Skip to content
Kyle Robinson edited this page Mar 8, 2023 · 6 revisions

Introduction

"A governance framework (also called a trust framework in some contexts) is a set of rules that establish trust about processes (and indirectly, about outcomes) in a given context." -Daniel Hardman

The purpose of your governance framework file is to provide a clear and tracked set of details that are useful within the ecosystem of digital trust that your business is operating and within the context of a specific verifiable credential (VC). If you are an issuer of a VC you will want this document to clearly explain its purpose for those that the VC will be issued to, or for those who will want to verify that it has been issued to a holder.

Example: Your credential might contain an attribute called "role" and a value "mine manager". A government system may offer the option for a holder to present proof that they have that credential and wish to check for the mine manager role. The reason the Government system would do this is that they trust you as the issuer of that credential. This Governance documentation outlines the reason why you can be trusted as the issuer of this credential.

Governance documentation should be written with a broad audience in mind, including marketing (for change mgmt and adoption), issuers and developers.

Trusted Issuers of a credential

  • Use the Governance.md file to list trusted issuers, including their DIDs

Templates

General

  • Describe the verifiable credential (VC)
    • What is it attesting to?
      • They can access their data and submit data
    • What data attributes will it include?
    • What is this VC's intended use?
      • For Authenticating to a web application
  • Authentication
    • Describe any ways in which this VC will be used to determine the identity
  • Authorization
    • Describe any ways in which this VC will be used to determine what an identified user should be authorized to do
  • Access Claims
    • Describe any attributes and values that will be used for authorization and list the functions that will be permitted if these access claims are included in the VC
  • Issuer
    • What gives the issuer authority? (i.e. which Act, Regulation, Policy, Legislation)
  • Issuer User
    • Which people or roles have control over the issuing functions of the wallet?
  • Holder
    • What give someone the right to hold this credential?
  • Holder User
    • Which people or roles have control over the holder functions of the wallet?
  • Verifier
    • Which people or roles can verify the credential?
  • Verifier User
    • Which people or roles have control over the verifying functions of the wallet?
  • User Security Platform