HAT Certification Process – principle features
Purpose and responsibilities
This process and the Hub-of-All-Things™ logo is owned by HAT Community Foundation (HCF) which is the HAT scheme authority working on behalf of all HAT users to ensure that the HAT Ecosystem is regulated for their private and secure exchange of personal data. Certification for participation in the HAT Ecosystem requires agreement to or compliance with the requirements set by the foundation. Anyone seeking certification shall submit answers and supporting evidence to HCF in confidence that may then audit responses before issuing a Certificate of Compliance (Certificate) with the HAT Code of Practice and Trust Framework.
Certification of participants in the HAT Ecosystem in accordance with this process is needed to ensure the principles of the personal data marketplace are upheld by all involved, for the benefit of all. This is to promote visibility, simplicity, interoperability and trust as key features of the HAT Ecosystem.
Assets are put into the HAT Ecosystem by HAT Platform Providers (HPP) and HAT Service Providers (HSP) which need to be Certified to do so in accordance with this process. At this initial stage in development of the ecosystem it is intended as a self-certification process although responses are necessarily subject to audit by HCF.
Key HAT Certification responsibilities
|HAT Platform Providers (HPP) provide a vital role in provisioning, hosting and supporting HAT personal data platforms so that the user’s data remains private, confidential and secure, and is shared with others only with the data owner’s express permission within the ecosystem trust framework established by this procedure.
HAT Service Providers (HSP) are key to the development of HAT User software for platforms and services that enable personal data to be a managed and associated with benefits for the HAT users and HAT providers.
HAT Data Exchange Ltd (HATDeX) primary role is to operate the HAT ecosystem on behalf of HAT Community Foundation, the community of users, HPPs and HSPs engaged in the HAT market place to ensure that the principles of the HAT are maintained for the benefit of the HAT community. This role includes:
• Owning and maintaining the open source software (formally adopting community-developed changes and managing versioning of the software assets)
• Advising prospective HPPs and HSPs on Certification
• Supporting (on commercial terms) prospective HPPs and HSPs development of new platforms and services for the HAT Ecosystem and licensing HATDeX-developed assets to support this
• Undertaking Certification audits in accordance with this procedure on behalf of HAT Community Foundation
• Issuing SSLs and GUIDs as required to Certified agencies (HPPs and HSPs)
• Collecting and monitoring meta-data for all data transactions in the HAT Ecosystem to ensure appropriate use (noting the community determines appropriateness and neither HCF, HATDeX nor HPPs and HSPs have any access to personal data stored within an individual user’s HAT).
HATDeX is also an HPP and HSP in its own right providing a range of platforms and services built for HAT. These HATDeX platforms and service are developed from the open source software and are intended to promote expansion of the ecosystem. They can be made available on commercial terms to any other organisation wishing to become an HPP or HSP – using, for example “HAT as a Service” (HaaS).
HAT Community Foundation (HCF) is an independent Members’ body representing the HAT user community. It exercises oversight and governance of the HAT Ecosystem and HATDeX operation of the Ecosystem, overseeing in particular application of this certification process. HCF also advises HATDeX on the distribution of benefits back to the community.
Together, HCT, HATDeX, HPPs, HSPs and users constitute the HAT ecosystem and represent the HAT marketplace and services that enable the HAT User Community to exist and grow, increasing the benefits to all.
Anyone seeking certification shall submit answers and supporting evidence to HCF in confidence as a basis for a Certificate of Compliance (Certificate) with the HAT Code of Practice and Trust Framework to be issued. Note that the submission may be subject to audit by HATDeX working as HCF’s agent.
Anyone wishing to be Certified must be a member of the HAT Foundation.
Informal / optional steps:
- Prior to formally submitting answers and evidence against Appendix A, B and C those entities interested in seeking Certification may wish to open discussion with HATDeX regarding the use the HAT APIs, schema and logic (HCF, does not get involved here) which are owned and maintained by HATDeX (as above). Alternatively, prospective applicants may wish just to download the open source code and start development without consultation.
- Following this initial informal consultation (and / or use of the open source code, applicants may wish to enter into an API use agreement with HATDeX (as owner and maintainer of the open source code) to ensure that the prospective HPP / HSP is consulted / informed about any prospective changes the codeset or APIs.
- Once HATDeX (and the prospective applicant) are satisfied that the prospective HPP / HSP is using the open source code correctly, that the metadata is being reported to HATDeX and interoperability is achieved, HATDeX will recommend that the HPP / HSP is redy for Certification through the formal process (see below). Note that this may result from a commercial agreement to buy an HATDeX business solution – such as “HAT as a Service” (HaaS).
The formal process is then to:
- Applicants (prospective HPPs or HSPs) should complete and sign the self-certification check-list , providing supporting evidence as appropriate, and submit this to HCF by email: [firstname.lastname@example.org].
- Applicants may then be subject to audit by HCF
- Subject to satisfactory responses to step 2, the Applicant will need to join the HAT Foundation as an Associate or Full Member (if not already a member) following which HCF will issue the Certificate of Conformance
- Once Certified the Applicant can apply to HATDeX for SSLs and GUIDs as appropriate.
This process is valid from the initial HAT launch in October 2016. It will remain valid until end March 2018 for anyone seeking Certification before end March 2017. For more information, please email: [email@example.com]
Sources of information for HAT certification
API documentation can be found at http://hub-of-all-things.github.io/doc/
Security (practice example):