Understand the opportunity to create a governance framework for dual-stack interoperability.
Agenda Items and Notes (including all relevant links)
Time
Agenda Item
Lead
Notes
5 min
Start recording
Welcome & antitrust notice
Introduction of new members
Agenda review
Chairs
Antitrust Policy Notice:Attendees are reminded to adhere to the meeting agenda and not participate in activities prohibited under antitrust and competition laws. Only members of ToIP who have signed the necessary agreements are permitted to participate in this activity beyond an observer role.
New Members:
5 mins
Review of action items from previous meeting
Chairs
5 mins
Announcements
TF Leads
News or events of interest to Governance Stack WG members
polled the auidence before presentation & no one had any awareness of protocol
polled afterwards indicated everyone then saw value in it
Will assemble notes from EIC conference
@Scott presented at the Digital World Conference presented by Information Systems Audit and Control Association (ISACA)
Information systems auditors
Conference had about 1000 attendees
Discussed the journey to get decentralized identity and and verifiable credentials, and talking about audit and accreditation, and the roles that auditors would play
No awareness in the profession of Self-Sovereign Identition (SSI) but believes that's going to change
Had 60 attendees which is pretty good for the last slot of the conference
Schellman colleague presented on auditing blockchains
Schellman now has a formal relationship with Digital Governance Council of Canada
Auditing digital identity standard just released
Potential for other governments outside of Canada to use if it for mutual recognition
Tim Bouma and group are working on getting ISO standard certification
There's a separation of governance from operations & autrhority
It's been easier to sell Governance, verifiable credentials and digital identity when it's presetned as an extension to existing systems, not something completely new
For Decentralized Identification Ecosystem Stakeholders concerned about potential barriers to entry, our new managed service enables your Governance, Risk and Compliance Team to create agile, structured, Lego-like policies and processes to jumpstart adoption.
Furthermore, members can extend it for their needs and share it with their ecosystems, creating growth. And unlike a folder of static PDFs, everyone can benefit from upstream changes, continuously reducing the gap between policies and processes.
Continuous Governance:Stay in sync. Jumpstart adoption.
22:22
Agenda
Definition
As-is & To-Be
Ecosystem Use Case
22:30
Definition
Designed to keep governance frameworks, organizational policies, procedures and ecosystems in sync where the gaps represent risk
Most organizations use MS Word and Excel which is fine if timeliness is good enough
For example, in many jurisdictions demonstrating that you're trying to adhere to privacy laws is good enough
As Timothy Ruff said: "The problem is the solution."
24:05:
As-Is Happy Path writing policies & procedures
Typically a smooth process for those using Word & Excel
25:05
As-Is Not Happy Path
Non-conformance means there's a gap between policies & procedures
Greater the gap, the greater the risk
Root cause may be human error executing process, the process itself, the policy governing the process, a change to the framework or, needing a new framework
At this point Word & Excel are not your friends anymore
26:24
Use Case:
Problem: Policies & procedures use the Term/Role Contract Lawyer which is ambiguous with Commercial Lawyer
Solution:
Create a new Term/Role for Commercial Lawyer,
Update Contract Lawyer
Update related policies and procedures
Word & Excel
Use Find/Replace to search through all documents Find all the documents, maybe spreadsheets that may use "Role" because there's no assurance Contract Lawyer was a valid entry. It's unstructured data.
Wholesale changes required - like renovating an old house.
Editors need domain knowledge across frameworks, policies & procedures to understand how to implement changes
28:45
Use Case continued
To-Be
Structured documents are like Lego blocks
Using one or more blocks to construct a document means you can change one document and all the documents that use that one get updated automatically. Like a robot does it for you.
29:50
Ecosystems Use Case
Standards Development Organizations (SDO) create many standards
Standards are adopted & implemented by many ecosystems
Ecosytems' members adopt & implement those standards
Each node (SDO, Ecosystem, Member) deploys & publishes its standards (policies & procedures) to their own Rosie static website
Rosie can share content across nodes: downstream & cross stream - more Lego blocks
Creates an opportunity to grow the ecosystem by allowing potential business partners or, service providers to create context-specific content along the generalized to specialized continuum
Not implemented yet, but content can be monetized like a publication/subscription or, Intellectual Property (IP) licensing models
Upstream or cross-stream changes trigger new content.
New or updated frameworks down to changes in processes
32:41:Demo
Intro
Site structure
All content is in markdown stored & versioned in GitHub
Users do not have to know they're using GitHub
34:49 Demo
Building Blocks
Basic Term
Actor referencing a Term for a Role in the Editor
Where Used Map
Actor, Role, User Stories, User Journey
41:50 Demo
User Journey - Update Risk Assessment
Walkthrough use case of adding a Risk Treatment option to the ToIP Risk Companion Guide & Risk Assessment Form
50:00 Demo
Context Switcher
Same document can display Term definitions and even labels for different Contexts
Defaults to "my" definition
Can switch to an arbitrary number of Contexts - like W3C, NIST, ISO, eIDAS
53:24 Q&A
5 mins
Any other business
Savita Farooqui Asking for suggestions for upcoming agenda items
5 mins
Review decisions/action items
Planning for next meeting
Chairs
Screenshots/Diagrams (numbered for reference in notes above)