip
-
-

An Owner is a role that a party performs when it is exercizing its legal, rightful or natural title to control some entity.

-

We interpret 'legal' and 'rightful' as terms that apply to any jurisdiction (that is: not just legal/national jurisdictions, but also those of other organizations (parties).

-

We take 'natural' as a title that is provided by nature, as in 'the owner of an assertion'.

-

For futher details, see ownership.

-

version 2, commit 4495d08, created 2021-06-23, last modified 2021-11-22, contributors Rieks - RieksJ

-
- -
ownership #ctwg#essiflab#essiflab-framework#toip
-
-

Ownership is a relationship between two entities in which one of these entities (called the owner) is entitled to enjoy, dispose of, and control the other entity in an pretty much absolute (sovereign) fashion. Any ownership relationship is grounded in ((the rules of) the legal system of) a specific jurisdiction, that maintains and enforces these rules, and that has means to resolve any disputes arising from that. To do this, both entities must be legal entities in that jurisdiction.

-

We may use the phrase natural ownership to refer to an ownership relation that exists in the jurisdiction 'Nature' (see the notes of jurisdiction). This enables us to talk about things as 'the (natural) ownership of an assertion'.

-

version 1, commit fcefb2b, created 2021-06-23, contributors RieksJ

-
- -
P -
party #toip
-

A party is an entity that sets its objectives, maintains its knowledge, and uses that knowledge to pursue its objectives in an autonomous (sovereign) manner. One might say that they have a mind of their own. Typical examples are individual people and organizations. Their minds (subjective knowledge) are what distinguishes one party from another, so every party is 1-1 related to its knowledge (mind).

-

Specifically, every party autonomously manages its

-
    -
  • knowledge (information). It means that every party gets to decide for itself what it believes to be true, what to trust (and what not), what objectives it wants to pursue, how much risks it wants to run, what are valid ways of reasoning (not necessarily logical), how to reach conclusions and make decisions. The knowledge of a party changes continuously as information is added, modified, or deleted - no reasons needed.
    • -
  • semantics, i.e. the mapping between parts of its knowledge and the data he uses to represent such parts, as well as the mapping between data that it receives and the meaning he interprets such data to be associated with.
    • -
  • data, i.e. the tangible representation of a subset of its intangible knowledge that it uses to communicate with others, to remember (store), or process.
    • -
-

It is important to note that:

- -

version 2, commit 3ffda3e, created 2021-06-23, last modified 2021-11-22, contributors Rieks - RieksJ

-
- -
policy #toip
-

A policy is a (set of) rules, working instructions and/or other guidance for the execution of one or more kinds of actions. that agents (a) have access to, (b) can interpret as intended by their principal (i.e. policy owner) and (c) must use when executing such actions.

-

An agent must have access to the policy that its principal has established for the kind of action(s) that the agent is executing for its principal. This requires that the policy be readable by the agent, and that the agent is capable of interpreting it as intended by its principal.

-

It should be part of the principal's governance processes

-
    -
  • to establish, maintain and evaluate policies for every kind of action that its agents may execute,
    • -
  • to derive artifacts from such policies that are useable by the various agents (digital, human, or otherwise) that have a right or duty to execute actions for the principal to which such policies apply. So, machine-readable policies should be derived for digital agents, and human-readable policies (in different languages if that is appropriate) for non-digital agents.
    • -
  • to publish such artifacts such that at least every of its agents that may need to access them, can find and access them as needed.
    • -
  • to inform its agents whenever updates have been made that they need to be aware of (specifically if agents are allowed to keep local copies of such artifacts).
    • -
-

The Parties, Actors and Actions pattern provides an overview of how this concept fits in with related concepts.

-

version 2, commit f07826c, created 2021-06-23, last modified 2021-11-22, contributors Rieks - RieksJ

-
- -
public utility #toip
-

A publicly readable and verifiable data storage network for Decentralized Identifiers (DIDs) (e.g. using blockchain, distributed ledger technology (DLT) or Decentralized File System.) At Layer 1 of the Trust over IP technology stack.

-

version 3, commit 23d5baa, created 2022-02-24, last modified 2022-02-24, contributors Nicky Hickman

-
- -
R -
risk #toip
-

A Risk is the effects that uncertainty can have on the intended realization of an objective of a party (which we call the risk owner). Uncertainty is a lack of information, understanding or knowledge of events, their consequences or likelihoods, and this may affect the results that a party expects and intends to realize so as to fulfull its objectives.

-

While traditionally these effects are assumed to be negative (i.e. damaging, harmful) to this party, they may also be positive. For example, if you buy a ticket in a lottery, you (should) expect to lose money (the prize of the ticket). However, there is this uncertainty, this lack of information, the effect of it would be that this intended/expected result is deviated from, and you actually win a prize. If this risk is unacceptable (e.g. if you do not know how to manage large amounts of money), then that would call the risk to be managed.

-

Risk is about the possible effects that uncertainty may have on the intended/expected realization of an objective of some party. In this sense, at least in theory, this means that 'risk' is an objective notion because different parties may have the same ideas about what such effects on a given objective could be. However, since an objective is owned by precisely one parties, and therefore only that party actually knows the actual meaning of that objective, in practice there is little point in drafting lists of such possible effects to make risk assessments easier.

-

An acceptable risk is a set of such effects that the risk owner has decided that it can, and is willing to deal with as they materialize. They need no further attention. Other risks would need attention and should be managed. Often, risks are assigned a risk level to help risk owners prioritize the risks, allowing them to manage the most important ones before the less important ones.

-

The owner of a risk that is associated with an objective must be the party that owns that objective, and vice versa, because ownership implies the authority to realize the objective, which in turn implies the authority to manage the associated risks. Of course, as owners are parties, a risk owner may mandate actors to execute the actions that are necessary to manage a risk, but that does not relieve the party from its ownership (and facing possibly associated consequences). In fact, the objective of mandating risk management activities may come with risks which are often overlooked.

-

version 2, commit 7b8c477, created 2021-06-23, last modified 2021-11-22, contributors Rieks - RieksJ

-
- -
risk management #toip
-

Risk management is a process that is run by (or on behalf of) a specific party for the purpose of managing the risks that it owns. We distinguish between various kinds of risk-management:

-
    -
  • centralized risk-management, which is a kind of risk management that assumes that the party that runs it has the power or right to give orders, make decisions that other parties must follow, and enforce obedience, which can be applied to mitigate its risks. This kind of risk-management ignores the natural autonomy of other parties.
    • -
  • decentralized or networked risk-management, which is a kind of risk management that assumes that the party that runs it acknowledges the autonomy of other parties to make their own (risk-related) decisions, and therefore starts and maintains relations with such parties that help them both to manage their individual, subjective risks.
    • -
-

version 2, commit 6cb5c0b, created 2021-06-23, last modified 2021-11-22, contributors Rieks - RieksJ

-
- -
S -
self sovereign identity #toip
-

Self-Sovereign Identity (SSI) is a term that has many different interpretations, and that we use to refer to concepts/ideas, architectures, processes and technologies that aim to support (autonomous) parties as they negotiate and execute electronic transactions with one another.

-

The dialogue about what Self-Sovereign Identity (SSI) really is — started in the blog "The Path to Self-Sovereign Identity" by Christopher Allen in 2016 — has not resulted in a consensus today. While some see the ten principles of SSI that Allen proposed as the definition of SSI, he formulated them as "a departure point to provoke a discussion about what's truly important". And it is obvious that what is important differs per party.

-

The perspective that the eSSIF-Lab framework takes is that of supporting (autonomous) parties as they negotiate and execute electronic (business) transactions with one another. So anything that helps - e.g. concepts/ideas, architectures, processes and technologies, will be covered by that term.

-

version 1, commit 5bd8a45, created 2022-08-15, contributors Daniel Hardman

-
- -
self sovereignty #toip
-

Self-Sovereignty is the characteristic of every party that it is autonomous in managing and operating its own knowledge, particularly in making decisions and deciding how to decide.

-

version 3, commit ff6aa0d, created 2021-06-23, last modified 2021-11-22, contributors Rieks - RieksJ

-
- -
semantics #toip
-
-

We use the term semantics to refer to the mapping between (tangible) terms and (intangible) concepts (their meaning, the ideas behind it). Semantics are scoped, i.e. every scope has its own semantic mapping. This implies that every party has - and maintains - its own (subjective) semantics, which is its subjective mapping of a set of terms onto the concepts/ideas in its knowledge. The (erroneous) assumption that parties would (automagically) share a semantics is the cause of many misunderstandings, and hence should be identified and deleted as soon as possible.

-

version 2, commit a6d0b68, created 2021-06-23, last modified 2021-11-22, contributors Rieks - RieksJ

-
- -
SSI #toip
-

self-sovereign identity

-

version 1, commit 589bc34, created 2022-08-15, contributors Daniel Hardman

-
- -
ssi assurance community #toip
-

An SSI Assurance Community is a community that supports its members as they seek to increase their confidence in the SSI infrastructure and/or (specific) qualifications of the data exchanged through that infrastructure." The nature of a community being that its members share some common ground ensures that this objective may be realized by exploing that existing common ground.

-

Here are some functions that an assurance community may contemplate of performing:

-
    -
  • act as a governing party for a set of credential types.
    • -
  • run a credential catalogue in which its members (and perhaps others) can advertise the credential types they issue and specify the assurances and other data that parties may need in order to decide whether or not to take that member up on that offering.
    • -
  • run a yellow pages service which parties can use to find out which members (or other parties) issue credentials of a certain type.
    • -
  • govern and document accreditation schemes, including schemes for accrediting parties that may certify others against such schemes.
    • -
  • act as a governing party for decision trees (to be elaborated on)
    • -
  • act as a KeySmith (also to be elaborated on)
    • -
-

The initial ideas for SSI Assurance Communities can be read in the paper "Decentralized SSI Governance, the missing link in automating business decisions".

-

version 2, commit 73dd37d, created 2021-07-23, last modified 2021-11-22, contributors Rieks - RieksJ

-
- -
ssi infrastructure #toip
-

The SSI Infrastructure consists of the technological components that are (envisaged to be) deployed all over the world for the purpose of providing, requesting and obtaining qualified data for the purpose of negotiating and/or executing electronic transactions.

-

Like any other (hard) Infrastructure, such components are (to be) designed to be interoperable, both

-
    -
  • 'horizontally', i.e. with other infrastructural components, and
    • -
  • 'vertically', i.e. that it is very easy for other software applications to use them.
    • -
-

It is foreseen that SSI components in this infrastructure are designed and created in a generic way, and hence need to be customizable, so that an individual compnent can work according to the (needs and preferences|policy)-of-the parties for which it is an agent.

-

This implies that the SSI Infrastructure (a 'hard' infratstructure) needs to be complemented with a complementary 'soft infrastructure', e.g. as can be provided with assurance communities.

-

version 2, commit 9338e86, created 2021-06-23, last modified 2021-11-22, contributors Rieks - RieksJ

-
- -
T -
ToIP stack #toip
-

The two-sided, four-layer architecture for decentralized digital trust infrastructure defined by the ToIP Foundation.

-

version 1, commit 390dd68, created 2022-07-07, contributors Drummond Reed

-
- -
trust framework #gswg#toip
-

A specialized type of governance framework that specifies the [requirements] for a [digital identity] system.

-

version 1, commit 9dfb9b0, created 2021-11-21, contributors Drummond Reed

-
- -
trust registry #toip
-

A repository which contains a machine-readable listing of approved governed parties deemed compliant by a governing authority over its attributable criteria of its governance framework.

-

version 2, commit 7c66632, created 2021-11-20, last modified 2021-11-20, contributors ScottPerryCPA

-
- -
V -
VC #toip
-

Verifiable Credential

-

version 1, commit c5ec39b, created 2022-08-29, contributors Henk van Cann

-
- -
verifiable credential #toip#w3cvc
-

A tamper-evident credential whose authorship by an issuer can be cryptographically verified. Verifiable credentials can be used to build verifiable presentations, which can also be cryptographically verified. The claims in a credential can be about different subjects.

-

version 2, commit 3a3d527, created 2022-01-23, last modified 2022-01-23, contributors Drummond Reed

-
-
- -
+ + + + + + + + + + + +
Glossary - General Trust Over IP Terms
+ + +
+
+ ! + + This glossary is archived. Go to the new + glossary. + +
+ +
+
A +
+ + actor + + #toip
+
+

actor in the + #essiflab glossary here. +

+

version 4, commit 6716f25, created 2021-06-23, last modified 2022-01-23, contributors Drummond + Reed - Rieks - RieksJ

+
+ +
+ + administering authority + + #toip
+
+

The party tasked with + operating the management of a particular governance framework. The + administering authority may or may not be the governing authority. For + example, a government may be the governing authority for a governance framework administered by an NGO as the + administering authority.

+

version 1, commit e90f97f, created 2021-11-20, contributors ScottPerryCPA

+
+ +
+ + agent + + #toip
+
+

agent in the + #essiflab glossary here. +

+

version 4, commit 9ded51f, created 2021-06-23, last modified 2022-01-23, contributors Drummond + Reed - Rieks - RieksJ

+
+ +
+ + audit accreditor + + #gswg#toip
+
+

The party + which evaluates an applicant auditor + for their competence, independence and quality control measures and approves them to make [attestations] about + governed parties + under the authority of a governance framework. +

+

version 2, commit b5df919, created 2021-11-20, last modified 2021-11-21, contributors Drummond + Reed - ScottPerryCPA

+
+ +
+ + auditor + + #toip
+
+

The party which acts as an + independent professional trained in evaluating technology-based evidence provided from governed parties + asserting that they are in compliance with audit criteria set forth by audit + Accreditors. An auditor issues a report attesting its opinion over a governed party's compliance + assertion which enables a governing party to issue compliance credentials to the governed party and may place + it on a credential + registry and add their entry to the trust + registry.

+

version 4, commit 1b71b67, created 2021-11-20, last modified 2022-08-29, contributors Henk van + Cann - ScottPerryCPA

+
+ +
+ + authority + + #toip
+
+

An Authority is a party + of which certain decisions, ideas, rules etc. are followed by other parties. + We distinguish between two kinds of authority:

+
    +
  • centralized authority, also known as the power or right to give orders, make decisions that other parties + must follow, and enforce obedience. This kind of authority ignores the natural autonomy of other parties. +
    • +
  • decentralized authority, also known as the power or right that is freely endowed by other parties + to the authority, to make decisions, phrase ideas, set rules etc, which these parties will adopt and follow + because they think it is in their own interest to do so.
    • +
+

version 2, commit 4b05e92, created 2021-06-23, last modified 2021-11-22, contributors Rieks - + RieksJ

+
+ +
C +
+ + community + + #toip
+
+

A Community is an organization + that seeks to facilitate the cooperation between at least two parties + (referred to as its 'members') based on interests that these parties + share as each of them seeks to realize its own, individual objectives. +

+

A community is a specialization of the more generic ecosystem + in the sense that it is an organization + (which an ecosystem need not be) that (actively) facilitates the cooperation between its members, whereas in + non-community ecosystems, this cooperation is not actively organized.

+

version 2, commit 475a32f, created 2021-06-23, last modified 2021-11-22, contributors Rieks - + RieksJ

+
+ +
+ + credential registry + + #gswg#toip
+
+

An accessible repository of verifiable credentials issued by a party and made available to be verified in + accordance with a governance framework.

+

version 1, commit 11316ac, created 2021-11-20, contributors ScottPerryCPA

+
+ +
D +
+ + did chain + + #toip
+
+

A set of DIDs linked in a hierarchical model where each DID (except the root) digitally signs the next DID in + the chain. DID chains can be verified for cryptographic trust by “walking the chain” back to the root of + trust. See also trust registry. Contrast with X.509 certificate chain.

+

version 1, commit fcefb2b, created 2021-06-23, contributors RieksJ

+
+ +
+ + digital trust ecosystem + + #toip
+
+

An ecosystem of governed parties + that interoperate to achieve a set of trust objectives online. Layer 4 of the + ToIP + stack is designed to support digital trust ecosystems. +

+

version 1, commit a11d47c, created 2022-01-23, contributors Drummond Reed

+
+ +
E +
+ + ecosystem + + #toip
+
+

A Ecosystem is a set of at least two (autonomous) parties + (the members of the ecosystem) whose individual work complements that of other members, and is of benefit to + the set as a whole.

+

An ecosystem is distinct from a community + in the sense that it is not (necessarily) an organization + that (actively) facilitates the cooperation between its members. A community + is considered a specialization of the more generic 'ecosystem' concept.

+

version 2, commit 54b130f, created 2021-06-23, last modified 2021-11-22, contributors Rieks - + RieksJ

+
+ +
+ + entity + + #toip
+
+

entity in the + #essiflab glossary here. +

+

version 5, commit 314d521, created 2021-06-23, last modified 2022-01-23, contributors Drummond + Reed - Rieks - Daniel Hardman - RieksJ

+
+ +
G +
+ + governance + + #toip
+
+

governance in the + #essiflab glossary here. +

+

version 3, commit 44a46cc, created 2021-06-23, last modified 2022-01-23, contributors Drummond + Reed - Rieks - RieksJ

+
+ +
+ + governance framework + + #toip
+
+

governance framework in + the #gswg glossary here.

+

version 6, commit 39af4c5, created 2021-11-16, last modified 2022-01-23, contributors Drummond + Reed - Daniel Hardman

+
+ +
+ + governed party + + #gswg#toip
+
+

A party + whose actors perform in a [role] defined by a governance + framework.

+

version 3, commit a55a75b, created 2021-11-20, last modified 2022-01-23, contributors Drummond + Reed - ScottPerryCPA

+
+ +
+ + governing authority + + #toip
+
+

The party responsible for + governing a particular governance framework. The governing authority may + or may not be the administering + authority. For example, a government may be the governing authority for a governance framework + administered by an NGO as the administering authority.

+

version 1, commit c843189, created 2021-11-16, contributors Drummond Reed

+
+ +
+ + governing party + + #toip
+
+

An organization that is part + of the governing authority + of a trust community.

+

version 2, commit ffeed70, created 2022-01-16, last modified 2022-01-16, contributors Nicky + Hickman

+
+ +
I +
+ + identifier + + #toip
+
+

An Identifier is a character string that is being used for identification purposes (by a + specific party).[^1] + This includes names and labels, as they are (obviously) used for such purposes.

+

Note that while an identifier is used for identification purposes, this does not automatically imply that + it actually identifies (singles out) anything. It also depends on what RFC 3986 calls the 'scope of identification', or what Pfitzmann and Hansen (2010) + refer to as an 'identifiability set', which are relevant for explaining whether or not (and if so: what) an + identifier actually identifies (singles out) in a given context. See the Discussion below.

+

version 2, commit 43f62ce, created 2021-06-23, last modified 2021-11-22, contributors Rieks - + RieksJ

+
+ +
+ + identity + + #toip
+
+

Identity is a term that is heavily debated. For our purposes, it is useful to see the + identity of a person as the union of all characteristics, judgements and other knowledge + that parties + have about that person. Generalizing this idea, we say that the identity of any entity + consists of the combined knowledge + (that is: of all parties + that know) about this entity.

+

Inspired by Pfitzmann and Hansen + (2010), we define a partial identity (of an entity) as all the knowledge + that a single, specific party + has about that entity (= the 'subject' of the partial identity). The identity + of an entity is then the union/collection of all of its partial identities. +

+

The Self-Identity or Self-concept of a party + is the partial identity of which it is both the subject and the owner. +

+

version 2, commit 505fa2d, created 2021-06-23, last modified 2021-11-22, contributors Rieks - + RieksJ

+
+ +
J +
+ + jurisdiction + + #toip
+
+

A Jurisdiction is the composition of a (non-empty) set of objectives, + one scope, one legal + system and one party + (called the Governor of the Jurisdiction) that operates the legal system + within that scope. While most people are familiar with what we call legal + jurisdictions, please observe that organizations + habitually will have rules (business policies) in place, enforce them (to some extent), and have ways of + resolving conflicts, and therefore qualify as a jurisdiction. Specifically, multi-national organizations are + known to govern multiple jurisdictions, aliging the scopes with the scopes of other (often legal) + jurisdictions for the purpose of preventing situations in which conflicting rules apply, which would lead to + many effort-intensive conflict-resolution cases.

+

The Jurisdictions pattern provides an overview of how this concept fits + in with related concepts.

+

version 2, commit 7a47eef, created 2021-06-23, last modified 2021-11-22, contributors Rieks - + RieksJ

+
+ +
K +
+ + knowledge + + #toip
+
+

Knowledge is the (intangible) sum of what is known, the familiarity, awareness or + understanding of someone or something (WikiPedia). It + includes facts (propositional knowledge), + skills (procedural knowledge), or objects (acquaintance knowledge). Knowledge can be + acquired in many different ways and from many different sources, including but not limited to experience, + reason, memory, testimony, scientific inquiry, education, and practice.

+

We limit the scope of a Knowledge to a party + so as to allow for the existence of multiple such Knowledges, where each of them is internally consistent, yet + may be inconsistent with other Knowledges.

+

version 2, commit b2799fc, created 2021-06-23, last modified 2021-11-22, contributors Rieks - + RieksJ

+
+ +
L +
+
+

A Legal Entity is an entity that is known by and recognized to exist + in a jurisdiction. + For legal jurisdictions, this usually means that the entity is registered. + Legal jurisdictions usually have a registration for its citizens, foreigners, enterprises, fellonies, etc. + Non-legal jurisdictions (e.g. a soccer club) register their members, donators, staff, properties, etc., either + on the record, or off the record.

+

The Jurisdictions pattern provides an overview of how this concept fits + in with related concepts.

+

version 2, commit 3191797, created 2021-06-23, last modified 2021-11-22, contributors Rieks - + RieksJ

+
+ + +
+

A Legal System is a system in which rules are defined (legislature) and a mechanism for their enforcement is + implicitly or explicitly defined (executive), as well as a mechanism for + conflict resolution (judiciary). A legal system is + designed and governed by a single party. + A legal system can be operationalized by assigning it a scope within which enforcement and conflict resolution + are implemented. The associated operational tasks may be mandated or delegated to other parties. + Depending on the individual legal system, 'rules' may be called 'laws', 'regulations', 'directives', + 'policies', 'working instructions', etc. Other terms exist for specializations of these terms, e.g. 'order', + 'mandate', and others.

+

The Jurisdictions pattern provides an overview of how this concept fits + in with related concepts.

+

version 2, commit 227ee73, created 2021-06-23, last modified 2021-11-22, contributors Rieks - + RieksJ

+
+ +
O +
+ + objective + + #toip
+
+

Objectives drive parties + as they make their goals explicit, the primary one of which is also referred to as the + mission of that party. + A party's + objectives are part of its knowledge. + When made available to agents of that party, + these agents can do the work that is needed to reach these goals (realize the party's + objectives). +

+

version 2, commit f7bec33, created 2021-06-23, last modified 2021-11-22, contributors Rieks - + RieksJ

+
+ +
+ + organization + + #toip
+
+

An Organization is a party + that is associated with a group of actors that work to realize its objectives. + Enterprises and governments are the prototypical examples. However, parts of enterprises (e.g. divisions, + departments, business units) should also be considered organizations. This also holds for governments and + governmental bodies.

+

version 2, commit 0a6b027, created 2021-06-23, last modified 2021-11-22, contributors Rieks - + RieksJ

+
+ +
+ + owner + + #toip
+
+

An Owner is a role that a party + performs when it is exercizing its legal, rightful or natural title to control some entity.

+

We interpret 'legal' and 'rightful' as terms that apply to any jurisdiction + (that is: not just legal/national jurisdictions, but also those of other organizations + (parties). +

+

We take 'natural' as a title that is provided by nature, as in 'the owner of an assertion'.

+

For futher details, see ownership. +

+

version 2, commit 4495d08, created 2021-06-23, last modified 2021-11-22, contributors Rieks - + RieksJ

+
+ +
+ + ownership + + #ctwg#essiflab#essiflab-framework#toip
+
+

Ownership is a relationship between two entities in which one of these + entities (called the owner) + is entitled to enjoy, dispose of, and control the other entity in an pretty much + absolute (sovereign) fashion. Any ownership relationship is grounded in ((the rules of) the legal + system of) a specific jurisdiction, + that maintains and enforces these rules, and that has means to resolve any disputes arising from that. To do + this, both entities must be legal + entities in that jurisdiction. +

+

We may use the phrase natural + ownership to refer to an ownership relation that exists in the jurisdiction + 'Nature' (see the notes of jurisdiction). + This enables us to talk about things as 'the (natural) ownership of an assertion'. +

+

version 1, commit fcefb2b, created 2021-06-23, contributors RieksJ

+
+ +
P +
+ + party + + #toip
+
+

A party is an entity that sets its objectives, + maintains its knowledge, + and uses that knowledge + to pursue its objectives + in an autonomous (sovereign) manner. One might say that they have a mind of their own. Typical examples are + individual people and organizations. + Their minds (subjective knowledge) are what distinguishes one party + from another, so every party + is 1-1 related to its knowledge (mind).

+

Specifically, every party autonomously manages its

+
    +
  • knowledge + (information). It means that every party + gets to decide for itself what it believes to be true, what to trust (and what not), what objectives it + wants to pursue, how much risks it wants to run, what are valid ways of reasoning (not necessarily logical), + how to reach conclusions and make decisions. The knowledge of a party changes continuously as information is + added, modified, or deleted - no reasons needed.
    • +
  • semantics, + i.e. the mapping between parts of its knowledge and the data he uses to represent such + parts, as well as the mapping between data that it receives and the meaning he + interprets such data to be associated with.
    • +
  • data, i.e. the tangible representation of a subset of its intangible knowledge + that it uses to communicate with others, to remember (store), or process.
    • +
+

It is important to note that:

+ +

version 2, commit 3ffda3e, created 2021-06-23, last modified 2021-11-22, contributors Rieks - + RieksJ

+
+ +
+ + policy + + #toip
+
+

A policy is a (set of) rules, working instructions and/or other guidance for the execution + of one or more kinds of actions. that agents (a) have access to, (b) can interpret as + intended by their principal (i.e. policy owner) and (c) must use when executing such actions.

+

An agent must have access to the policy that its principal has + established for the kind of action(s) that the agent is executing for its principal. This requires that the + policy be readable by the agent, and that the agent is capable of interpreting it as intended by its + principal.

+

It should be part of the principal's governance processes

+
    +
  • to establish, maintain and evaluate policies for every kind of action that its agents may execute,
    • +
  • to derive artifacts from such policies that are useable by the various agents + (digital, human, or otherwise) that have a right or duty to execute actions for the principal to which such policies apply. So, machine-readable policies should be + derived for digital agents, and human-readable policies (in different languages + if that is appropriate) for non-digital agents.
    • +
  • to publish such artifacts such that at least every of its agents that may need to + access them, can find and access them as needed.
    • +
  • to inform its agents whenever updates have been made that they need to be aware of + (specifically if agents are allowed to keep local copies of such artifacts).
    • +
+

The Parties, Actors and Actions pattern provides an overview of how + this concept fits in with related concepts.

+

version 2, commit f07826c, created 2021-06-23, last modified 2021-11-22, contributors Rieks - + RieksJ

+
+ +
+ + public utility + + #toip
+
+

A publicly readable and verifiable data storage network for Decentralized Identifiers (DIDs) (e.g. using + blockchain, distributed ledger technology (DLT) or Decentralized File System.) At Layer 1 of the Trust over IP + technology stack.

+

version 3, commit 23d5baa, created 2022-02-24, last modified 2022-02-24, contributors Nicky + Hickman

+
+ +
R +
+ + risk + + #toip
+
+

A Risk is the effects that uncertainty can have on the intended realization of an objective + of a party + (which we call the risk + owner). Uncertainty is a lack of information, understanding or knowledge + of events, their consequences or likelihoods, and this may affect the results that a party expects and intends + to realize so as to fulfull its objectives.

+

While traditionally these effects are assumed to be negative (i.e. damaging, harmful) to this party, they may + also be positive. For example, if you buy a ticket in a lottery, you (should) expect to lose money (the prize + of the ticket). However, there is this uncertainty, this lack of information, the effect of it would be that + this intended/expected result is deviated from, and you actually win a prize. If this risk is unacceptable + (e.g. if you do not know how to manage large amounts of money), then that would call the risk to be managed. +

+

Risk is about the possible effects that uncertainty may have on the intended/expected realization of + an objective + of some party. + In this sense, at least in theory, this means that 'risk' is an objective notion because different parties may + have the same ideas about what such effects on a given objective + could be. However, since an objective + is owned by precisely one parties, + and therefore only that party actually knows the actual meaning of that objective, in practice there is little + point in drafting lists of such possible effects to make risk assessments easier.

+

An acceptable risk is a set of such effects that the risk owner has + decided that it can, and is willing to deal with as they materialize. They need no further attention. Other + risks would need attention and should be managed. + Often, risks are assigned a risk level to help risk owners prioritize the risks, + allowing them to manage the most important ones before the less important ones.

+

The owner + of a risk that is associated with an objective + must be the party + that owns + that objective, + and vice versa, because ownership + implies the authority to realize the + objective, + which in turn implies the authority to manage the associated risks. Of course, as owners + are parties, + a risk owner may mandate actors to execute the actions that are necessary to manage a risk, but that does not + relieve the party from its ownership (and facing possibly associated consequences). In fact, the objective of + mandating risk management activities may come with risks which are often overlooked. +

+

version 2, commit 7b8c477, created 2021-06-23, last modified 2021-11-22, contributors Rieks - + RieksJ

+
+ +
+ + risk management + + #toip
+
+

Risk management is a process that is run by (or on behalf of) a specific party + for the purpose of managing the risks + that it owns. + We distinguish between various kinds of risk-management:

+
    +
  • centralized risk-management, which is a kind of risk management that assumes that the party + that runs it has the power or right to give orders, make decisions that other parties must follow, and + enforce obedience, which can be applied to mitigate its risks. This kind of risk-management ignores the + natural autonomy of other parties. +
    • +
  • decentralized or networked risk-management, which is a kind of risk management that + assumes that the party + that runs it acknowledges the autonomy of other parties + to make their own (risk-related) decisions, and therefore starts and maintains relations with such parties + that help them both to manage their individual, subjective risks.
    • +
+

version 2, commit 6cb5c0b, created 2021-06-23, last modified 2021-11-22, contributors Rieks - + RieksJ

+
+ +
S +
+ + self sovereign identity + + #toip
+
+

Self-Sovereign Identity (SSI) is a term that has many different interpretations, and that we use to refer to + concepts/ideas, architectures, processes and technologies that aim to support + (autonomous) parties + as they negotiate and execute electronic transactions with one another. +

+

The dialogue about what Self-Sovereign Identity (SSI) really is — started in the blog "The Path to + Self-Sovereign Identity" by Christopher Allen in 2016 — has not resulted in a consensus today. + While some see the ten principles of SSI that Allen proposed as the definition of SSI, he formulated them as + "a departure point to provoke a discussion about what's truly important". And it is obvious that + what is important differs per party. +

+

The perspective that the eSSIF-Lab framework takes is that of supporting (autonomous) parties + as they negotiate and execute electronic (business) transactions with one another. + So anything that helps - e.g. concepts/ideas, architectures, processes and technologies, will be covered by + that term.

+

version 1, commit 5bd8a45, created 2022-08-15, contributors Daniel Hardman

+
+ +
+ + self sovereignty + + #toip
+
+

Self-Sovereignty is the characteristic of every party + that it is autonomous in managing and operating its own + knowledge, + particularly in making decisions and deciding how to decide. +

+

version 3, commit ff6aa0d, created 2021-06-23, last modified 2021-11-22, contributors Rieks - + RieksJ

+
+ +
+ + semantics + + #toip
+
+

We use the term semantics to refer to the mapping between (tangible) terms and (intangible) concepts (their meaning, the ideas behind + it). Semantics are scoped, i.e. every scope has its own semantic mapping. This implies + that every party + has - and maintains - its own (subjective) semantics, which is its subjective mapping of a set of terms onto + the concepts/ideas in its knowledge. + The (erroneous) assumption that parties + would (automagically) share a semantics is the cause of many misunderstandings, and hence should be identified + and deleted as soon as possible.

+

version 2, commit a6d0b68, created 2021-06-23, last modified 2021-11-22, contributors Rieks - + RieksJ

+
+ +
+ + SSI + + #toip
+
+

self-sovereign + identity

+

version 1, commit 589bc34, created 2022-08-15, contributors Daniel Hardman

+
+ +
+ + ssi assurance community + + #toip
+
+

An SSI Assurance Community is a community + that supports its members as they seek to increase their confidence in the SSI + infrastructure and/or (specific) qualifications of the data exchanged + through that infrastructure." The nature of a community being that its members share some common ground + ensures that this objective may be realized by exploing that existing common ground.

+

Here are some functions that an assurance community may contemplate of performing:

+
    +
  • act as a governing party for a set of credential + types.
    • +
  • run a credential catalogue in which its members (and perhaps others) + can advertise the credential types they issue and specify the assurances and + other data that parties + may need in order to decide whether or not to take that member up on that offering.
    • +
  • run a yellow pages service which parties + can use to find out which members (or other parties) issue credentials of a certain type.
    • +
  • govern and document accreditation schemes, including schemes for accrediting parties that may certify + others against such schemes.
    • +
  • act as a governing party for decision trees (to be elaborated on) +
    • +
  • act as a KeySmith (also to be elaborated on)
    • +
+

The initial ideas for SSI Assurance Communities can be read in the paper "Decentralized + SSI Governance, the missing link in automating business decisions".

+

version 2, commit 73dd37d, created 2021-07-23, last modified 2021-11-22, contributors Rieks - + RieksJ

+
+ +
+ + ssi infrastructure + + #toip
+
+

The SSI Infrastructure consists of the technological components that are (envisaged to be) + deployed all over the world for the purpose of providing, requesting and obtaining qualified data for the purpose of negotiating and/or executing electronic transactions.

+

Like any other (hard) Infrastructure, such + components are (to be) designed to be interoperable, both

+
    +
  • 'horizontally', i.e. with other infrastructural components, and
    • +
  • 'vertically', i.e. that it is very easy for other software applications to use them.
    • +
+

It is foreseen that SSI components in this infrastructure are designed and created in a generic way, and + hence need to be customizable, so that an individual compnent can work according to the (needs and + preferences|policy)-of-the parties + for which it is an agent.

+

This implies that the SSI Infrastructure (a 'hard' infratstructure) needs to be complemented with a + complementary 'soft infrastructure', e.g. as can be provided with assurance + communities.

+

version 2, commit 9338e86, created 2021-06-23, last modified 2021-11-22, contributors Rieks - + RieksJ

+
+ +
T +
+ + ToIP stack + + #toip
+
+

The two-sided, four-layer architecture for decentralized digital trust infrastructure defined by the ToIP Foundation.

+

version 1, commit 390dd68, created 2022-07-07, contributors Drummond Reed

+
+ +
+ + trust framework + + #gswg#toip
+
+

A specialized type of governance framework that specifies the + [requirements] for a [digital identity] system.

+

version 1, commit 9dfb9b0, created 2021-11-21, contributors Drummond Reed

+
+ +
+ + trust registry + + #toip
+
+

A repository which contains a machine-readable listing of approved governed parties + deemed compliant by a governing authority over + its attributable criteria of its governance framework.

+

version 2, commit 7c66632, created 2021-11-20, last modified 2021-11-20, contributors + ScottPerryCPA

+
+ +
V +
+ + VC + + #toip
+
+

Verifiable + Credential

+

version 1, commit c5ec39b, created 2022-08-29, contributors Henk van Cann

+
+ +
+ + verifiable credential + + #toip#w3cvc
+
+

A tamper-evident credential whose + authorship by an issuer can be + cryptographically verified. Verifiable credentials can be used to build verifiable presentations, which can also be cryptographically verified. + The claims in a credential can be about different subjects.

+

version 2, commit 3a3d527, created 2022-01-23, last modified 2022-01-23, contributors Drummond + Reed

+
+
+ +
+ \ No newline at end of file From a8c7287cc53713bc415488c60da09156d631f4c1 Mon Sep 17 00:00:00 2001 From: kor Date: Mon, 26 Aug 2024 16:38:37 +0200 Subject: [PATCH 2/5] Back to original version (including formatting) --- glossary.html | 1625 ++++++++++++++----------------------------------- 1 file changed, 463 insertions(+), 1162 deletions(-) diff --git a/glossary.html b/glossary.html index 78e3991..5b58218 100644 --- a/glossary.html +++ b/glossary.html @@ -1,1174 +1,475 @@ - Glossary - General Trust Over IP Terms - - - - - - - - - - - - -
Glossary - General Trust Over IP Terms
- - -
-
- ! - - This glossary is archived. Go to the new - glossary. - -
- -
-
A -
- - actor - - #toip
-
-

actor in the - #essiflab glossary here. -

-

version 4, commit 6716f25, created 2021-06-23, last modified 2022-01-23, contributors Drummond - Reed - Rieks - RieksJ

-
- -
- - administering authority - - #toip
-
-

The party tasked with - operating the management of a particular governance framework. The - administering authority may or may not be the governing authority. For - example, a government may be the governing authority for a governance framework administered by an NGO as the - administering authority.

-

version 1, commit e90f97f, created 2021-11-20, contributors ScottPerryCPA

-
- -
- - agent - - #toip
-
-

agent in the - #essiflab glossary here. -

-

version 4, commit 9ded51f, created 2021-06-23, last modified 2022-01-23, contributors Drummond - Reed - Rieks - RieksJ

-
- -
- - audit accreditor - - #gswg#toip
-
-

The party - which evaluates an applicant auditor - for their competence, independence and quality control measures and approves them to make [attestations] about - governed parties - under the authority of a governance framework. -

-

version 2, commit b5df919, created 2021-11-20, last modified 2021-11-21, contributors Drummond - Reed - ScottPerryCPA

-
- -
- - auditor - - #toip
-
-

The party which acts as an - independent professional trained in evaluating technology-based evidence provided from governed parties - asserting that they are in compliance with audit criteria set forth by audit - Accreditors. An auditor issues a report attesting its opinion over a governed party's compliance - assertion which enables a governing party to issue compliance credentials to the governed party and may place - it on a credential - registry and add their entry to the trust - registry.

-

version 4, commit 1b71b67, created 2021-11-20, last modified 2022-08-29, contributors Henk van - Cann - ScottPerryCPA

-
- -
- - authority - - #toip
-
-

An Authority is a party - of which certain decisions, ideas, rules etc. are followed by other parties. - We distinguish between two kinds of authority:

-
    -
  • centralized authority, also known as the power or right to give orders, make decisions that other parties - must follow, and enforce obedience. This kind of authority ignores the natural autonomy of other parties. -
    • -
  • decentralized authority, also known as the power or right that is freely endowed by other parties - to the authority, to make decisions, phrase ideas, set rules etc, which these parties will adopt and follow - because they think it is in their own interest to do so.
    • -
-

version 2, commit 4b05e92, created 2021-06-23, last modified 2021-11-22, contributors Rieks - - RieksJ

-
- -
C -
- - community - - #toip
-
-

A Community is an organization - that seeks to facilitate the cooperation between at least two parties - (referred to as its 'members') based on interests that these parties - share as each of them seeks to realize its own, individual objectives. -

-

A community is a specialization of the more generic ecosystem - in the sense that it is an organization - (which an ecosystem need not be) that (actively) facilitates the cooperation between its members, whereas in - non-community ecosystems, this cooperation is not actively organized.

-

version 2, commit 475a32f, created 2021-06-23, last modified 2021-11-22, contributors Rieks - - RieksJ

-
- -
- - credential registry - - #gswg#toip
-
-

An accessible repository of verifiable credentials issued by a party and made available to be verified in - accordance with a governance framework.

-

version 1, commit 11316ac, created 2021-11-20, contributors ScottPerryCPA

-
- -
D -
- - did chain - - #toip
-
-

A set of DIDs linked in a hierarchical model where each DID (except the root) digitally signs the next DID in - the chain. DID chains can be verified for cryptographic trust by “walking the chain” back to the root of - trust. See also trust registry. Contrast with X.509 certificate chain.

-

version 1, commit fcefb2b, created 2021-06-23, contributors RieksJ

-
- -
- - digital trust ecosystem - - #toip
-
-

An ecosystem of governed parties - that interoperate to achieve a set of trust objectives online. Layer 4 of the - ToIP - stack is designed to support digital trust ecosystems. -

-

version 1, commit a11d47c, created 2022-01-23, contributors Drummond Reed

-
- -
E -
- - ecosystem - - #toip
-
-

A Ecosystem is a set of at least two (autonomous) parties - (the members of the ecosystem) whose individual work complements that of other members, and is of benefit to - the set as a whole.

-

An ecosystem is distinct from a community - in the sense that it is not (necessarily) an organization - that (actively) facilitates the cooperation between its members. A community - is considered a specialization of the more generic 'ecosystem' concept.

-

version 2, commit 54b130f, created 2021-06-23, last modified 2021-11-22, contributors Rieks - - RieksJ

-
- -
- - entity - - #toip
-
-

entity in the - #essiflab glossary here. -

-

version 5, commit 314d521, created 2021-06-23, last modified 2022-01-23, contributors Drummond - Reed - Rieks - Daniel Hardman - RieksJ

-
- -
G -
- - governance - - #toip
-
-

governance in the - #essiflab glossary here. -

-

version 3, commit 44a46cc, created 2021-06-23, last modified 2022-01-23, contributors Drummond - Reed - Rieks - RieksJ

-
- -
- - governance framework - - #toip
-
-

governance framework in - the #gswg glossary here.

-

version 6, commit 39af4c5, created 2021-11-16, last modified 2022-01-23, contributors Drummond - Reed - Daniel Hardman

-
- -
- - governed party - - #gswg#toip
-
-

A party - whose actors perform in a [role] defined by a governance - framework.

-

version 3, commit a55a75b, created 2021-11-20, last modified 2022-01-23, contributors Drummond - Reed - ScottPerryCPA

-
- -
- - governing authority - - #toip
-
-

The party responsible for - governing a particular governance framework. The governing authority may - or may not be the administering - authority. For example, a government may be the governing authority for a governance framework - administered by an NGO as the administering authority.

-

version 1, commit c843189, created 2021-11-16, contributors Drummond Reed

-
- -
- - governing party - - #toip
-
-

An organization that is part - of the governing authority - of a trust community.

-

version 2, commit ffeed70, created 2022-01-16, last modified 2022-01-16, contributors Nicky - Hickman

-
- -
I -
- - identifier - - #toip
-
-

An Identifier is a character string that is being used for identification purposes (by a - specific party).[^1] - This includes names and labels, as they are (obviously) used for such purposes.

-

Note that while an identifier is used for identification purposes, this does not automatically imply that - it actually identifies (singles out) anything. It also depends on what RFC 3986 calls the 'scope of identification', or what Pfitzmann and Hansen (2010) - refer to as an 'identifiability set', which are relevant for explaining whether or not (and if so: what) an - identifier actually identifies (singles out) in a given context. See the Discussion below.

-

version 2, commit 43f62ce, created 2021-06-23, last modified 2021-11-22, contributors Rieks - - RieksJ

-
- -
- - identity - - #toip
-
-

Identity is a term that is heavily debated. For our purposes, it is useful to see the - identity of a person as the union of all characteristics, judgements and other knowledge - that parties - have about that person. Generalizing this idea, we say that the identity of any entity - consists of the combined knowledge - (that is: of all parties - that know) about this entity.

-

Inspired by Pfitzmann and Hansen - (2010), we define a partial identity (of an entity) as all the knowledge - that a single, specific party - has about that entity (= the 'subject' of the partial identity). The identity - of an entity is then the union/collection of all of its partial identities. -

-

The Self-Identity or Self-concept of a party - is the partial identity of which it is both the subject and the owner. -

-

version 2, commit 505fa2d, created 2021-06-23, last modified 2021-11-22, contributors Rieks - - RieksJ

-
- -
J -
- - jurisdiction - - #toip
-
-

A Jurisdiction is the composition of a (non-empty) set of objectives, - one scope, one legal - system and one party - (called the Governor of the Jurisdiction) that operates the legal system - within that scope. While most people are familiar with what we call legal - jurisdictions, please observe that organizations - habitually will have rules (business policies) in place, enforce them (to some extent), and have ways of - resolving conflicts, and therefore qualify as a jurisdiction. Specifically, multi-national organizations are - known to govern multiple jurisdictions, aliging the scopes with the scopes of other (often legal) - jurisdictions for the purpose of preventing situations in which conflicting rules apply, which would lead to - many effort-intensive conflict-resolution cases.

-

The Jurisdictions pattern provides an overview of how this concept fits - in with related concepts.

-

version 2, commit 7a47eef, created 2021-06-23, last modified 2021-11-22, contributors Rieks - - RieksJ

-
- -
K -
- - knowledge - - #toip
-
-

Knowledge is the (intangible) sum of what is known, the familiarity, awareness or - understanding of someone or something (WikiPedia). It - includes facts (propositional knowledge), - skills (procedural knowledge), or objects (acquaintance knowledge). Knowledge can be - acquired in many different ways and from many different sources, including but not limited to experience, - reason, memory, testimony, scientific inquiry, education, and practice.

-

We limit the scope of a Knowledge to a party - so as to allow for the existence of multiple such Knowledges, where each of them is internally consistent, yet - may be inconsistent with other Knowledges.

-

version 2, commit b2799fc, created 2021-06-23, last modified 2021-11-22, contributors Rieks - - RieksJ

-
- -
L -
-
-

A Legal Entity is an entity that is known by and recognized to exist - in a jurisdiction. - For legal jurisdictions, this usually means that the entity is registered. - Legal jurisdictions usually have a registration for its citizens, foreigners, enterprises, fellonies, etc. - Non-legal jurisdictions (e.g. a soccer club) register their members, donators, staff, properties, etc., either - on the record, or off the record.

-

The Jurisdictions pattern provides an overview of how this concept fits - in with related concepts.

-

version 2, commit 3191797, created 2021-06-23, last modified 2021-11-22, contributors Rieks - - RieksJ

-
- - -
-

A Legal System is a system in which rules are defined (legislature) and a mechanism for their enforcement is - implicitly or explicitly defined (executive), as well as a mechanism for - conflict resolution (judiciary). A legal system is - designed and governed by a single party. - A legal system can be operationalized by assigning it a scope within which enforcement and conflict resolution - are implemented. The associated operational tasks may be mandated or delegated to other parties. - Depending on the individual legal system, 'rules' may be called 'laws', 'regulations', 'directives', - 'policies', 'working instructions', etc. Other terms exist for specializations of these terms, e.g. 'order', - 'mandate', and others.

-

The Jurisdictions pattern provides an overview of how this concept fits - in with related concepts.

-

version 2, commit 227ee73, created 2021-06-23, last modified 2021-11-22, contributors Rieks - - RieksJ

-
- -
O -
- - objective - - #toip
-
-

Objectives drive parties - as they make their goals explicit, the primary one of which is also referred to as the - mission of that party. - A party's - objectives are part of its knowledge. - When made available to agents of that party, - these agents can do the work that is needed to reach these goals (realize the party's - objectives). -

-

version 2, commit f7bec33, created 2021-06-23, last modified 2021-11-22, contributors Rieks - - RieksJ

-
- -
- - organization - - #toip
-
-

An Organization is a party - that is associated with a group of actors that work to realize its objectives. - Enterprises and governments are the prototypical examples. However, parts of enterprises (e.g. divisions, - departments, business units) should also be considered organizations. This also holds for governments and - governmental bodies.

-

version 2, commit 0a6b027, created 2021-06-23, last modified 2021-11-22, contributors Rieks - - RieksJ

-
- -
- - owner - - #toip
-
-

An Owner is a role that a party - performs when it is exercizing its legal, rightful or natural title to control some entity.

-

We interpret 'legal' and 'rightful' as terms that apply to any jurisdiction - (that is: not just legal/national jurisdictions, but also those of other organizations - (parties). -

-

We take 'natural' as a title that is provided by nature, as in 'the owner of an assertion'.

-

For futher details, see ownership. -

-

version 2, commit 4495d08, created 2021-06-23, last modified 2021-11-22, contributors Rieks - - RieksJ

-
- -
- - ownership - - #ctwg#essiflab#essiflab-framework#toip
-
-

Ownership is a relationship between two entities in which one of these - entities (called the owner) - is entitled to enjoy, dispose of, and control the other entity in an pretty much - absolute (sovereign) fashion. Any ownership relationship is grounded in ((the rules of) the legal - system of) a specific jurisdiction, - that maintains and enforces these rules, and that has means to resolve any disputes arising from that. To do - this, both entities must be legal - entities in that jurisdiction. -

-

We may use the phrase natural - ownership to refer to an ownership relation that exists in the jurisdiction - 'Nature' (see the notes of jurisdiction). - This enables us to talk about things as 'the (natural) ownership of an assertion'. -

-

version 1, commit fcefb2b, created 2021-06-23, contributors RieksJ

-
- -
P -
- - party - - #toip
-
-

A party is an entity that sets its objectives, - maintains its knowledge, - and uses that knowledge - to pursue its objectives - in an autonomous (sovereign) manner. One might say that they have a mind of their own. Typical examples are - individual people and organizations. - Their minds (subjective knowledge) are what distinguishes one party - from another, so every party - is 1-1 related to its knowledge (mind).

-

Specifically, every party autonomously manages its

-
    -
  • knowledge - (information). It means that every party - gets to decide for itself what it believes to be true, what to trust (and what not), what objectives it - wants to pursue, how much risks it wants to run, what are valid ways of reasoning (not necessarily logical), - how to reach conclusions and make decisions. The knowledge of a party changes continuously as information is - added, modified, or deleted - no reasons needed.
    • -
  • semantics, - i.e. the mapping between parts of its knowledge and the data he uses to represent such - parts, as well as the mapping between data that it receives and the meaning he - interprets such data to be associated with.
    • -
  • data, i.e. the tangible representation of a subset of its intangible knowledge - that it uses to communicate with others, to remember (store), or process.
    • -
-

It is important to note that:

- -

version 2, commit 3ffda3e, created 2021-06-23, last modified 2021-11-22, contributors Rieks - - RieksJ

-
- -
- - policy - - #toip
-
-

A policy is a (set of) rules, working instructions and/or other guidance for the execution - of one or more kinds of actions. that agents (a) have access to, (b) can interpret as - intended by their principal (i.e. policy owner) and (c) must use when executing such actions.

-

An agent must have access to the policy that its principal has - established for the kind of action(s) that the agent is executing for its principal. This requires that the - policy be readable by the agent, and that the agent is capable of interpreting it as intended by its - principal.

-

It should be part of the principal's governance processes

-
    -
  • to establish, maintain and evaluate policies for every kind of action that its agents may execute,
    • -
  • to derive artifacts from such policies that are useable by the various agents - (digital, human, or otherwise) that have a right or duty to execute actions for the principal to which such policies apply. So, machine-readable policies should be - derived for digital agents, and human-readable policies (in different languages - if that is appropriate) for non-digital agents.
    • -
  • to publish such artifacts such that at least every of its agents that may need to - access them, can find and access them as needed.
    • -
  • to inform its agents whenever updates have been made that they need to be aware of - (specifically if agents are allowed to keep local copies of such artifacts).
    • -
-

The Parties, Actors and Actions pattern provides an overview of how - this concept fits in with related concepts.

-

version 2, commit f07826c, created 2021-06-23, last modified 2021-11-22, contributors Rieks - - RieksJ

-
- -
- - public utility - - #toip
-
-

A publicly readable and verifiable data storage network for Decentralized Identifiers (DIDs) (e.g. using - blockchain, distributed ledger technology (DLT) or Decentralized File System.) At Layer 1 of the Trust over IP - technology stack.

-

version 3, commit 23d5baa, created 2022-02-24, last modified 2022-02-24, contributors Nicky - Hickman

-
- -
R -
- - risk - - #toip
-
-

A Risk is the effects that uncertainty can have on the intended realization of an objective - of a party - (which we call the risk - owner). Uncertainty is a lack of information, understanding or knowledge - of events, their consequences or likelihoods, and this may affect the results that a party expects and intends - to realize so as to fulfull its objectives.

-

While traditionally these effects are assumed to be negative (i.e. damaging, harmful) to this party, they may - also be positive. For example, if you buy a ticket in a lottery, you (should) expect to lose money (the prize - of the ticket). However, there is this uncertainty, this lack of information, the effect of it would be that - this intended/expected result is deviated from, and you actually win a prize. If this risk is unacceptable - (e.g. if you do not know how to manage large amounts of money), then that would call the risk to be managed. -

-

Risk is about the possible effects that uncertainty may have on the intended/expected realization of - an objective - of some party. - In this sense, at least in theory, this means that 'risk' is an objective notion because different parties may - have the same ideas about what such effects on a given objective - could be. However, since an objective - is owned by precisely one parties, - and therefore only that party actually knows the actual meaning of that objective, in practice there is little - point in drafting lists of such possible effects to make risk assessments easier.

-

An acceptable risk is a set of such effects that the risk owner has - decided that it can, and is willing to deal with as they materialize. They need no further attention. Other - risks would need attention and should be managed. - Often, risks are assigned a risk level to help risk owners prioritize the risks, - allowing them to manage the most important ones before the less important ones.

-

The owner - of a risk that is associated with an objective - must be the party - that owns - that objective, - and vice versa, because ownership - implies the authority to realize the - objective, - which in turn implies the authority to manage the associated risks. Of course, as owners - are parties, - a risk owner may mandate actors to execute the actions that are necessary to manage a risk, but that does not - relieve the party from its ownership (and facing possibly associated consequences). In fact, the objective of - mandating risk management activities may come with risks which are often overlooked. -

-

version 2, commit 7b8c477, created 2021-06-23, last modified 2021-11-22, contributors Rieks - - RieksJ

-
- -
- - risk management - - #toip
-
-

Risk management is a process that is run by (or on behalf of) a specific party - for the purpose of managing the risks - that it owns. - We distinguish between various kinds of risk-management:

-
    -
  • centralized risk-management, which is a kind of risk management that assumes that the party - that runs it has the power or right to give orders, make decisions that other parties must follow, and - enforce obedience, which can be applied to mitigate its risks. This kind of risk-management ignores the - natural autonomy of other parties. -
    • -
  • decentralized or networked risk-management, which is a kind of risk management that - assumes that the party - that runs it acknowledges the autonomy of other parties - to make their own (risk-related) decisions, and therefore starts and maintains relations with such parties - that help them both to manage their individual, subjective risks.
    • -
-

version 2, commit 6cb5c0b, created 2021-06-23, last modified 2021-11-22, contributors Rieks - - RieksJ

-
- -
S -
- - self sovereign identity - - #toip
-
-

Self-Sovereign Identity (SSI) is a term that has many different interpretations, and that we use to refer to - concepts/ideas, architectures, processes and technologies that aim to support - (autonomous) parties - as they negotiate and execute electronic transactions with one another. -

-

The dialogue about what Self-Sovereign Identity (SSI) really is — started in the blog "The Path to - Self-Sovereign Identity" by Christopher Allen in 2016 — has not resulted in a consensus today. - While some see the ten principles of SSI that Allen proposed as the definition of SSI, he formulated them as - "a departure point to provoke a discussion about what's truly important". And it is obvious that - what is important differs per party. -

-

The perspective that the eSSIF-Lab framework takes is that of supporting (autonomous) parties - as they negotiate and execute electronic (business) transactions with one another. - So anything that helps - e.g. concepts/ideas, architectures, processes and technologies, will be covered by - that term.

-

version 1, commit 5bd8a45, created 2022-08-15, contributors Daniel Hardman

-
- -
- - self sovereignty - - #toip
-
-

Self-Sovereignty is the characteristic of every party - that it is autonomous in managing and operating its own - knowledge, - particularly in making decisions and deciding how to decide. -

-

version 3, commit ff6aa0d, created 2021-06-23, last modified 2021-11-22, contributors Rieks - - RieksJ

-
- -
- - semantics - - #toip
-
-

We use the term semantics to refer to the mapping between (tangible) terms and (intangible) concepts (their meaning, the ideas behind - it). Semantics are scoped, i.e. every scope has its own semantic mapping. This implies - that every party - has - and maintains - its own (subjective) semantics, which is its subjective mapping of a set of terms onto - the concepts/ideas in its knowledge. - The (erroneous) assumption that parties - would (automagically) share a semantics is the cause of many misunderstandings, and hence should be identified - and deleted as soon as possible.

-

version 2, commit a6d0b68, created 2021-06-23, last modified 2021-11-22, contributors Rieks - - RieksJ

-
- -
- - SSI - - #toip
-
-

self-sovereign - identity

-

version 1, commit 589bc34, created 2022-08-15, contributors Daniel Hardman

-
- -
- - ssi assurance community - - #toip
-
-

An SSI Assurance Community is a community - that supports its members as they seek to increase their confidence in the SSI - infrastructure and/or (specific) qualifications of the data exchanged - through that infrastructure." The nature of a community being that its members share some common ground - ensures that this objective may be realized by exploing that existing common ground.

-

Here are some functions that an assurance community may contemplate of performing:

-
    -
  • act as a governing party for a set of credential - types.
    • -
  • run a credential catalogue in which its members (and perhaps others) - can advertise the credential types they issue and specify the assurances and - other data that parties - may need in order to decide whether or not to take that member up on that offering.
    • -
  • run a yellow pages service which parties - can use to find out which members (or other parties) issue credentials of a certain type.
    • -
  • govern and document accreditation schemes, including schemes for accrediting parties that may certify - others against such schemes.
    • -
  • act as a governing party for decision trees (to be elaborated on) -
    • -
  • act as a KeySmith (also to be elaborated on)
    • -
-

The initial ideas for SSI Assurance Communities can be read in the paper "Decentralized - SSI Governance, the missing link in automating business decisions".

-

version 2, commit 73dd37d, created 2021-07-23, last modified 2021-11-22, contributors Rieks - - RieksJ

-
- -
- - ssi infrastructure - - #toip
-
-

The SSI Infrastructure consists of the technological components that are (envisaged to be) - deployed all over the world for the purpose of providing, requesting and obtaining qualified data for the purpose of negotiating and/or executing electronic transactions.

-

Like any other (hard) Infrastructure, such - components are (to be) designed to be interoperable, both

-
    -
  • 'horizontally', i.e. with other infrastructural components, and
    • -
  • 'vertically', i.e. that it is very easy for other software applications to use them.
    • -
-

It is foreseen that SSI components in this infrastructure are designed and created in a generic way, and - hence need to be customizable, so that an individual compnent can work according to the (needs and - preferences|policy)-of-the parties - for which it is an agent.

-

This implies that the SSI Infrastructure (a 'hard' infratstructure) needs to be complemented with a - complementary 'soft infrastructure', e.g. as can be provided with assurance - communities.

-

version 2, commit 9338e86, created 2021-06-23, last modified 2021-11-22, contributors Rieks - - RieksJ

-
- -
T -
- - ToIP stack - - #toip
-
-

The two-sided, four-layer architecture for decentralized digital trust infrastructure defined by the ToIP Foundation.

-

version 1, commit 390dd68, created 2022-07-07, contributors Drummond Reed

-
- -
- - trust framework - - #gswg#toip
-
-

A specialized type of governance framework that specifies the - [requirements] for a [digital identity] system.

-

version 1, commit 9dfb9b0, created 2021-11-21, contributors Drummond Reed

-
- -
- - trust registry - - #toip
-
-

A repository which contains a machine-readable listing of approved governed parties - deemed compliant by a governing authority over - its attributable criteria of its governance framework.

-

version 2, commit 7c66632, created 2021-11-20, last modified 2021-11-20, contributors - ScottPerryCPA

-
- -
V -
- - VC - - #toip
-
-

Verifiable - Credential

-

version 1, commit c5ec39b, created 2022-08-29, contributors Henk van Cann

-
- -
- - verifiable credential - - #toip#w3cvc
-
-

A tamper-evident credential whose - authorship by an issuer can be - cryptographically verified. Verifiable credentials can be used to build verifiable presentations, which can also be cryptographically verified. - The claims in a credential can be about different subjects.

-

version 2, commit 3a3d527, created 2022-01-23, last modified 2022-01-23, contributors Drummond - Reed

-
-
- -
+ + + + + + + + + + + +
Glossary - General Trust Over IP Terms
+ + +
+
+
A +
actor #toip
+

actor in the #essiflab glossary here.

+

version 4, commit 6716f25, created 2021-06-23, last modified 2022-01-23, contributors Drummond Reed - Rieks - RieksJ

+
+ +
administering authority #toip
+

The party tasked with operating the management of a particular governance framework. The administering authority may or may not be the governing authority. For example, a government may be the governing authority for a governance framework administered by an NGO as the administering authority.

+

version 1, commit e90f97f, created 2021-11-20, contributors ScottPerryCPA

+
+ +
agent #toip
+

agent in the #essiflab glossary here.

+

version 4, commit 9ded51f, created 2021-06-23, last modified 2022-01-23, contributors Drummond Reed - Rieks - RieksJ

+
+ +
audit accreditor #gswg#toip
+

The party which evaluates an applicant auditor for their competence, independence and quality control measures and approves them to make [attestations] about governed parties under the authority of a governance framework.

+

version 2, commit b5df919, created 2021-11-20, last modified 2021-11-21, contributors Drummond Reed - ScottPerryCPA

+
+ +
auditor #toip
+

The party which acts as an independent professional trained in evaluating technology-based evidence provided from governed parties asserting that they are in compliance with audit criteria set forth by audit Accreditors. An auditor issues a report attesting its opinion over a governed party's compliance assertion which enables a governing party to issue compliance credentials to the governed party and may place it on a credential registry and add their entry to the trust registry.

+

version 4, commit 1b71b67, created 2021-11-20, last modified 2022-08-29, contributors Henk van Cann - ScottPerryCPA

+
+ +
authority #toip
+

An Authority is a party of which certain decisions, ideas, rules etc. are followed by other parties. We distinguish between two kinds of authority:

+
    +
  • centralized authority, also known as the power or right to give orders, make decisions that other parties must follow, and enforce obedience. This kind of authority ignores the natural autonomy of other parties.
    • +
  • decentralized authority, also known as the power or right that is freely endowed by other parties to the authority, to make decisions, phrase ideas, set rules etc, which these parties will adopt and follow because they think it is in their own interest to do so.
    • +
+

version 2, commit 4b05e92, created 2021-06-23, last modified 2021-11-22, contributors Rieks - RieksJ

+
+ +
C +
community #toip
+

A Community is an organization that seeks to facilitate the cooperation between at least two parties (referred to as its 'members') based on interests that these parties share as each of them seeks to realize its own, individual objectives.

+

A community is a specialization of the more generic ecosystem in the sense that it is an organization (which an ecosystem need not be) that (actively) facilitates the cooperation between its members, whereas in non-community ecosystems, this cooperation is not actively organized.

+

version 2, commit 475a32f, created 2021-06-23, last modified 2021-11-22, contributors Rieks - RieksJ

+
+ +
credential registry #gswg#toip
+

An accessible repository of verifiable credentials issued by a party and made available to be verified in accordance with a governance framework.

+

version 1, commit 11316ac, created 2021-11-20, contributors ScottPerryCPA

+
+ +
D +
did chain #toip
+

A set of DIDs linked in a hierarchical model where each DID (except the root) digitally signs the next DID in the chain. DID chains can be verified for cryptographic trust by “walking the chain” back to the root of trust. See also trust registry. Contrast with X.509 certificate chain.

+

version 1, commit fcefb2b, created 2021-06-23, contributors RieksJ

+
+ +
digital trust ecosystem #toip
+

An ecosystem of governed parties that interoperate to achieve a set of trust objectives online. Layer 4 of the ToIP stack is designed to support digital trust ecosystems.

+

version 1, commit a11d47c, created 2022-01-23, contributors Drummond Reed

+
+ +
E +
ecosystem #toip
+

A Ecosystem is a set of at least two (autonomous) parties (the members of the ecosystem) whose individual work complements that of other members, and is of benefit to the set as a whole.

+

An ecosystem is distinct from a community in the sense that it is not (necessarily) an organization that (actively) facilitates the cooperation between its members. A community is considered a specialization of the more generic 'ecosystem' concept.

+

version 2, commit 54b130f, created 2021-06-23, last modified 2021-11-22, contributors Rieks - RieksJ

+
+ +
entity #toip
+

entity in the #essiflab glossary here.

+

version 5, commit 314d521, created 2021-06-23, last modified 2022-01-23, contributors Drummond Reed - Rieks - Daniel Hardman - RieksJ

+
+ +
G +
governance #toip
+

governance in the #essiflab glossary here.

+

version 3, commit 44a46cc, created 2021-06-23, last modified 2022-01-23, contributors Drummond Reed - Rieks - RieksJ

+
+ +
governance framework #toip
+

governance framework in the #gswg glossary here.

+

version 6, commit 39af4c5, created 2021-11-16, last modified 2022-01-23, contributors Drummond Reed - Daniel Hardman

+
+ +
governed party #gswg#toip
+

A party whose actors perform in a [role] defined by a governance framework.

+

version 3, commit a55a75b, created 2021-11-20, last modified 2022-01-23, contributors Drummond Reed - ScottPerryCPA

+
+ +
governing authority #toip
+

The party responsible for governing a particular governance framework. The governing authority may or may not be the administering authority. For example, a government may be the governing authority for a governance framework administered by an NGO as the administering authority.

+

version 1, commit c843189, created 2021-11-16, contributors Drummond Reed

+
+ +
governing party #toip
+

An organization that is part of the governing authority of a trust community.

+

version 2, commit ffeed70, created 2022-01-16, last modified 2022-01-16, contributors Nicky Hickman

+
+ +
I +
identifier #toip
+

An Identifier is a character string that is being used for identification purposes (by a specific party).[^1] This includes names and labels, as they are (obviously) used for such purposes.

+

Note that while an identifier is used for identification purposes, this does not automatically imply that it actually identifies (singles out) anything. It also depends on what RFC 3986 calls the 'scope of identification', or what Pfitzmann and Hansen (2010) refer to as an 'identifiability set', which are relevant for explaining whether or not (and if so: what) an identifier actually identifies (singles out) in a given context. See the Discussion below.

+

version 2, commit 43f62ce, created 2021-06-23, last modified 2021-11-22, contributors Rieks - RieksJ

+
+ +
identity #toip
+

Identity is a term that is heavily debated. For our purposes, it is useful to see the identity of a person as the union of all characteristics, judgements and other knowledge that parties have about that person. Generalizing this idea, we say that the identity of any entity consists of the combined knowledge (that is: of all parties that know) about this entity.

+

Inspired by Pfitzmann and Hansen (2010), we define a partial identity (of an entity) as all the knowledge that a single, specific party has about that entity (= the 'subject' of the partial identity). The identity of an entity is then the union/collection of all of its partial identities.

+

The Self-Identity or Self-concept of a party is the partial identity of which it is both the subject and the owner.

+

version 2, commit 505fa2d, created 2021-06-23, last modified 2021-11-22, contributors Rieks - RieksJ

+
+ +
J +
jurisdiction #toip
+

A Jurisdiction is the composition of a (non-empty) set of objectives, one scope, one legal system and one party (called the Governor of the Jurisdiction) that operates the legal system within that scope. While most people are familiar with what we call legal jurisdictions, please observe that organizations habitually will have rules (business policies) in place, enforce them (to some extent), and have ways of resolving conflicts, and therefore qualify as a jurisdiction. Specifically, multi-national organizations are known to govern multiple jurisdictions, aliging the scopes with the scopes of other (often legal) jurisdictions for the purpose of preventing situations in which conflicting rules apply, which would lead to many effort-intensive conflict-resolution cases.

+

The Jurisdictions pattern provides an overview of how this concept fits in with related concepts.

+

version 2, commit 7a47eef, created 2021-06-23, last modified 2021-11-22, contributors Rieks - RieksJ

+
+ +
K +
knowledge #toip
+

Knowledge is the (intangible) sum of what is known, the familiarity, awareness or understanding of someone or something (WikiPedia). It includes facts (propositional knowledge), skills (procedural knowledge), or objects (acquaintance knowledge). Knowledge can be acquired in many different ways and from many different sources, including but not limited to experience, reason, memory, testimony, scientific inquiry, education, and practice.

+

We limit the scope of a Knowledge to a party so as to allow for the existence of multiple such Knowledges, where each of them is internally consistent, yet may be inconsistent with other Knowledges.

+

version 2, commit b2799fc, created 2021-06-23, last modified 2021-11-22, contributors Rieks - RieksJ

+
+ +
L +
+
+

A Legal Entity is an entity that is known by and recognized to exist in a jurisdiction. For legal jurisdictions, this usually means that the entity is registered. Legal jurisdictions usually have a registration for its citizens, foreigners, enterprises, fellonies, etc. Non-legal jurisdictions (e.g. a soccer club) register their members, donators, staff, properties, etc., either on the record, or off the record.

+

The Jurisdictions pattern provides an overview of how this concept fits in with related concepts.

+

version 2, commit 3191797, created 2021-06-23, last modified 2021-11-22, contributors Rieks - RieksJ

+
+ + +

A Legal System is a system in which rules are defined (legislature) and a mechanism for their enforcement is implicitly or explicitly defined (executive), as well as a mechanism for conflict resolution (judiciary). A legal system is designed and governed by a single party. A legal system can be operationalized by assigning it a scope within which enforcement and conflict resolution are implemented. The associated operational tasks may be mandated or delegated to other parties. Depending on the individual legal system, 'rules' may be called 'laws', 'regulations', 'directives', 'policies', 'working instructions', etc. Other terms exist for specializations of these terms, e.g. 'order', 'mandate', and others.

+

The Jurisdictions pattern provides an overview of how this concept fits in with related concepts.

+

version 2, commit 227ee73, created 2021-06-23, last modified 2021-11-22, contributors Rieks - RieksJ

+
+ +
O +
objective #toip
+

Objectives drive parties as they make their goals explicit, the primary one of which is also referred to as the mission of that party. A party's objectives are part of its knowledge. When made available to agents of that party, these agents can do the work that is needed to reach these goals (realize the party's objectives).

+

version 2, commit f7bec33, created 2021-06-23, last modified 2021-11-22, contributors Rieks - RieksJ

+
+ +
organization #toip
+

An Organization is a party that is associated with a group of actors that work to realize its objectives. Enterprises and governments are the prototypical examples. However, parts of enterprises (e.g. divisions, departments, business units) should also be considered organizations. This also holds for governments and governmental bodies.

+

version 2, commit 0a6b027, created 2021-06-23, last modified 2021-11-22, contributors Rieks - RieksJ

+
+ +
owner #toip
+
+

An Owner is a role that a party performs when it is exercizing its legal, rightful or natural title to control some entity.

+

We interpret 'legal' and 'rightful' as terms that apply to any jurisdiction (that is: not just legal/national jurisdictions, but also those of other organizations (parties).

+

We take 'natural' as a title that is provided by nature, as in 'the owner of an assertion'.

+

For futher details, see ownership.

+

version 2, commit 4495d08, created 2021-06-23, last modified 2021-11-22, contributors Rieks - RieksJ

+
+ +
ownership #ctwg#essiflab#essiflab-framework#toip
+
+

Ownership is a relationship between two entities in which one of these entities (called the owner) is entitled to enjoy, dispose of, and control the other entity in an pretty much absolute (sovereign) fashion. Any ownership relationship is grounded in ((the rules of) the legal system of) a specific jurisdiction, that maintains and enforces these rules, and that has means to resolve any disputes arising from that. To do this, both entities must be legal entities in that jurisdiction.

+

We may use the phrase natural ownership to refer to an ownership relation that exists in the jurisdiction 'Nature' (see the notes of jurisdiction). This enables us to talk about things as 'the (natural) ownership of an assertion'.

+

version 1, commit fcefb2b, created 2021-06-23, contributors RieksJ

+
+ +
P +
party #toip
+

A party is an entity that sets its objectives, maintains its knowledge, and uses that knowledge to pursue its objectives in an autonomous (sovereign) manner. One might say that they have a mind of their own. Typical examples are individual people and organizations. Their minds (subjective knowledge) are what distinguishes one party from another, so every party is 1-1 related to its knowledge (mind).

+

Specifically, every party autonomously manages its

+
    +
  • knowledge (information). It means that every party gets to decide for itself what it believes to be true, what to trust (and what not), what objectives it wants to pursue, how much risks it wants to run, what are valid ways of reasoning (not necessarily logical), how to reach conclusions and make decisions. The knowledge of a party changes continuously as information is added, modified, or deleted - no reasons needed.
    • +
  • semantics, i.e. the mapping between parts of its knowledge and the data he uses to represent such parts, as well as the mapping between data that it receives and the meaning he interprets such data to be associated with.
    • +
  • data, i.e. the tangible representation of a subset of its intangible knowledge that it uses to communicate with others, to remember (store), or process.
    • +
+

It is important to note that:

+ +

version 2, commit 3ffda3e, created 2021-06-23, last modified 2021-11-22, contributors Rieks - RieksJ

+
+ +
policy #toip
+

A policy is a (set of) rules, working instructions and/or other guidance for the execution of one or more kinds of actions. that agents (a) have access to, (b) can interpret as intended by their principal (i.e. policy owner) and (c) must use when executing such actions.

+

An agent must have access to the policy that its principal has established for the kind of action(s) that the agent is executing for its principal. This requires that the policy be readable by the agent, and that the agent is capable of interpreting it as intended by its principal.

+

It should be part of the principal's governance processes

+
    +
  • to establish, maintain and evaluate policies for every kind of action that its agents may execute,
    • +
  • to derive artifacts from such policies that are useable by the various agents (digital, human, or otherwise) that have a right or duty to execute actions for the principal to which such policies apply. So, machine-readable policies should be derived for digital agents, and human-readable policies (in different languages if that is appropriate) for non-digital agents.
    • +
  • to publish such artifacts such that at least every of its agents that may need to access them, can find and access them as needed.
    • +
  • to inform its agents whenever updates have been made that they need to be aware of (specifically if agents are allowed to keep local copies of such artifacts).
    • +
+

The Parties, Actors and Actions pattern provides an overview of how this concept fits in with related concepts.

+

version 2, commit f07826c, created 2021-06-23, last modified 2021-11-22, contributors Rieks - RieksJ

+
+ +
public utility #toip
+

A publicly readable and verifiable data storage network for Decentralized Identifiers (DIDs) (e.g. using blockchain, distributed ledger technology (DLT) or Decentralized File System.) At Layer 1 of the Trust over IP technology stack.

+

version 3, commit 23d5baa, created 2022-02-24, last modified 2022-02-24, contributors Nicky Hickman

+
+ +
R +
risk #toip
+

A Risk is the effects that uncertainty can have on the intended realization of an objective of a party (which we call the risk owner). Uncertainty is a lack of information, understanding or knowledge of events, their consequences or likelihoods, and this may affect the results that a party expects and intends to realize so as to fulfull its objectives.

+

While traditionally these effects are assumed to be negative (i.e. damaging, harmful) to this party, they may also be positive. For example, if you buy a ticket in a lottery, you (should) expect to lose money (the prize of the ticket). However, there is this uncertainty, this lack of information, the effect of it would be that this intended/expected result is deviated from, and you actually win a prize. If this risk is unacceptable (e.g. if you do not know how to manage large amounts of money), then that would call the risk to be managed.

+

Risk is about the possible effects that uncertainty may have on the intended/expected realization of an objective of some party. In this sense, at least in theory, this means that 'risk' is an objective notion because different parties may have the same ideas about what such effects on a given objective could be. However, since an objective is owned by precisely one parties, and therefore only that party actually knows the actual meaning of that objective, in practice there is little point in drafting lists of such possible effects to make risk assessments easier.

+

An acceptable risk is a set of such effects that the risk owner has decided that it can, and is willing to deal with as they materialize. They need no further attention. Other risks would need attention and should be managed. Often, risks are assigned a risk level to help risk owners prioritize the risks, allowing them to manage the most important ones before the less important ones.

+

The owner of a risk that is associated with an objective must be the party that owns that objective, and vice versa, because ownership implies the authority to realize the objective, which in turn implies the authority to manage the associated risks. Of course, as owners are parties, a risk owner may mandate actors to execute the actions that are necessary to manage a risk, but that does not relieve the party from its ownership (and facing possibly associated consequences). In fact, the objective of mandating risk management activities may come with risks which are often overlooked.

+

version 2, commit 7b8c477, created 2021-06-23, last modified 2021-11-22, contributors Rieks - RieksJ

+
+ +
risk management #toip
+

Risk management is a process that is run by (or on behalf of) a specific party for the purpose of managing the risks that it owns. We distinguish between various kinds of risk-management:

+
    +
  • centralized risk-management, which is a kind of risk management that assumes that the party that runs it has the power or right to give orders, make decisions that other parties must follow, and enforce obedience, which can be applied to mitigate its risks. This kind of risk-management ignores the natural autonomy of other parties.
    • +
  • decentralized or networked risk-management, which is a kind of risk management that assumes that the party that runs it acknowledges the autonomy of other parties to make their own (risk-related) decisions, and therefore starts and maintains relations with such parties that help them both to manage their individual, subjective risks.
    • +
+

version 2, commit 6cb5c0b, created 2021-06-23, last modified 2021-11-22, contributors Rieks - RieksJ

+
+ +
S +
self sovereign identity #toip
+

Self-Sovereign Identity (SSI) is a term that has many different interpretations, and that we use to refer to concepts/ideas, architectures, processes and technologies that aim to support (autonomous) parties as they negotiate and execute electronic transactions with one another.

+

The dialogue about what Self-Sovereign Identity (SSI) really is — started in the blog "The Path to Self-Sovereign Identity" by Christopher Allen in 2016 — has not resulted in a consensus today. While some see the ten principles of SSI that Allen proposed as the definition of SSI, he formulated them as "a departure point to provoke a discussion about what's truly important". And it is obvious that what is important differs per party.

+

The perspective that the eSSIF-Lab framework takes is that of supporting (autonomous) parties as they negotiate and execute electronic (business) transactions with one another. So anything that helps - e.g. concepts/ideas, architectures, processes and technologies, will be covered by that term.

+

version 1, commit 5bd8a45, created 2022-08-15, contributors Daniel Hardman

+
+ +
self sovereignty #toip
+

Self-Sovereignty is the characteristic of every party that it is autonomous in managing and operating its own knowledge, particularly in making decisions and deciding how to decide.

+

version 3, commit ff6aa0d, created 2021-06-23, last modified 2021-11-22, contributors Rieks - RieksJ

+
+ +
semantics #toip
+
+

We use the term semantics to refer to the mapping between (tangible) terms and (intangible) concepts (their meaning, the ideas behind it). Semantics are scoped, i.e. every scope has its own semantic mapping. This implies that every party has - and maintains - its own (subjective) semantics, which is its subjective mapping of a set of terms onto the concepts/ideas in its knowledge. The (erroneous) assumption that parties would (automagically) share a semantics is the cause of many misunderstandings, and hence should be identified and deleted as soon as possible.

+

version 2, commit a6d0b68, created 2021-06-23, last modified 2021-11-22, contributors Rieks - RieksJ

+
+ +
SSI #toip
+

self-sovereign identity

+

version 1, commit 589bc34, created 2022-08-15, contributors Daniel Hardman

+
+ +
ssi assurance community #toip
+

An SSI Assurance Community is a community that supports its members as they seek to increase their confidence in the SSI infrastructure and/or (specific) qualifications of the data exchanged through that infrastructure." The nature of a community being that its members share some common ground ensures that this objective may be realized by exploing that existing common ground.

+

Here are some functions that an assurance community may contemplate of performing:

+
    +
  • act as a governing party for a set of credential types.
    • +
  • run a credential catalogue in which its members (and perhaps others) can advertise the credential types they issue and specify the assurances and other data that parties may need in order to decide whether or not to take that member up on that offering.
    • +
  • run a yellow pages service which parties can use to find out which members (or other parties) issue credentials of a certain type.
    • +
  • govern and document accreditation schemes, including schemes for accrediting parties that may certify others against such schemes.
    • +
  • act as a governing party for decision trees (to be elaborated on)
    • +
  • act as a KeySmith (also to be elaborated on)
    • +
+

The initial ideas for SSI Assurance Communities can be read in the paper "Decentralized SSI Governance, the missing link in automating business decisions".

+

version 2, commit 73dd37d, created 2021-07-23, last modified 2021-11-22, contributors Rieks - RieksJ

+
+ +
ssi infrastructure #toip
+

The SSI Infrastructure consists of the technological components that are (envisaged to be) deployed all over the world for the purpose of providing, requesting and obtaining qualified data for the purpose of negotiating and/or executing electronic transactions.

+

Like any other (hard) Infrastructure, such components are (to be) designed to be interoperable, both

+
    +
  • 'horizontally', i.e. with other infrastructural components, and
    • +
  • 'vertically', i.e. that it is very easy for other software applications to use them.
    • +
+

It is foreseen that SSI components in this infrastructure are designed and created in a generic way, and hence need to be customizable, so that an individual compnent can work according to the (needs and preferences|policy)-of-the parties for which it is an agent.

+

This implies that the SSI Infrastructure (a 'hard' infratstructure) needs to be complemented with a complementary 'soft infrastructure', e.g. as can be provided with assurance communities.

+

version 2, commit 9338e86, created 2021-06-23, last modified 2021-11-22, contributors Rieks - RieksJ

+
+ +
T +
ToIP stack #toip
+

The two-sided, four-layer architecture for decentralized digital trust infrastructure defined by the ToIP Foundation.

+

version 1, commit 390dd68, created 2022-07-07, contributors Drummond Reed

+
+ +
trust framework #gswg#toip
+

A specialized type of governance framework that specifies the [requirements] for a [digital identity] system.

+

version 1, commit 9dfb9b0, created 2021-11-21, contributors Drummond Reed

+
+ +
trust registry #toip
+

A repository which contains a machine-readable listing of approved governed parties deemed compliant by a governing authority over its attributable criteria of its governance framework.

+

version 2, commit 7c66632, created 2021-11-20, last modified 2021-11-20, contributors ScottPerryCPA

+
+ +
V +
VC #toip
+

Verifiable Credential

+

version 1, commit c5ec39b, created 2022-08-29, contributors Henk van Cann

+
+ +
verifiable credential #toip#w3cvc
+

A tamper-evident credential whose authorship by an issuer can be cryptographically verified. Verifiable credentials can be used to build verifiable presentations, which can also be cryptographically verified. The claims in a credential can be about different subjects.

+

version 2, commit 3a3d527, created 2022-01-23, last modified 2022-01-23, contributors Drummond Reed

+
+
+ +
- \ No newline at end of file From bfc19bfa4f0dda49f6f4e12b72510e81f4714a8b Mon Sep 17 00:00:00 2001 From: kor Date: Mon, 26 Aug 2024 16:39:41 +0200 Subject: [PATCH 3/5] Add banner with info and redirect to new glossary --- glossary.html | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/glossary.html b/glossary.html index 5b58218..602cfb2 100644 --- a/glossary.html +++ b/glossary.html @@ -170,6 +170,14 @@
+
+! + + This glossary is archived. Go to the new + glossary. + +
A
actor #toip
From 79dfc65d7bd7a6a76f17c2a302916e6ec5755a00 Mon Sep 17 00:00:00 2001 From: kor Date: Mon, 26 Aug 2024 17:25:02 +0200 Subject: [PATCH 4/5] Change link to https://trustoverip.github.io/glossary/ (future new location) --- glossary.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/glossary.html b/glossary.html index 602cfb2..16222ed 100644 --- a/glossary.html +++ b/glossary.html @@ -174,7 +174,7 @@ ! - This glossary is archived. Go to the new + This glossary is archived. Go to the new glossary. From 090801e2c092d60ce354940f70250e425d2e0b37 Mon Sep 17 00:00:00 2001 From: kor Date: Mon, 26 Aug 2024 18:00:25 +0200 Subject: [PATCH 5/5] Back to https://trustoverip.github.io/ctwg-main-glossary/ --- glossary.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/glossary.html b/glossary.html index 16222ed..602cfb2 100644 --- a/glossary.html +++ b/glossary.html @@ -174,7 +174,7 @@ ! - This glossary is archived. Go to the new + This glossary is archived. Go to the new glossary.