- A
- acquired trust #assurance#gswg
Trust gained through direct experience.
- C
- controlled document #gswg
A component document of a governance framework that follows the modular architecture of the ToIP governance metamodel. All controlled documents must be listed in the primary document.
- cryptographic trust #assurance#gswg
Trust based on reliance on cryptography for assurance about the relationship between public and private keys in a public key infrastructure (PKI).
- D
- direct trust #assurance#gswg
In a [trust relationship] between a subject and an object, direct trust derives from the subject’s direct experience with the object and not through any other [party].
- G
- governance framework #gswg
A set of business, legal, and technical [definitions], [policies], [specifications], and contracts by which the members of a trust community agree to be governed in order to achieve their desired objectives. ToIP-compliant governance frameworks follow the ToIP governance metamodel.
- H
- human auditable requirement #gswg#reqs
A requirement expressed in a human language that can only be fulfilled by a human actor performing a set of processes and practices against which conformance can only be tested by an auditor of some kind. In a ToIP-compliant governance framework, human-auditable requirements are expressed as policies.
- I
- inherent trust #assurance#gswg
Trust that stems from our acceptance of the innate laws of nature and established social norms. Inherent trust is not controllable from a risk mitigation standpoint; it just exists.
- K
- keyword #gswg#reqs
A specified word used to define normative requirements. The ToIP Governance Metamodel Specification specifies that all requirements MUST be expressed using RFC 2119 keywords spelled in ALL CAPITALS.
- M
- machine testable requirement #gswg#reqs
A requirement written in a machine-readable format such that conformance of a software actor implementing the requirement can be tested by an automated test suite or rules engine. In a ToIP-compliant governance framework, machine-readable requirements are expressed as rules in a rules-based language.
- mandatory #gswg#reqs
A requirement expressed using one of the following RFC 2119 keywords: "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT".
- N
- non transitive trust #assurance#gswg
The trust conveyed within the boundaries of an ecosystem.
- O
- option #gswg#reqs
A requirement expressed using one of the following RFC 2119 keywords: "MAY", "OPTIONAL".
- P
- policy #gswg#reqs
A human-auditable requirement that specifies some set of processes and practices that an actor must follow in order to be in conformance with the requirement.
- practice #gswg#reqs
A specified activity that an actor must perform as part of a process.
- primary document #gswg
The starting point document ("home page") of a governance framework that follows the modular architecture of the ToIP governance metamodel. In this metamodel, the primary document is required to include a list of all other controlled documents.
- process #gswg#reqs
A specified set of actions that an actor must take in order to be in conformance with a policy. A process may consist of a set of practices.
- R
- recommendation #gswg#reqs
A requirement expressed using one of the following RFC 2119 keywords: "SHOULD", "SHOULD NOT", "RECOMMENDED".
- referential trust #assurance#gswg
Trust established through a trustworthy intermediary transferring trust upon a third party.
- requirement #gswg#reqs
In the context of a governance framework (GF), a requirement states a condition that an actor (human or machine) must meet in order to be in conformance. This condition may be stated as either a policy (a human-auditable requirement) or a rule (a machine-testable requirement). A requirement may be either a mandatory, a recommendation, or an option.
- rule #gswg#reqs
A machine-testable requirement written in a machine-readable language that can be processed by a rules engine.
- S
- specification #gswg#reqs
A document or set of documents containing any combination of human-auditable requirements and machine-testable requirements needed to produce interoperability amongst implementations of the specification. A specification may be included directly in a governance framework as a controlled document or it may be referenced via a permalink.
- specification profile #gswg#reqs
A particular type of specification that defines requirements for using another specification.
- T
- transitive trust #assurance#gswg
In a [trust relationship] between a subject and an object, transitive trust does not derive from the subject’s direct experience with the object, but from the subject’s experience with another party that has direct experience with the object.