Skip to content
This repository has been archived by the owner on Aug 19, 2024. It is now read-only.

Add DPG: Kiva Protocol #566

Merged
merged 10 commits into from
Jun 24, 2021
Merged

Add DPG: Kiva Protocol #566

Show file tree
Hide file tree
Changes from 9 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
fa7387e
BLD: add full submission for kiva protocol
lacabra Jun 4, 2021
533c9d9
Merge branch 'master' into kiva
nathanbaleeta Jun 9, 2021
1b45bb5
Merge branch 'master' into kiva
nathanbaleeta Jun 15, 2021
94a899a
Updated DPG: Kiva Protocol
nathanbaleeta Jun 15, 2021
2566f11
Merge branch 'master' into kiva
nathanbaleeta Jun 17, 2021
8867476
Update DPG: Kiva Protocol
nathanbaleeta Jun 17, 2021
44a5fd0
Merge branch 'master' into kiva
nathanbaleeta Jun 23, 2021
cf9fde6
Update privacy compliance list for DPG: Kiva Protocol
nathanbaleeta Jun 23, 2021
f60b86f
Merge branch 'master' into kiva
lacabra Jun 23, 2021
0698b1b
Merge branch 'master' into kiva
nathanbaleeta Jun 24, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
82 changes: 82 additions & 0 deletions digitalpublicgoods/kiva-protocol.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,82 @@
{
"name": "Kiva Protocol",
"clearOwnership": {
"isOwnershipExplicit": "Yes",
"copyrightURL": "https://github.com/kiva/aries-guardianship-agency/blob/master/LICENSE"
},
"platformIndependence": {
"mandatoryDepsCreateMoreRestrictions": "No",
"isSoftwarePltIndependent": "",
"pltIndependenceDesc": ""
},
"documentation": {
"isDocumentationAvailable": "Yes",
"documentationURL": [
"https://protocol-docs.web.app/"
]
},
"NonPII": {
"collectsNonPII": "No"
},
"privacy": {
"isPrivacyCompliant": "Yes",
"privacyComplianceList": [
"National Civil Registration Authority Act (Sierra Leone)"
],
"adherenceSteps": [
"As described previously, Kiva Protocol follows 'privacy by design' principles, including data minimization, non-correlation, and user control/ selective disclosure. And of course, no PII is ever written to the ledger. However, for any given implementation it remains up to our government partners to define their own governance policies and determine their compliance with all relevant laws. Therefore all terms of service, privacy policies, etc. are defined on a project basis. \nInter-agency data sharing between the National Civil Registration Authority and the Bank of Sierra Leone is permitted under the National Civil Registration Authority Act. Additional regulations governing the use of the eKYC platform to facilitate new account onboarding and customer due diligence are being developed by the Bank of Sierra Leone. A broader initiative to develop a consumer protection regime in Sierra Leone - which may include privacy and consumer financial protection - is being conducted by UNCDF with support from Innovations for Poverty Action (IPA)."
]
},
"standards": {
"supportStandards": "Yes",
"standardsList": [
"Developers for this project have been active in the development of the W3C Verifiable Credentials specification, the W3C Decentralized Identifier specification, the DIDComms specification incubated at the Decentralized Identity Foundation, and other identity communications specification work hosted in the Aries RFC repository. Test support work is ongoing, as many of these specifications are still in incubation and evolving."
],
"implementBestPractices": "Yes",
"bestPracticesList": [
"Kiva Protocol has been awarded the ID2020 Certification Mark, and won the World Bank ID4D’s Mission Billion Challenge Global Prize. Its design and operational model embodies best practices around privacy, agency, and open and standards-based technologies, and specifically adheres to the ID4D Principles of Identification. Though it isn’t formally measured, the community also actively seeks to support Privacy by Design and principles of data minimization and non-correlation so that users can have confidence sharing data between issuers. The Core Infrastructure Initiative badge is a part of certifying the components of the system that are part of Hyperledger and project results can be found here https://bestpractices.coreinfrastructure.org/en/projects/4088."
]
},
"doNoHarm": {
"preventHarm": {
"stepsToPreventHarm": "Yes",
"additionalInfoMechanismProcessesPolicies": "The fundamental architecture of the system prevents some of the most common abuses of personal data and privacy. For example, information in the individual's wallet is not accessible without explicit consent by the individual. Privacy is protected through the use of unique identifiers that reduce the possibility of correlation."
},
"dataPrivacySecurity": {
"collectsPII": "Yes",
"typesOfDataCollected": [
"Identity data previously collected and stored by government identity agencies (e.g., civil registries, birth registries, voter registries, etc.)",
"Financial transaction data provided to individual data subjects by their financial service providers"
],
"thirdPartyDataSharing": "Yes",
"dataSharingCircumstances": [
"The personal information held in Kiva Protocol is only shared with third-parties with the express consent of the individual data subject. Even then, the individual has the ability to selectively disclose only those attributes which are necessary for the particular use case, including the ability to use zero-knowledge proofs to disclose a simple 'yes/no' or 'positive/negative' response instead of the actual data itself (e.g., 'Yes' to a query of 'Is over 18?' instead of the actual date of birth).",
"Kiva Protocol currently allows individual data subjects to: \n1) share identity credentials with a financial institution or government agency, \n 2) share credit history or other financial transaction records with a financial institution or government agency, \n 3) share data with other individuals in a peer-to-peer manner. No data is shared with third-parties without the express consent of the individual data subject."
],
"ensurePrivacySecurity": "Yes",
"privacySecurityDescription": "Kiva Protocol stores identity data previously collected and stored by government identity agencies (e.g., civil registries, birth registries, voter registries, etc.). It also stores financial transaction data provided to individual data subjects by their financial service providers. Holding these data in Kiva Protocol’s cloud-based digital wallet infrastructure typically provides higher levels of privacy and security than the on-prem or hybrid databases maintained by identity agencies in Kiva partner jurisdictions. Each data subject wallet is encrypted with its own key. A defense in depth approach is used throughout the architecture to ensure that no one failure can compromise the entire system. This includes, but is not limited to, a Web Application Firewall, separation of duties, regular dependency patching, and security monitoring. In addition, we run regular security audits to find and address vulnerabilities in our configuration, software and architecture. The last audit used ioActive."
},
"inappropriateIllegalContent": {
"collectStoreDistribute": "No"
},
"protectionFromHarassment": {
"userInteraction": "No",
"addressSafetySecurityUnderageUsers": "",
"stepsAddressRiskPreventSafetyUnderageUsers": [
""
],
"griefAbuseHarassmentProtection": "",
"harassmentProtectionSteps": [
""
]
}
},
"locations": {
"developmentCountries": [
"United States of America"
],
"deploymentCountries": [
"Sierra Leone"
]
}
}
2 changes: 1 addition & 1 deletion nominees/kiva-protocol.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,5 +39,5 @@
"contact_email": "bryanp@kiva.org"
}
],
"stage": "nominee"
"stage": "DPG"
}