<style>
code {
white-space : pre-wrap !important;
word-break: break-word;
}
</style>
### Governance Framework Files
#### An Approach to Machine-Readable Governance
###### Mike Ebert
---
### Intro
* What is machine readable governance?
* What are the key problems it solves?
* Has it been tried?
* What needs to be done?
---
### Governance Framework
> A governance framework (also called a trust framework in some contexts) is a set of rules that establish trust about processes (and indirectly, about outcomes) in a given context.
> --Daniel Hardman
https://github.com/hyperledger/aries-rfcs/tree/main/concepts/0430-machine-readable-governance-frameworks
---
### Machine-Readable Governance
> Governance frameworks... embodied in formal data structures, so it's possible to react to them with software, not just with human intelligence.
> --Daniel Hardman
https://github.com/hyperledger/aries-rfcs/tree/main/concepts/0430-machine-readable-governance-frameworks
---
### Governance Framework File
* A jurisdiction can publish a file that contains a machine-readable version of the governance applied to its ecosystem
* Organize the ecosystem by codifying rules, conventions, and standards
---
### Benefits of Governance Framework Files
* Available to all parties
* Everyone can understand how things should work
* Issuers and verifiers can behave according to policy
* Holder agents can assist the user
---
### Benefits of Governance Framework Files
* Supports offline interactions
* Governance framework file can be cached locally
* Avoid the phone home problem
---
### Benefits of Governance Framework Files
* Decouple (most) business logic from code
* Provide flexibility to accommodate change and avoid having to frequently re-release or update agents
---
### What Can You Do with It?
* Establish roots of trust
* Define roles and permissions
* Specify workflows
---
### Establish Roots of Trust
The key problem is:
## How can you know if you can trust another agent? ##
----
### Turtles All the Way Down?
* With a credential issued by a trusted party
* How can you trust that issuer?
----
### How to Bootstrap Trust?
* There are many jurisdictions where trust must be established
* Not all of them are geo-political (e.g. companies and organizations)
* How can a jurisdiction get started without some outside party?
----
### How to Bootstrap Trust?
* List trusted participants and their DIDs
---
### Define Roles and Permissions
* Once you have a list of participants...
* Define the roles that can be played
* Assign each verified participant the role(s) they will fill
---
### Specify Workflows
* Describe actions the agents can take
* Assign actions to roles
* Create a flowchart or tree of linked steps
---
### How Are Governance Files Different from Trust Registries?
* There seem to be a variety of definitions for trust registries which don't appear to mean exactly the same thing. Here are some I have heard of:
1. A live service that agents must call to determine trust status
---
### How Are Governance Files Different from Trust Registries?
2. A tool for creating and publishing machine readable governance framework files
3. A system for discovering, listing, searching, and/or sharing governance framework files
---
### Machine-Readable Governance In Real Life
#### Trials
* Built two VC trials with SITA in Aruba
* Helping the island recover from the shock and changes introduced by COVID
----
### Machine-Readable Governance In Real Life
#### Goals
1. Prove that verifiable credentials would work for the health and tourism needs of Aruba
2. Prove that governance could be nimble when dealing with the dynamic COVID situation
----
### Machine-Readable Governance In Real Life
#### Results
* Applied Cardea lab result and vaccine schemas
* First used on-island and then off-island health data
----
### Machine-Readable Governance In Real Life
#### Results
* Established roots of trust for the island's tourism ecosystem
* Implemented procedures and rules in a way that could be easily updated (and were on three different occasions)
----
### Machine-Readable Governance In Real Life
Summary: Governance framework files were effective in establishing a trusted digital ecosystem for health and travel credentials and workflows in Aruba
---
### What Needs to Be Done?
* RFC for work to date
* Improve creation of governance files
* Work out signing and publishing
* Begin working on methods for disclosing, sharing, discovering
{"metaMigratedAt":"2023-06-16T23:48:47.250Z","metaMigratedFrom":"YAML","title":"Machine Readable Governance Files - Basics","breaks":"true","slideOptions":"{\"theme\":\"league\",\"transition\":\"fade\"}","contributors":"[{\"id\":\"9dab61b4-cc74-4ff9-9e63-1e1987644fc8\",\"add\":6525,\"del\":1847}]"}