Commit 4a40c0a3 authored by RieksJ's avatar RieksJ
Browse files

governance and management added

parent c3e862d9
Pipeline #43092 passed with stage
in 1 minute and 54 seconds
......@@ -35,7 +35,7 @@ A party usually cannot realize its objectives on its own. To do this, the party
### 2.3 Business Transactions
In the eSSIF-Lab world view, %%actors|actor%% interact with each other (as %%agents|agent%% for their %%principals|principal%%) to negotiate and execute %%transactions|transaction%%. An agent uses the %%knowledge|knowledge%% of its principal as its main guidance for such negotiations and execution. An agent may also use knowledge of other %%parties|party%% to fill in any gaps, or to provide additional details, as necessary. The %%parties-actor-action pattern|pattern-parties-actor-action%% explains the concepts behind this.
In the eSSIF-Lab world view, %%actors|actor%% interact with each other (as %%agents|agent%% for their %%principals|principal%%) to negotiate and execute %%transactions|transaction%%. An agent uses the %%knowledge|knowledge%% of its principal as its main guidance for such negotiations and execution. An agent may also use knowledge of other %%parties|party%% to fill in any gaps, or to provide additional details, as necessary. The %%party-actor-action pattern|pattern-party-actor-action%% explains the concepts behind this.
The participants of a transaction are %%parties|party%%, that employ %%actors|actor%% that do the associated work on their behalf. A party may employ different actors for executing different actions within a single transaction, each of which will use the knowledge of this party (its principal) to guide the execution of these actions, so that the entire transaction is performed according to how the party wants it to be done.
......@@ -60,9 +60,9 @@ In the various phases of a %%transaction|transaction%%, each of its participants
The fact that the [W3C Verifiable Credentials Data Model](https://www.w3.org/TR/vc-data-model) does not provide for a validator role, and explicitly places [validation](https://www.w3.org/TR/vc-data-model/#dfn-credential-validation) of credentials out of its scope, illustrates that we need more than just [verifiable credentials](https://www.w3.org/TR/vc-data-model/#dfn-verifiable-credentials) (VCs). Indeed, protocols are needed e.g. for issuing credentials, [exchanging presentations](https://identity.foundation/presentation-exchange/), revoking credentials etc. Such protocols may provoke the need for additional %%roles|role%%, e.g. a `revoker` (that would revoke credentials), a `policy provider`, etc.
In our framework, we postulate the existince of %%issuers|issuer%%, %%holders|holder%%, %%verifiers|verifier%% and %%validators|validator%%, which for our purposes we define as functional components (i.e. components that fit a functional architecture) and that can be readily realized as concrete technical components that can be deployed in run-time contexts to act as %%digiatl agents|digiatl-agents%% for arbitrary %%parties|party%%. It is not exactly the same, but nevertheless in line with the [W3C VC Terminology](https://www.w3.org/TR/vc-data-model/#terminology), which states (with the obvious exception of the validator) that they are roles that [entities](https://www.w3.org/TR/vc-data-model/#dfn-entities) can or might perform as they execute some function(s).
In our framework, we postulate the existince of %%issuers|issuer%%, %%holders|holder%%, %%verifiers|verifier%% and %%validators|validator%%, which for our purposes we define as functional components (i.e. components that fit a functional architecture) and that can be readily realized as concrete technical components that can be deployed in run-time contexts to act as %%digital agents|digital-agent%% for arbitrary %%parties|party%%. It is not exactly the same, but nevertheless in line with the [W3C VC Terminology](https://www.w3.org/TR/vc-data-model/#terminology), which states (with the obvious exception of the validator) that they are roles that [entities](https://www.w3.org/TR/vc-data-model/#dfn-entities) can or might perform as they execute some function(s).
As mentioned before, we expect that more functionalities and/or %%roles|role%% are necessary to make it all work, e.g. that of %%agent|agent%%, %%principal|principal%%, %%owner|owner%%, %%governor|governor%%, %%guardian|guardian%%, %%dependent|dependent%%, etc. The bulk of these roles will likely not be of technical nature, but more fitted to the higher architectural levels, e.g. of information architecture, process architecture, governance etc.
As mentioned before, we expect that more functionalities and/or %%roles|role%% are necessary to make it all work, e.g. that of %%agent|agent%%, %%principal|principal%%, %%owner|owner%%, %%manager|management%%, %%governor|governance%%, %%guardian|guardian%%, %%dependent|dependent%%, etc. The bulk of these roles will likely not be of technical nature, but more fitted to the higher architectural levels, e.g. of information architecture, process architecture, governance etc.
## 2. Functional Architecture Overview
......
......@@ -31,6 +31,9 @@ The [eSSIF-Lab Identity Pattern](./terms/pattern-identity)
- shows that it is comprised of %%partial identities|partial-identity%% that are the actual artifacts we need to focus on in %%SSI contexts|self-sovereign-identity%%, and
- shows how this relates to (attributes in) %%credentials|credential%%.
### [Managing and Governing](./terms/pattern-governance-and-management)
The envisaged [Managing and Governing Pattern](./terms/pattern-governance-and-management) will explain how %%parties|party%% organize that %%their|owner%% %%objectives|objective%% are realized, either by doing the associated work themselves, or by arranging for other %%parties|party%% to do that. The contribution of this pattern is to show how this is done, based on the idea that every %%objective|objective%% has a single %%party|party%% that %%owns|owner%% the %%objective|objective%%.
## Envisaged Models
These are placeholders for models that we think we could document, but haven't come around to doing.
......@@ -43,7 +46,6 @@ The envisaged [eSSIF-Lab Identity Pattern](./terms/pattern-identification) will
### [Identifiers](./terms/pattern-identifier)
The envisaged [eSSIF-Lab Identity Pattern](./terms/pattern-identifier) will describe the conceptual nature of %%identifiers|identifier%%. Note that %%identifiers|identifier%% are very different from %%identities|identity%%.
### [Decentralized Governance, Risk Management and Compliance (GRC)](./terms/pattern-decentralized-GRC)
The envisaged [Decentralized GRC pattern](./terms/pattern-decentralized-GRC) will describe how %%parties|party%% can set objectives, and pursue them to be succesful. The latter means that the party must be capable of assessing and managing the risks associated with not realizing them. In a decentralized world, this means that it needs to depend on other parties, that may or may not be too reliable. Also, it means that the party must be able to set and realize objectives to satisfy requirements of other parties (compliance).
......
---
id: control-process
title: "Control Process"
scopeid: essifLab
type: concept
typeid: control-process
stage: draft
hoverText: "Control Process (of a Party): a process that is run by a Party to ensure that a specific set of its control Objectives are realized."
glossaryText: "a process, %%owned^owned%% and run by a %%party^party%%, to ensure that a specific subset of its control %%objectives^objective%% are realized."
date: 20210830
---
import useBaseUrl from '@docusaurus/useBaseUrl'
### Short Description
A **Control Process** is a process, %%owned|owned%% and run by a %%party|party%%, to ensure that a specific subset of its control %%objectives|objective%% are realized. Control objectives are %%objectives|objective%% that a party sets to be in control of something. A party that wants to control the quality of its processes, or the information security, may create a set of objectives the realization of which signify its being 'in control' on such topics.
As with all %%objectives|objective%%, control objectives are associated with results, which are to be produced, and used. It is typical for control objectives that their %%owner|owner%% actually uses (consumes) the results, implying that the %%owner|owner%% will do their %%governance|governance%%. The %%owner|owner%% may do their %%management|management%% as well, or outsource it. See the %%governance and management pattern|pattern-governance-and-management%% for an elaboration on this.
### Control Process
The control process we describe here is 'effect-driven', which means that it does not require any knowledge about the way in which the control objectives are realized. This means that %%parties|party%% are not forced to use particular methods, procedures, etc. It specicially also allows the process to be used in a %%governance|governance%% setting.
While some may see this process simply as a means to turn the PDCA-cycle (which in a way, it is), its value lies in the explicit specification of the concrete results that have to be achieved in the various steps. Such explicit specifications provide the concrete basis for both the %%managers|management%% of an %%objective|objective%% and its %%governors|governance%% to do their jobs.
The executive summary of this process is that:
1. (initial) %%control objectives|objective%% are set in terms of the results/effects that have to be achieved;
2. results/effects are measured through so-called 'effect indicators'. (An indicator is a number or value that can be decided on (or measured) objectively by following a measuring instruction. An effect indicator measures an effect or result that is the aim of an organization. Example: 'the percentage of deliveries of the last 30 days, that have been received by the customer within 24 hours after his order was accepted.');
3. results/effects are judged not only on whether or not the effect indicators have met the applicable norms, but also on any circumstances (increasing insights, unexpected events, etc.) that have influenced such results. (A norm is a level that the organization aims an indicator to comply with or must reach. Example: [indicator] > 99%.);
4. results are reflected upon, learning from what happened and/or celebrating the results;
5. decisions are made about altering the control objectives, indicators, judgements, etc. – if necessary.
The %%agent|agent%% (of the %%party|party%% that owns this process) that is tasked with taking the decisions in this process is referred to as 'the governor'. This means that the production of any result other than decisions may be delegated to other %%actors|actor%%.
After step 5 is completed, the same conditions apply as after step 1 is completed, so execution continues at step 2 rather than step 1.
#### 1. Setting of initial control objectives.
_The purpose of this %%activity|action%% is to provide clarity for all stakeholders with respect to the focus of the control process._
It is not the purpose of this activity to come to agreement with stakeholders about what is expected of them. That would be another activity.
The results of this activity are that all of the the following criteria are met:
1. for every area that is being governed, all control objectives are described in terms of the results/effects that are aimed for, and the organization(s) that are expected to produce the results;
2. for every objective, one or more effect indicators are specified;
3. for every objective, norms that are based on such effect indicators are specified (implicitly or explicitly), as well as a point in time (that may be repetitive) that the norm must have been met;
4. the (first occurrence of the) point in time has been established by which step 5 must have been completed.
5. there is a decision by the governor stating that these control objectives are in fact to be met and the associated results/effects are to be achieved.
#### 2. Measuring Results/Effects.
_The purpose of this %%activity|action%% is to ensure that all effect indicators are being assigned values (e.g. measured)._
It is not the purpose of this activity to already pass judgements based on such values.
Having 'clean' measurements that are unprejudiced is of great value when judging achievements, and therefore measuring and judging results/effects should be distinct. In order to guarantee this distinction, it may be necessary to have third parties execute this activity.
The results of this activity are that all of the the following criteria are met:
1. all effect indicators as specified in step 1 have been assigned a value.
#### 3. Judging Results/Effects.
_The purpose of this %%activity|action%% is to obtain clarity about whether or not the control objectives have been achieved (in a manner that is sufficiently satisfactory to the governor)._
Such judgement should be based on two sources of information. The first is comparing the values of the (measured) effect indicators to the norms set in step 1.3. The second source is any progressing insights, unexpected events or other circumstances that might explain any deviations (both positive and negative) from the norms. It is explicitly part of this activity to identify such circumstances.
Taking both sources of information into account, judgement must be passed on each control objective; this judgement says whether or not the expected result/effect has been (sufficiently) achieved. A judgement should be justified if its indicator values deviate significantly from the norm (which can go both ways).
The results of this activity are that all of the the following criteria are met:
1. for every control objective, it is clear whether or not its norm(s) have been satisfied;
2. for every control objective, there is a judgement stating whether or not it is (sufficiently) achieved;
3. if, for some control objective, the judgement differs from what would be expected given the evaluation of the norms, there is a justification for this judgement.
#### 4. Reflection/Learning.
_The purpose of this %%activity|action%% is to provide clarity about the next steps that should be taken._
Quite some time may elapse between setting control objectives, the associated effect indicators/norms, and judging the results/effects. Meanwhile, all sorts of things can change (e.g. laws, the market, political situation, competitors, technology, the organization's obligations, etc.). Such changes may cause control objectives, effect indicators or norms to become outdated. The experience of having judged the results/effects in the previous step is invaluable, because the person that has done this will have 'felt' any contradiction or discrepancy between the effect indicator values and norms, and his own sense of whether the results/effects have been achieved. This information and feeling allows the governor (and others) to ponder, e.g. about:
– fine-tuning or modifying control objectives, indicators, norms;
– modifying objectives that the organization has committed itself to realize (obligations);
– possibilities for influencing circumstances/stakeholders;
– celebrating (unexpectedly) well achieved objectives.
The results of this activity are that all of the the following criteria are met:
1. for every control objective it has been established what should be modified/improved and/or celebrated;
2. for every control objective there is a proposition of how this may be achieved;
3. there is either a proposition for new control objectives, each of which satisfies the criteria of step1,
or a statement saying there are no such control objectives.
4. for every new or modified control objective, the criteria for the initial control objectives are met.
#### 5. Decision making.
_The purpose of this %%activity|action%% is to explicitly decide which of the proposals in step 4 will be adopted, and which not._
Doing so shows that you have actually learned. Also, putting all decisions in a single step allows the governor to delegate the work in steps 3 and 4 to others.
The results of this activity are that all of the the following criteria are met:
1. for each control objective for which it was decided (in step 1) that it should be achieved, there is a decision stating whether or not it has been shown to be the case.
2. for each proposal from step 4, there is a (preliminary) decision with respect to whether or not it will be adopted.
### Controlling the control process itself
Like any other process, the control process may need to be %%governed|governance%%. Here is how to apply the specified control process on itself. In order to distinguish the control process that is being governed, from the process that governs that control process, we will refer to the latter as the meta-control process.
Step 1 (setting the initial control objectives), is as follows:
1. the meta-control process has 5 control objectives that it sets to the governor of the control process. These control objectives are specified by the first sentence of the description of each of the 5 activities of the control process in the previous sections;
2. for every of these control objectives, its effect indicator is described by the results specified after the line “The results of this activity are that all of the the following criteria are met:” of each of the 5 activities;
3. a control objective is met if all criteria as mentioned in its effect indicator are met;
4. step 5 of the process has been completed at a specified point in time.
All other steps of the control process can be followed using the aforementioned objectives, effect indicators and criteria.
......@@ -6,7 +6,7 @@ type: concept
typeid: credential-catalogue
stage: draft
hoverText: "Credential Catalogue: a functional component that has the capability to register and advertise the information about Credential Types that their respective Governing Parties have decided to disclose so as to enable other Parties to decide whether or not it is beneficial for them to use Credentials of such types."
glossaryText: "a functional component that has the capability to register and advertise the information about %%credential types^credential-type%% that their respective %%governing parties^governor%% have decided to disclose so as to enable other %%parties^party%% to decide whether or not it is beneficial for them to use %%credentials^credential%% of such types."
glossaryText: "a functional component that has the capability to register and advertise the information about %%credential types^credential-type%% that their respective %%governing parties^governance%% have decided to disclose so as to enable other %%parties^party%% to decide whether or not it is beneficial for them to use %%credentials^credential%% of such types."
date: 20210601
---
......@@ -16,4 +16,4 @@ TNO to provide further content
### Short Description
A *Credential Catalogue* is a functional component that has the capability to register and advertise the information about Credential Types that their respective %%Governing Parties|governor%% have decided to disclose so as to enable other Parties to decide whether or not it is beneficial for them to use Credentials of such types.
\ No newline at end of file
A *Credential Catalogue* is a functional component that has the capability to register and advertise the information about Credential Types that their respective %%Governing Parties|governance%% have decided to disclose so as to enable other Parties to decide whether or not it is beneficial for them to use Credentials of such types.
\ No newline at end of file
......@@ -5,13 +5,13 @@ scopeid: essifLab
type: concept
typeid: data-collector-policy
stage: draft
hoverText: "Data Collector Policy: a Digital Policy that enables an operational Data Collector component to function according to the rules of its Policy Governor."
glossaryText: "a %%digital policy^digital-policy%% that enables an operational %%data collector^data-collector%% component to function according to the rules of its %%policy governor^policy-governor%%."
hoverText: "Data Collector Policy: a Digital Policy that enables an operational Data Collector component to function in accordance with the Objectives of its Principal"
glossaryText: "a %%digital policy^digital-policy%% that enables an operational %%data collector^data-collector%% component to function in accordance with the %%objectives^objective%% of its %%principal^principal%%."
date: 20210601
---
### Short Description
A **Data Collector Policy** is a %%digital policy|digital-policy%% that enables an operational %%Data Collector component|data-collector%% to function according to the rules of its %%Policy Governor|policy-governor%%.
A **Data Collector Policy** is a %%digital policy|digital-policy%% that enables an operational %%Data Collector component|data-collector%% to function in accordance with the %%objectives|objective%% of its %%principal|principal%%.
Such a policy includes e.g. the kinds of data (and meta-data) required to make these kinds of decisions, criteria to distinguish between data that is %%valid|validate%% and data that is not, any data conversions that may be needed, etc.
......@@ -19,4 +19,4 @@ Such a policy includes e.g. the kinds of data (and meta-data) required to make t
The purpose of a **Data Collector Policy** is to enable the creation of (technical) components that implement the generic %%data collector|data-collector%% functionality that will subsequently use such policies to guide their behaviour.
### Criteria
A **Data Collector Policy** is a %%digital policy|digital-policy%% that enables an operational %%Data Collector component|data-collector%% to function according to the rules, working-instructions and other guidance of its %%Policy Governor|policy-governor%%.
A **Data Collector Policy** is a %%digital policy|digital-policy%% that enables an operational %%Data Collector component|data-collector%% to function in accordance with the %%objectives|objective%% of its %%principal|principal%%.
......@@ -5,13 +5,13 @@ scopeid: essifLab
type: concept
typeid: data-discloser-policy
stage: draft
hoverText: "Data Discloser Policy: a Digital Policy that enables an operational Data Discloser component to function according to the rules of its Policy Governor."
glossaryText: "a %%digital policy^digital-policy%% that enables an operational %%data discloser^data-discloser%% component to function according to the rules of its %%policy governor^policy-governor%%."
hoverText: "Data Discloser Policy: a Digital Policy that enables an operational Data Discloser component to function in accordance with the Objectives of its Principal."
glossaryText: "a %%digital policy^digital-policy%% that enables an operational %%data discloser^data-discloser%% component to function in accordance with the %%objectives^objective%% of its %%principal^principal%%."
date: 20210601
---
### Short Description
A **Data Discloser Policy** is a %%digital policy|digital-policy%% that enables an operational %%Data Discloser component|data-discloser%% to function according to the rules of its %%Policy Governor|policy-governor%%.
A **Data Discloser Policy** is a %%digital policy|digital-policy%% that enables an operational %%Data Discloser component|data-discloser%% to function in accordance with the %%objectives|objective%% of its %%principal|principal%%.
Such a policy includes e.g. the kinds of data (and meta-data) that may be disclosed, the conditions that need to be satisfied for actually disclosing such kinds of data, any meta-data (assurances) that maybe added to data being disclosed, etc.
......@@ -19,4 +19,4 @@ Such a policy includes e.g. the kinds of data (and meta-data) that may be disclo
The purpose of a **Data Discloser Policy** is to enable the creation of (technical) components that implement the generic %%data discloser|data-discloser%% functionality that will subsequently use such policies to guide their behaviour.
### Criteria
A **Data Discloser Policy** is a %%digital policy|digital-policy%% that enables an operational %%Data Discloser component|data-discloser%% to function according to the rules, working-instructions and other guidance of its %%Policy Governor|policy-governor%%.
A **Data Discloser Policy** is a %%digital policy|digital-policy%% that enables an operational %%Data Discloser component|data-discloser%% to function in accordance with the %%objectives|objective%% of its %%principal|principal%%.
......@@ -5,36 +5,18 @@ scopeid: essifLab
type: concept
typeid: governance
stage: draft
hoverText: "Governance: the act or process of governing or overseeing the control and direction of something (Merriam-Webster)."
glossaryText: "the act or process of governing or overseeing the control and direction of something (Merriam-Webster)."
date: 20210601
hoverText: "Governance: the act or process of governing or overseeing the realization of (the results associated with) a set of Objectives by the Owner of these Objectives."
glossaryText: "the %%act^action%% or process of governing or overseeing the realization of (the results associated with) a set of %%objectives^objective%% by the %%owner^owner%% of these %%objectives^objective%%."
date: 20210830
---
### Short Description
**Governance** is the act (executed by, or behalf of some %%party|party%%) or process (of some %%party|party%%) of governing or overseeing the control and direction of something ([Merriam-Webster](https://www.merriam-webster.com/dictionary/governance)). The governance of a %%party|party%% is embodied by the set of processes by which it decides how to make (other) decisions, how %%actors|actor%% that it %%employs|employee%% are to behave and operate, and ensure this guidance ends up in documents (which we will call %%policies|policy%%).
**Governance** is the %%act|action%% or process of governing or overseeing the realization of (the results associated with) a set of %%objectives|objective%% that are %%owned|owned%% by a single %%party|party%%. This act or process is conducted by (%%agents|agent%% that do so on behalf of) this %%party|party%%.
As %%parties|party%% interact with one another, i.e. conduct %%business transactions|transaction%%, they need to decide whether or not to commit to a transaction proposal. Deciding about how to make such a decision is one of the subjects of the governance process of that %%party|party%%: it is establishing the kind of argument that may be used to make this decision.
Governance is about planning the budgets and other resources necsessary _to (obtain and to) actually use the results_. This includes the specification of timelines (deadlines) for the results to become available, as well as the properties and other characteristics (security, quality, sustainability, etc.) that results must have in order to make them effective ('fit for purpose' - fit to be used as intended by the consuming %%party|party%%). In order to keep tabs on the fitness of the results for the intended purposes, effectiveness indicators may be developed, i.e. gauges that measure how 'fit' the results are to be used/consumed for the intended purposes, are also part of this %%governance|governance%%.
Within eSSIF-Lab, governance is pretty much limited to the governance of various %%policies|policy%%.
The %%Parties, Actors and Actions pattern|pattern-party-actor-action%% provides an overview of how this concept fits in with related concepts.
The governance of a set of %%objectives|objective%% can be implemented as a %%control process|control-process% where each of these objectives serves as a control objective in that process.
We make a clear distinction between governance and management, which is explained in the %%governance and management pattern|pattern-governance-and-management%%.
### Purpose
The purpose for a %%party|party%% of having a **governance** process is that it enables him to reflect on the ways that it makes decisions. A typical topic for governance is the maintenance of the set of rules, working-instructions, preferences and other guidance that %%actors|actor%% are supposed, or required to use when executing specific %%actions|action%% on behalf of that %%party|party%%.
For %%digital-actors|digital-actor%% such guidance consists of %%digital policies|digital-policy%%. A %%party|party%% whose governance process maintains a %%policy|policy%% will be called the %%governor|policy-governor%% of that policy.
### Related Concepts
- %%Governance|governance%%
- %%Governor|policy-governor%%
- %%Policy|policy%%
- %%Digital Policy|digital-policy%%
- %%Transaction Data Discloser Policy|transaction-data-collector-policy%%
- %%Transaction Data Collector Policy|transaction-data-collector-policy%%
- %%Verifier Policy|verifier-policy%%
- %%Issuer Policy|issuer-policy%%
- %%Holder Policy|holder-policy%%
- %%Wallet Policy|wallet-policy%%
:::info Editor's note
TNO (or others) to provide additional content of this file.
:::
The purpose for a %%party|party%% of having a **governance** process is that it enables him to oversee the realization of (the results associated with) various subset of its %%objectives|objective%%, and to change the specification of the associated results, to select the appropriate %%party|party%% for actually realizing these results, etc.
---
id: governor
title: "Governor"
scopeid: essifLab
type: concept
typeid: governor
stage: draft
hoverText: "Governor: the role that a Party assumes as it is governing or overseeing the control and direction of something."
glossaryText: "the role that a %%party^party%% assumes as it is governing or overseeing the control and direction of something."
date: 20210601
---
### Short Description
A **Governor** is a name used to refer to a Party that is governing or overseeing the control and direction of something.
See %%governance|governance%%
\ No newline at end of file
......@@ -27,6 +27,6 @@ A **Guardianship Arrangement** (in a %%jurisdiction|jurisdiction%%) is an assemb
2. a collection of duties and rights that are assigned to these legal entities, which they can enforce within the scope of that jurisdiction;
### Notes
- dependents need not always be people that are somehow very needy. The manager of a department in a company may be tasked to care for the wellbeing of the workers in his department, which doesn't require such workers to be incapable of doing that for themselves.
- dependents need not always be people that are somehow very needy. The %%manager|management%% of a department in a company may be tasked to care for the wellbeing of the workers in his department, which doesn't require such workers to be incapable of doing that for themselves.
- dependents need not always be people. Enterprises can have curators that care for an enterprise that has trouble to continue its existence. A historical heritage site might also become a dependent in a specific kind of guardianship type. Even some kinds of %%ownership|ownership%% may qualify as a guardianship, which is the case when the rights and duties that the %%owner|owner%% has to enjoy, dispose of, and control the (%%owned|owned%%) entity also serve to care for, or defend that entity.
- We may use the phrase %%natural guardianship|guardianship-arrangement%% to refer to a 'guardianship arrangement' that exists in the %%jurisdiction|jurisdiction%% 'Nature' (see the notes of %%jurisdiction|jurisdiction%%). This enables us to talk about things as 'the (natural) guardianship of an %%assertion|assertion%%'.
......@@ -5,8 +5,8 @@ scopeid: essifLab
type: concept
typeid: holder-policy
stage: draft
hoverText: "Holder Policy: a Digital Policy that enables an operational Holder component to function according to the rules of its Policy Governor."
glossaryText: "a %%digital policy^digital-policy%% that enables an operational %%holder^holder%% component to function according to the rules of its %%policy governor^policy-governor%%."
hoverText: "Holder Policy: a Digital Policy that enables an operational Holder component to function in accordance with the Objectives of its Principal"
glossaryText: "a %%digital policy^digital-policy%% that enables an operational %%holder^holder%% component to function in accordance with the %%objectives^objective%% of its %%principal^principal%%."
date: 20210601
---
......@@ -16,5 +16,4 @@ TNO (or others) to provide the content of this file.
### Related Concepts
- %%Digital Policy|digital-policy%%
- %%Policy Governor|policy-governor%%
- %%Holder|holder%%
......@@ -5,8 +5,8 @@ scopeid: essifLab
type: concept
typeid: issuer-policy
stage: draft
hoverText: "Issuer Policy: a Digital Policy that enables an operational Issuer component to function according to the rules of its Policy Governor."
glossaryText: "a %%digital policy^digital-policy%% that enables an operational %%issuer^issuer%% component to function according to the rules of its %%policy governor^policy-governor%%."
hoverText: "Issuer Policy: a Digital Policy that enables an operational Issuer component to function in accordance with the Objectives of its Principal."
glossaryText: "a %%digital policy^digital-policy%% that enables an operational %%issuer^issuer%% component to function in accordance with the %%objectives^objective%% of its %%principal^principal%%."
date: 20210601
---
......@@ -16,5 +16,4 @@ TNO (or others) to provide the content of this file.
### Related Concepts
- %%Digital Policy|digital-policy%%
- %%Policy Governor|policy-governor%%
- %%Issuer|issuer%%
......@@ -11,7 +11,7 @@ date: 20210601
---
### Short Description
A **Jurisdiction** is the composition of a (non-empty) set of %%objectives|objective%%, one %%scope|scope%%, one %%legal system|legal-system%% and one %%party|party%% (called the %%Governor of the Jurisdiction|jurisdiction-governor%%) that operates the legal system within that scope. While most people are familiar with what we call %%legal jurisdictions|legal-jurisdiction%%, please observe that %%organizations|organization%% habitually will have rules (business policies) in place, enforce them (to some extent), and have ways of resolving conflicts, and therefore qualify as a jurisdiction. Specifically, multi-national organizations are known to govern multiple jurisdictions, aliging the scopes with the scopes of other (often legal) jurisdictions for the purpose of preventing situations in which conflicting rules apply, which would lead to many effort-intensive conflict-resolution cases.
A **Jurisdiction** is the composition of a (non-empty) set of %%objectives|objective%%, one %%scope|scope%%, one %%legal system|legal-system%% and one %%party|party%% (called the %%Governor|governance%% of the Jurisdiction) that operates the legal system within that scope. While most people are familiar with what we call %%legal jurisdictions|legal-jurisdiction%%, please observe that %%organizations|organization%% habitually will have rules (business policies) in place, enforce them (to some extent), and have ways of resolving conflicts, and therefore qualify as a jurisdiction. Specifically, multi-national organizations are known to govern multiple jurisdictions, aliging the scopes with the scopes of other (often legal) jurisdictions for the purpose of preventing situations in which conflicting rules apply, which would lead to many effort-intensive conflict-resolution cases.
The %%Jurisdictions pattern|pattern-jurisdiction%% provides an overview of how this concept fits in with related concepts.
......
---
id: management
title: "Management"
scopeid: essifLab
type: concept
typeid: management
stage: draft
hoverText: "Management: the act or process of managing or actually realizing of (the results associated with) a set of Objectives by the Owner of these Objectives."
glossaryText: "the %%act^action%% or process of managing or actually realizing of (the results associated with) a set of %%objectives^objective%% by the %%owner^owner%% of these %%objectives^objective%%."
date: 20210830
---
### Short Description
**Management** is the %%act|action%% or process of managing or actually realizing of (the results associated with) a set of %%objectives|objective%% that are %%owned|owned%% by a single %%party|party%%. This act or process is conducted by (%%agents|agent%% that do so on behalf of) this %%party|party%%.
Management is about planning and organizing the budgets and other resources so that they become (and/or remain) available _to produce the results_ of the associated %%objectives|objective%%. It includes the specification of timelines (deadlines) for the production, as well as the properties and other characteristics (security, quality, sustainability, etc.) of what is actually being produced/maintained. It also deals with making the tools and %%policies|policy%% (e.g. working instructions) available for doing all this.
In order to keep tabs on the efficiency of the management process, performance indicators may be developed, i.e. gauges that measure how well the resources are spent in this production/maintenancd work are also part of this.
The management of a set of %%objectives|objective%% can be implemented as a %%control process|control-process%. The control objectives that are needed by this control process would typically come from a %%policy|policy%% of the owner of the %%objectives|objective%% that are managed.
We make a clear distinction between governance and management, which is explained in the %%governance and management pattern|pattern-governance-and-management%%.
### Purpose
The purpose for a %%party|party%% of having a **management** process is that it enables him to efficiently realize (the results associated with) various subset of its %%objectives|objective%%, to change the specification of the associated results as needed, and to make sure the results are actually going to be used by itself or some other %%party|party%%.
......@@ -5,21 +5,62 @@ scopeid: essifLab
type: concept
typeid: objective
stage: draft
hoverText: "Objective: Something toward which a Party directs effort (an aim, goal, or end of action)."
glossaryText: "Something toward which a %%party^party%% directs effort (an aim, goal, or end of action)."
hoverText: "Objective: Something toward which a Party (its Owner) directs effort (an aim, goal, or end of action)."
glossaryText: "Something toward which a %%party^party%% (its %%owner^owner%%) directs effort (an aim, goal, or end of action)."
date: 20210601
---
import useBaseUrl from '@docusaurus/useBaseUrl'
### Short Description
**Objectives** drive %%parties|party%% as they make their goals explicit, the primary one of which is also referred to as the **mission** of that %%party|party%%. A %%party's|party%% objectives are part of its %%knowledge|knowledge%%. When made available to %%agents|agent%% of that %%party|party%%, these agents can do the work that is needed to reach these goals (realize the %%party's|party%% objectives).
An **Objective** is something toward which a %%party|party%% (its %%owner|owner%%) directs effort (an aim, goal, or end of action). Typically, the realization of an objective can be observed in terms of results, e.g. products that have been produced, services that are being provided, a situation or state (e.g. happiness) that has been continued etc.
%%Ownership|ownership%% of the objective is implied, as it is part of that party's %%knowledge|knowledge%% (which is %%owned|owned%% by that party). Consequently, a single objective cannot be shared, as it would imply it had multiple %%owners|owner%%.
In order to communicate its objectives a %%party|party%% typically uses a text - a description of its intention, the aim, the goal, etc. In practice, people are known to confuse this description with the objective itself, which may cause them to think that two parties shared the same objective becasue these parties happen to use the same descriptive text. As mentioned before, that's not possible. However, it may be the case that two parties each have an objective that is similar to a very high degree. However, as each party can autonomously change the descriptive text, (the specification of) the results and any other attributes, it is obvious that what might seem to be the same objective is actually a set of (very) similar objectives.
We refer you to the %%Governance and Management pattern|pattern-governance-and-management%% for a description of how to think about objectives in contexts where there are multiple %%parties|party%%.
### Purpose
The ability to distinguish between (non)objectives is relevant as objectives are the drivers behind the reasoning and decisions that %%parties|party%% make, the policies and working instructions that they specify so that its %%agents|agent%% know what to do, when to do it, and how to do it. Moreover, objectives are 1-1 associated with risks (i.e. the level of uncertainty that the %%party|party%% experiences regarding whether a specific objective is going to be appropriately realized). Finally, objectives must be known in order to obtain (personal) data according to the [GDPR](https://eur-lex.europa.eu/eli/reg/2016/679/oj).
The ability to distinguish between (non)objectives is relevant as objectives are the drivers behind the reasoning and decisions that %%parties|party%% make, the %%policies|policy%% and working instructions that they specify so that its %%agents|agent%% know what to do, when to do it, and how to do it. Moreover, objectives are 1-1 associated with %%risks|risk%%. Finally, objectives must be known in order to obtain (personal) data according to the [GDPR](https://eur-lex.europa.eu/eli/reg/2016/679/oj).
### Criterion
A text representing something toward which a %%party|party%% directs its efforts: an aim, goal, or end of action.
An **objective** is something
- that is %%owned|owned%% by a single %party;
- toward which its %%owner|owner%% directs its efforts: an aim, goal, or end of action;
- that can be realized, and this realization can be seen in terms as the coming into existence of results (e.g. products that have been produced, services that are being provided, a situation or state (e.g. happiness) that has been continued etc.);
- that may have a description (text, that represents and identifies the objective within the %%knowledge|knowledge%% of its %%owner|owner%%)
### Examples
- generically: anything that, according to a %%party|party%% c.q. its way of thinking, is important to be realized, qualifies as an Objective (and identifies its owner as that %%party|party%%).
- most people have the objective 'stay alive'.
- the equivalent in organizations is 'continuation of its existence' (many operate 'business-continuity processes' to realize this, and to identify and mitigate any associated risks).
- generically: anything that, according to a %%party|party%% c.q. its way of thinking, is important to be realized or maintained, qualifies as an Objective (and identifies its owner as that %%party|party%%).
- most people have an objective that could be described as "to stay alive".
- the equivalent in %%organizations|organization%% is 'continuation of its existence' (many operate 'business-continuity processes' to realize this, and to identify and mitigate any associated risks).
### Formalization
Here is a visual representation of the formalization of this concept, using the following [notations and conventions](../notations-and-conventions#pattern-diagram-notations):
<img
alt="A Party's Objectives"
src={useBaseUrl('images/essif-lab-objective.png')}
/>
*Figure 1. Parties and their objectives.*
The figure shows that every objective has a single %%owner|owner%%, which is the %%party|party%% that uses it to direct its efforts to.
This %%party|party%% may describe the objective, typically in terms of a text (or speech). This description, while meaningful to this party (as it is party of its %%knowledge|knowledge%%), may not be meaningful to, or be misinterpreted by other parties.
Whether or not an objective is realised can be determined, also by other %%parties|party%%, by the results that must (continue to) exist. Such results can be products that have been produced, services that are (continuously) being provided, a situation or state (e.g. happiness) that has been continued etc. Results are typically auditable, and depending on the kind of result an auditor might establish their existence (and as the case may be: their (proper) design and/or operation).
A %%party|party%% can manage the objective, which means that it actually organizes (and executes) the work that needs to be done to produce the result. The party does so in its role of 'producer'. There can only be one such party. If there were more than one, they would necessarily produce different (albeit perhaps similar, or the same-in-kind) results, or they may end up having arguments about who is (really) 'in charge', i.e. who is the sole %%manager|management%%/producer.
The %%owner|owner%% of an objective is not necessarily its %%manager|management%%. It might outsource this work, e.g. order the product from another party, or delegate the work to another party.
In this case, we say that the %%owner|owner%% %%governs|governance%% the objective, which means that it specifies the results, and determines which %%party|party%% it wants to produce these results. It also implies that the owner will be using the results (in the role of 'consumer' of (the results of) the objective). After all, there is no point in setting an objective that one doesn't produce the results of, and also doesn't use these results for one or another purpose. So the %%owner|owner%% of an objective fulfills the producer and/or the consumer role for this objective, meaning that it will produce and/or consume the associated results.
As the producer, a party can add attributes to the objective that help it to produce the results. One may think of performance indicators (e.g. budgets and other resources, timelines, etc.), specifications of these results, attributes related to the quality, security, sustainance etc. of the results, and so on. This helps to keep tabs on the production, instruct the %%agents|agent%% it uses for doing the actual production, and communicate with consuming parties.
As a consumer, a party can add attributes to the objective that help it consume the results. Typically, this may include a list of purpose(s) and/or activities in which it wants/needs to use the results, and characteristics results must have (e.g. what one can actully do with them). This helps to make sure the results are available when they are actually needed, to inform the %%agents|agent%% of the consumer about this, and communicate with the producing party, specifically about the characteristics of the results that are required to make them fit for (the) purpose (for which the consumer wants to use them).
For more information, e.g. about how different %%parties|party%% interact in their roles of producer and consumer, we refer you to the %%Governance and Management pattern|pattern-governance-and-management%%.
\ No newline at end of file
......@@ -44,7 +44,7 @@ Another illustration comes from the [OWASP Top 10](https://owasp.org/www-project
One reason for this may be that risks must be owned. That is to say: there must be a person (not: an organization) that actually feels 'pain' (discomfort, anxiety, ...) when that risk is not acceptable. This is a different kind of ownership than what we have seen a lot, which is writing the name of a person next to a risk. The latter is ineffective if that person doesn't feel the associated pain.
Another reason is that the number of risks a person needs to deal with must be manageable. [CRAMM](https://www.enisa.europa.eu/topics/threat-risk-management/risk-management/current-risk/risk-management-inventory/rm-ra-methods/m_cramm.html) (1985-2003) is a RM method + tool that helped organizations do their risk assessments by providing threats to, and vulnerabilities of, various kinds of assets. As the number of technological products exploded, so did their database, resulting in a CRAMM risk assessment becoming unacceptably costly and long. Also, it produced ever more mitigation measures. For managers, it was obvious that many of them were irrelevant and the required budgets would not be available.
Another reason is that the number of risks a person needs to deal with must be manageable. [CRAMM](https://www.enisa.europa.eu/topics/threat-risk-management/risk-management/current-risk/risk-management-inventory/rm-ra-methods/m_cramm.html) (1985-2003) is a RM method + tool that helped organizations do their risk assessments by providing threats to, and vulnerabilities of, various kinds of assets. As the number of technological products exploded, so did their database, resulting in a CRAMM risk assessment becoming unacceptably costly and long. Also, it produced ever more mitigation measures. For %%managers|management%%, it was obvious that many of them were irrelevant and the required budgets would not be available.
A third reason is that risks should be relevant in order to be treated. For example, the risk of leaking a cryptographic key from a crypto chip that is vulnerable to power/timing-attacks is irrelevant e.g. when the chip and its battery are sealed in a physical casing. Also, the risk of crashing your car as a result of an autopilot failure is irrelevant if you never use the autopilot.
......
......@@ -92,7 +92,7 @@ Another illustration comes from the [OWASP Top 10](https://owasp.org/www-project
One reason for this may be that risks must be owned. That is to say: there must be a person (not: an organization) that actually feels 'pain' (discomfort, anxiety, ...) when that risk is not acceptable. This is a different kind of ownership than what we have seen a lot, which is writing the name of a person next to a risk. The latter is ineffective if that person doesn't feel the associated pain.
Another reason is that the number of risks a person needs to deal with must be manageable. [CRAMM](https://www.enisa.europa.eu/topics/threat-risk-management/risk-management/current-risk/risk-management-inventory/rm-ra-methods/m_cramm.html) (1985-2003) is a RM method + tool that helped organizations do their risk assessments by providing threats to, and vulnerabilities of, various kinds of assets. As the number of technological products exploded, so did their database, resulting in a CRAMM risk assessment becoming unacceptably costly and long. Also, it produced ever more mitigation measures. For managers, it was obvious that many of them were irrelevant and the required budgets would not be available.
Another reason is that the number of risks a person needs to deal with must be manageable. [CRAMM](https://www.enisa.europa.eu/topics/threat-risk-management/risk-management/current-risk/risk-management-inventory/rm-ra-methods/m_cramm.html) (1985-2003) is a RM method + tool that helped organizations do their risk assessments by providing threats to, and vulnerabilities of, various kinds of assets. As the number of technological products exploded, so did their database, resulting in a CRAMM risk assessment becoming unacceptably costly and long. Also, it produced ever more mitigation measures. For %%managers|management%%, it was obvious that many of them were irrelevant and the required budgets would not be available.
A third reason is that risks should be relevant in order to be treated. For example, the risk of leaking a cryptographic key from a crypto chip that is vulnerable to power/timing-attacks is irrelevant e.g. when the chip and its battery are sealed in a physical casing. Also, the risk of crashing your car as a result of an autopilot failure is irrelevant if you never use the autopilot.
......
---
id: pattern-governance-and-management
title: "Governance and Management"
scopeid: essifLab
type: pattern
typeid: manage-and-govern
stage: draft
hoverText: "The Governance and Management pattern explains how Parties organize that their Objectives are realized, either by doing the associated work themselves, or by arranging for other Parties to do that."
date: 20210830
---
import useBaseUrl from '@docusaurus/useBaseUrl'
### Purpose
The **Governance and Management pattern** captures the concepts and relations that explain how %%parties|party%% organize that %%their|owner%% %%objectives|objective%% are realized, either by doing the associated work themselves, or by arranging for other %%parties|party%% to do that. The contribution of this pattern is to show how this is done, based on the idea that every %%objective|objective%% has a single %%party|party%% that %%owns|owner%% the %%objective|objective%%.
### Introduction
Whether or not an %%objective|objective%% is realized can be seen by the status of the associated results, as is explained [there](objective). The following figure is a recap of the %%objective|objective%%-concept (using the usual [notations and conventions](../notations-and-conventions#pattern-diagram-notations)):
<img
alt="A Party's Objectives"
src={useBaseUrl('images/essif-lab-objective.png')}
/>
*Figure 1. Parties and their %%objectives|objective%%.*
Note that there are two 'sides' to each objective (and their results):
1. the _**production**_ side. Here, it is important that the budgets and other resources are planned, and made available _to produce the results_. This includes the specification of timelines (deadlines) for the production, as well as the properties and other characteristics (security, quality, sustainability, etc.) of what is actually being produced/maintained. It also deals with making the tools and %%policies|policy%% (e.g. working instructions) available for doing all this. We will use the term 'management' to refer to these %%activities|action%%, and the term '%%manager|management%%' to refer to the role of a %%party|party%% that performs such activities. Hence, developing performance indicators, i.e. gauges that measure how well the resources are spent in this production/maintenancd work are also part of this.
2. the _**consumption**_ side. Here, it is important that the budgets and other resources are planned, and made available _to (obtain and to) actually use the results_. This includes the specification of timelines (deadlines) for the results to become available, as well as the properties and other characteristics (security, quality, sustainability, etc.) that results must have in order to make them effective ('fit for purpose' - fit to be used as intended by the consuming %%party|party%%). We will use the term '%%governance|governance%%' to refer to these %%activities|action%%, and the term '%%governor|governance%%' to refer to the role of a %%party|party%% that performs such activities. Hence, developing effectiveness indicators, i.e. gauges that measure how 'fit' the results are to be used/consumed for the intended purposes, are also part of this %%governance|governance%%.
A %%party|party%% that %%owns|owner%% an %%objective|objective%% gets to decide whether he will do the production side, the consumption side, or both. The easiest is if the party chooses to do both, thus not only creating/maintaining specific results, but also actually using them. What makes this easy is that coordination between 'supply' (the production side) and 'demand' (the consumption side) is done within one %%knowledge|knowledge%%, i.e. the %%knowledge|knowledge%% of the %%party|party%% that %%owns|owner%% the %%objective|objective%%. Coordination between budgets, timelines, the characteristics of the results, etc., are much easier when all this gets to be decided by a single %%party|party%%.
### Managing and Governing
The following figure illustrates the situation where this is not the case (using the usual [notations and conventions](../notations-and-conventions#pattern-diagram-notations)):
<img
alt="managing and governing"
src={useBaseUrl('images/essif-lab-governance-and-management.png')}
/>
*Figure 1. Managing and governing objectives.*
When a %%party|party%% decides to outsource the production side, he must then find another %%party|party%% to do that for him. We say that the %%objective|objective%%, the results of which are to be realized by that other party, is an 'expectation' of the first %%party|party%%. So an 'expectation' is an %%objective|objective%% that is %%owned|owned%% by a %%party|party%% that does not itself realizes the associated results. Assuming that every %%objective|objective%% is to be meaningful to its %%owner|owner%%, we conclude that this %%party|party%% is (one of) the consumer(s) of these results, and hence will %%govern|governance%% this/its %%objective|objective%%, but not manage it. This %%party|party%% may find it useful to communicate its needs (e.g. the timelines/deadlines, the characteristics that makes the results 'fit-for-purpose', etc.) to the %%party|party%% that it requests to produce these results, as this makes it easier for that party to do so.
If such a %%party|party%% accepts the request (to realize some results), it will have created an %%objective|objective%% (that it %%owns|owner%% itself), that is associated with the results that it is going to produce, and the associated specification of timelines, characteristics etc. A %%party|party%% may also decide to realize some results without any explicit request - and even if it does not intend to use/consume them itself. We will refer to an %%objective|objective%%, the results of which are realized by its %%owner|owner%%, as an 'obligation' of that %%owner|owner%%.
The main contribution of this pattern lies in
- the observation that in any case where the consumer/user of a result (product/service) and the producer/maintainer thereof are different %%parties|party%%, each of them have their %%own|owner%% %%objective|objective%% that is associated with a result (specification), and
- the consequence thereof that, since such %%objectives|objective%% are part of a different %%knowledge|knowledge%%, one must not assume that they are the same.
As a consequence, %%parties|party%% that %%govern|governance%% an %%objective|objective%% of theirs but do not manage it, should ensure that the results that the producer is realizing are in fact fit for purpose. Conversely, %%parties|party%% that manage an %%objective|objective%% of theirs but do not %%govern|governance%% it, should ensure they know which other %%parties|party%% will use the results, and what makes them fit for (their) purposes.
The processes for governing and/or managing of objectives can be controlled by deploying a suitable %%control process|control-process%%.
\ No newline at end of file
......@@ -58,7 +58,7 @@ In the figure, concepts are placed in one of three areas that are elaborated in
Different objectives lead to different kinds of guardianships. For example, the objective that children should be taken care of, get a good education etc. may lead to a guardianship type called 'Parenthood'. Others may lead to guardianship types such as 'Curatorship', 'Financial Administration', 'Legal Custody', etc.
Note that dependents need not always be
- people that are somehow very needy. The manager of a department in a company may be tasked to care for the wellbeing of the workers in his department, which doesn't require such workers to be incapable of doing that for themselves.
- people that are somehow very needy. The %%manager|management%% of a department in a company may be tasked to care for the wellbeing of the workers in his department, which doesn't require such workers to be incapable of doing that for themselves.
- people. Enterprises can have curators that care for an enterprise that has trouble to continue its existence. A historical heritage site might also become a dependent in a specific kind of guardianship type. Even some kinds of %%ownership|ownership%% may qualify as a guardianship, which is the case when the rights and duties that the %%owner|owner%% has to enjoy, dispose of, and control the (%%owned|owned%%) entity also serve to care for, or defend that entity.
Guardianship %%governance|governance%% is the acts/processes of governing/overseeing the control and direction of whatever relates to guardianships. It oversees and directs the establishment of %%guardianship types|guardianship-type%%, defining the various stakeholder roles and associating their rights and duties towards one another.
......
---
id: policy-governor
title: "Policy Governor"
scopeid: essifLab
type: concept
typeid: policy-governor
stage: draft
hoverText: "Policy Governor (of a Policy): the Party that is the Owner of the Policy and hence decides what goes in it and what not."
glossaryText: "the %%party^party%% that is the %%owner^owner%% of the %%policy^policy%% and hence decides what goes in it and what not."
date: 20210601
---
:::info Editor's note
TNO (or others) to provide the content of this file.
:::
### Short Description
The %%Parties, Actors and Actions pattern|pattern-party-actor-action%% provides an overview of how this concept fits in with related concepts.
### Purpose
### Criteria
### Related Concepts
- %%Governance|governance%%
- %%Governor|policy-governor%%
- %%Policy|policy%%
- %%Digital Policy|digital-policy%%
- %%Transaction Data Discloser Policy|transaction-data-collector-policy%%
- %%Transaction Data Collector Policy|transaction-data-collector-policy%%
- %%Verifier Policy|verifier-policy%%
- %%Issuer Policy|issuer-policy%%
- %%Holder Policy|holder-policy%%
- %%Wallet Policy|wallet-policy%%
......@@ -5,18 +5,19 @@ scopeid: essifLab
type: concept
typeid: policy
stage: draft
hoverText: "Policy: a (set of) rules, working-instructions, preferences and other guidance for the execution of one or more kinds of Actions, that Agents (a) have access to, (b) can interpret as intended by their Principal (i.e. policy Owner) and (c) must use when executing such Actions."
glossaryText: "a (set of) rules, working-instructions, preferences and other guidance for the execution of one or more kinds of %%actions^action%%, that %%agents^agent%% (a) have access to, (b) can interpret as intended by their %%principal^principal%% (i.e. policy %%owner^owner%%) and (c) must use when executing such %%actions^action%%."
date: 20210601
hoverText: "Policy: a (set of) rules, working-instructions, preferences and other guidance for the execution of one or more kinds of Actions, that Agents of the Party that Governs the policy have access to and can interpret such that this results in these Actions being executed as intended by that Party."
glossaryText: "a (set of) rules, working-instructions, preferences and other guidance for the execution of one or more kinds of %%actions^action%%, that %%agents^agent%% of the %%party^party%% that %%governs^governance%% the policy have access to and can interpret such that this results in these %%actions^action%% being executed as intended by that %%party^party%%."
date: 20210901
---
### Short Description
A **policy** is a (set of) rules, working instructions and/or other guidance for the execution of one or more kinds of %%actions|action%%. that agents (a) have access to, (b) can interpret as intended by their principal (i.e. policy owner) and (c) must use when executing such actions.
A **policy** is a (set of) rules, working instructions and/or other guidance for the execution of one or more kinds of %%actions|action%% that %%agents|agent%% of the %%party|party%% that %%governs|governance%% the policy have access to and can interpret such that this results in these %%actions|action%% being executed as intended by that %%party|party%%.