<style> code { white-space : pre-wrap !important; word-break: break-word; } </style> ### Governance Framework Files #### An Approach to Machine-Readable Governance ###### Mike Ebert --- ### Intro * What is machine readable governance? * What are the key problems it solves? * Has it been tried? * What needs to be done? --- ### Governance Framework > A governance framework (also called a trust framework in some contexts) is a set of rules that establish trust about processes (and indirectly, about outcomes) in a given context. > --Daniel Hardman https://github.com/hyperledger/aries-rfcs/tree/main/concepts/0430-machine-readable-governance-frameworks --- ### Machine-Readable Governance > Governance frameworks... embodied in formal data structures, so it's possible to react to them with software, not just with human intelligence. > --Daniel Hardman https://github.com/hyperledger/aries-rfcs/tree/main/concepts/0430-machine-readable-governance-frameworks --- ### Governance Framework File * A jurisdiction can publish a file that contains a machine-readable version of the governance applied to its ecosystem * Organize the ecosystem by codifying rules, conventions, and standards --- ### Benefits of Governance Framework Files * Available to all parties * Everyone can understand how things should work * Issuers and verifiers can behave according to policy * Holder agents can assist the user --- ### Benefits of Governance Framework Files * Supports offline interactions * Governance framework file can be cached locally * Avoid the phone home problem --- ### Benefits of Governance Framework Files * Decouple (most) business logic from code * Provide flexibility to accommodate change and avoid having to frequently re-release or update agents --- ### What Can You Do with It? * Establish roots of trust * Define roles and permissions * Specify workflows --- ### Establish Roots of Trust The key problem is: ## How can you know if you can trust another agent? ## ---- ### Turtles All the Way Down? * With a credential issued by a trusted party * How can you trust that issuer? ---- ### How to Bootstrap Trust? * There are many jurisdictions where trust must be established * Not all of them are geo-political (e.g. companies and organizations) * How can a jurisdiction get started without some outside party? ---- ### How to Bootstrap Trust? * List trusted participants and their DIDs --- ### Define Roles and Permissions * Once you have a list of participants... * Define the roles that can be played * Assign each verified participant the role(s) they will fill --- ### Specify Workflows * Describe actions the agents can take * Assign actions to roles * Create a flowchart or tree of linked steps --- ### How Are Governance Files Different from Trust Registries? * There seem to be a variety of definitions for trust registries which don't appear to mean exactly the same thing. Here are some I have heard of: 1. A live service that agents must call to determine trust status --- ### How Are Governance Files Different from Trust Registries? 2. A tool for creating and publishing machine readable governance framework files 3. A system for discovering, listing, searching, and/or sharing governance framework files --- ### Machine-Readable Governance In Real Life #### Trials * Built two VC trials with SITA in Aruba * Helping the island recover from the shock and changes introduced by COVID ---- ### Machine-Readable Governance In Real Life #### Goals 1. Prove that verifiable credentials would work for the health and tourism needs of Aruba 2. Prove that governance could be nimble when dealing with the dynamic COVID situation ---- ### Machine-Readable Governance In Real Life #### Results * Applied Cardea lab result and vaccine schemas * First used on-island and then off-island health data ---- ### Machine-Readable Governance In Real Life #### Results * Established roots of trust for the island's tourism ecosystem * Implemented procedures and rules in a way that could be easily updated (and were on three different occasions) ---- ### Machine-Readable Governance In Real Life Summary: Governance framework files were effective in establishing a trusted digital ecosystem for health and travel credentials and workflows in Aruba --- ### What Needs to Be Done? * RFC for work to date * Improve creation of governance files * Work out signing and publishing * Begin working on methods for disclosing, sharing, discovering