Interim Governance Authority Requirements

Purpose

The purpose of this document is to define the requirements and core functions (use cases) of the Interim Governance Authority for the Yoma Digital Trust Ecosystem.  

What is a Governance Authority (GA)?

From ToIP Ecosystem Foundry:

  • Ecosystem Governance Authority  -  An entity that establishes and operates a framework (Ecosystem Governance Framework (EGF)) of policies, rules, procedures and accountabilities of roles within Layer 4 (Ecosystem)

From Sovrin Glossary

The Entity (typically an Organization) governing a particular Governance Framework such as a Domain-Specific Governance Framework. Depending on the design of the Governance Framework, the Governance Authority may be responsible for issuing Trust Anchor Credentials, Credential Registry Credentials, Auditor Credentials, or Auditor Accreditor Credentials. A Governance Authority may also issue a Governance Authority Credential to another Governance Authority to cross-link two Governance Frameworks. See the Sovrin Web of Trust Model and Appendix H.

Why we need an Interim Governance Authority?

  • Target completion date for completion of V1 governance framework 30 September 2021 (Q3)
  • Target set-up date (entity registration) is Q4 2021, expected to include Yoma Social Enterprise & Yoma Foundation the business operating model, jurisdiction and governance model for these entities are as yet unknown
  • It is expected that the Yoma Foundation will act as the Governance Authority for the Yoma Ecosystem, in time they may become an Interoperable Ecosystem Governance Authority  -  An entity that establishes a TSS (ToIP Standard Specification) that defines the standard requirements for the Ecosystem Governance Authority to conform.”
  • It is not yet known which entity(ies) will act as  “Credential” and “Provider” Governance Authorities,  for the purposes of the Governance Framework V1, it expected that these will all be one entity.

Interim GA is expected to be in operation for 6-9 months from October 2021.  

Core Requirements:

  • Is seen as neutral, independent and with no competitive commercial interests versus other ecosystem players
  • Has legal services support & resources
  • Has administrative services support & resources
  • Is open, able to convene and foster cooperation between all ecosystem stakeholders
  • Operates in compliance with the principles laid out in the governance framework
  • Is in an internationally recognised and trusted jurisdiction that supports existing legal undertakings and contracts already in place for the Yoma partners / collaborators
  • Has experience acting as a GA and experience with SSI or decentralized organizations

Core Functions & Activities:

  1. Own and manage future iterations of the Governance Framework
  2. Organise and manage its own committees, councils or task forces for addressing ecosystem roadmap and inter-working with other ecosystems stakeholder groups
  3. Carry out dispute resolution
  4. Vet & Contract with Opportunity Providers - potentially migrated to Yoma SE in the future.

What are the processes within the scope of the GA? 

The list below is from the ToIP metamodel which is a working document.  (Source: ToIP).  It is proposed that this be captured in core functions that are needed and within the scope of the initial GF.  This will be based on the business requirements defined as user stories or use cases.  Highlighted in bold are the expected key functions for the Interim GA

Not all of everything below is needed (e.g. Trust Mark), but there may be additional requirements related to the Credential and Provider layers of the stack.

  • Governance Processes and Standards
    • Governance Authority Establishment - activities to convene stakeholders aligned to oversee a layer of the ToIP stack.
    • Governance Framework Establishment - activities used to draft and enact an initial document containing key directives of a Governance Authority.
    • Governance Framework Government
      • Member Contracting - the presentment and agreement of terms that a Governance Authority has with its participating members.
      • Member Fee Management - the billing and collection of financial obligations required by a Governance Authority with its members.
      • Member Application
      • Member Vetting - the unbiased due diligence of prospect members against a set of acceptance criteria.
      • Member Voting - collecting and tabulating definitive choices made to members on proposed Governance Authority actions.
    • Policy Management
      • Policy Establishment - activities used to draft and enact an initial set of requirements and guidance a Governance Authority has upon its scope aligned with its purpose and objectives.
      • Policy Adoption - the acceptance of rules and guidance that a Governance Authority presents to itself and its members.
      • Policy Enforcement - activities that a Governance Authority takes to hold itself and its members accountable of its rules and guidance.
      • Policy Amendment - The reevaluation and change of previously established rules and guidance.
    • Governance Authority Communication
      • DID Publication - The presentment of availability of a decentralized identifier.
      • DID Whitelisting - The collection and enablement of decentralized identifiers specifically allowed actions specified by a Governance Authority.
      • Verifiable Credential Publication - the availability establishment of verifiable credentials to stakeholders within an ecosystem.
      • Levels of Assurance - the pre-defined tiers of risk mitigation afforded a class of transactions within an ecosystem.
    • Risk Assessment  - A subjective process to identify potential threats of a Governance Framework's scope upon its purpose and objectives and derive a proportionate plan to address them.  
    • Governance Authority 
    • Member Directory Designation and Recognition - The collection and enablement of approved Member entries available for transaction consideration within a Governance Authority.
    • Credential Registry Designation and Recognition - The collection and enablement of approved Credential Registries for transaction consideration within a Governance Authority.
    • Authoritative Issuer Designation and Recognition - The collection and enablement of approved Authoritative Issuers for transaction consideration within a Governance Authority.
    • Authoritative Verifier Designation and Recognition - The collection and enablement of approved Verifiers for transaction consideration within a Governance Authority.
    • Verifiable Credential Standards - The set of rules enacted by a Governance Authority that apply to a set of verifiable credentials under its scope.
    • Governance Trust Assurance Processes - The set of governance activities enacted by a Governance Authority to hold its stakeholders accountable for its governance rules. 
  • Trust Mark Processes
    • Trust Mark Scheme Definition - The set of activities a Governance Authority defines to establish and regulate its issuance of Trust Marks.
    • Trust Mark Vetting Process - The evaluation of candidate actions against a pre-defined set of criteria to determine their eligibility for trust mark issuance.
    • Trust Mark Issuance Process - The presentment of Trust Marks to approved recipients.
    • Trust Mark Discovery Process - The search and identification activities of interested parties of a Governance Authority's Trust Marks
    • Trust Mark Revocation - The rescindment of a previously approved Trust Mark by a Governance Authority
    • Trust Mark Expiration - The state when a Trust Mark exceeds its stated approval period enacted by a Governance Authority
  • Trust Assurance Scheme Processes
    • Self-Certification - The assertion a stakeholder makes that it is compliant with trust criteria established by a Governance Authority.  This MAY or MAY not be supported with evidence.
    • Internal Attestation - The opinion of an internally independent arbiter over asserted claims by a stakeholder of its compliance to governance authority trust criteria.
    • External Attestation - The opinion of an externally independent arbiter over asserted claims by a stakeholder of its compliance to governance authority trust criteria.
    • Certification - The declaration of an approved  Certification Body that an entity under an approved assessment methodology has satisfies its vetting requirements against a set of trust criteria
  • Auditor Processes and Standards - The set of accepted practices guiding the attestation of of an entity's assertion over its compliance with established Governance Authority trust criteria.
  • Audit Accreditor Processes and Standards - The evaluation and oversight activities enacted by a an Auditor Accreditor to approve and regulate auditors for a Governance Authority