Eclipse Conformity Assessment Policy and Credential Profile

Scope

The Eclipse Conformity Assessment Policy and Credential Profile defines a specification for expressing and verifying policies through verifiable credentials and conformity assessment vocabularies (ISO/IEC 17000:2020).

The Eclipse Conformity Assessment Policy and Credential Profile:

  • specifies an ODRL profile supporting the use of Verifiable Credentials (VC)
  • defines a semantic model for conformity assessment terms (declaration, certification, attestation, accreditation, claim, evidence, requirement, ...)
  • defines an entity-relationship model and VC schemas of the above terms and the consequences for the policies (Example; if the holder of a credential is the issuer, it's de facto a declaration, independently of credential format and protocol exchange)
  • defines a semantic and requirements model for VC issuers depending on the type of verifiable credentials used in the policy negotiation (Example; a certification can only be issued by a certification authority or an appointed representative of the certification authority, independently of the certification type, or how to make legally relevant evidence in line with the civil law of obligations.)

Out of scope:

  • The management of the policies, the claims and the evidence.
  • Implementation of specific jurisdiction or domain requirements.
  • Automated compliance or Compliance as Code
  • Law enforcement
  • Gaia-X Compliance
Releases
Name Date
Reviews
Name Date
Patent License
Implementation Patent License
For more information about the patent licenses, view the Eclipse IP Policy page.