296 lines
10 KiB
Markdown
296 lines
10 KiB
Markdown
|
|
# eResidency & eCitizenship Task Map
|
|||
|
|
|
|||
|
|
Complete execution-ready task map to stand up both **eResidency** and **eCitizenship** for a decentralized sovereign body (DSB) modeled on SMOM-style sovereignty (recognition without permanent territory).
|
|||
|
|
|
|||
|
|
## Phase 0 — Program Charter & Guardrails (2–3 weeks)
|
|||
|
|
|
|||
|
|
### 0.1 Foundational Charter
|
|||
|
|
|
|||
|
|
* Draft: Purpose, powers, immunities sought, governance model, membership classes (Resident, Citizen, Honorary, Service).
|
|||
|
|
* Define scope: digital-only status vs. claims with diplomatic effects.
|
|||
|
|
* Deliverable: DSB Charter v1 + Glossary.
|
|||
|
|
* Accept: Approved by Founding Council with recorded vote.
|
|||
|
|
|
|||
|
|
### 0.2 Legal & Risk Frame
|
|||
|
|
|
|||
|
|
* Commission legal opinions on: personality under international law (IO/NGO/Order), recognition pathways, host-state agreements/MOUs, data protection regimes, sanctions compliance, export controls.
|
|||
|
|
* Map constraints for KYC/AML, conflict-of-laws, tax neutrality, consumer protections.
|
|||
|
|
* Deliverable: Legal Risk Matrix + Opinion Letters Index.
|
|||
|
|
* Accept: Red/Amber/Green ratings with mitigations.
|
|||
|
|
|
|||
|
|
### 0.3 Trust & Assurance Model
|
|||
|
|
|
|||
|
|
* Choose trust posture: "Assured Identity Provider" with defined Levels of Assurance (LOA 1–3) and assurance events (onboard, renew, recover).
|
|||
|
|
* Deliverable: Trust Framework Policy (TFP), including incident handling & audit.
|
|||
|
|
* Accept: External reviewer sign-off.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## Phase 1 — Governance & Policy Stack (4–6 weeks)
|
|||
|
|
|
|||
|
|
### 1.1 Constitutional Instruments
|
|||
|
|
|
|||
|
|
* Citizenship Code (rights/duties, oath), Residency Code (privileges/limits), Due Process & Appeals, Code of Conduct, Anti-corruption & Ethics.
|
|||
|
|
* Deliverable: Statute Book v1.
|
|||
|
|
* Accept: Published and version-controlled.
|
|||
|
|
|
|||
|
|
### 1.2 Data & Privacy
|
|||
|
|
|
|||
|
|
* Privacy Policy, Lawful Bases Register, Data Processing Agreements, DPIA, Records of Processing Activities, Retention & Deletion Schedules.
|
|||
|
|
* Deliverable: Privacy & Data Governance Pack.
|
|||
|
|
* Accept: DPIA low/medium residual risk.
|
|||
|
|
|
|||
|
|
### 1.3 Sanctions/KYC/AML Policy
|
|||
|
|
|
|||
|
|
* Define screening lists, risk scoring, Enhanced Due Diligence triggers, PEP handling, source-of-funds rules (if fees/donations), audit trail requirements.
|
|||
|
|
* Deliverable: KYC/AML Standard Operating Procedures (SOPs).
|
|||
|
|
* Accept: Mock audit passed.
|
|||
|
|
|
|||
|
|
### 1.4 Benefits & Obligations Catalog
|
|||
|
|
|
|||
|
|
* Enumerate tangible benefits (digital ID, signatures, notarial layer, dispute forum, community services, ordinaries, honors) and duties (updating info, code compliance).
|
|||
|
|
* Deliverable: Benefits Matrix + Service SLAs.
|
|||
|
|
* Accept: SLA thresholds defined and met in testing.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## Phase 2 — Identity & Credential Architecture (6–8 weeks)
|
|||
|
|
|
|||
|
|
### 2.1 Identifier Strategy
|
|||
|
|
|
|||
|
|
* Pick scheme: Decentralized Identifiers (DIDs) + UUIDs; namespace rules; revocation & recovery flows.
|
|||
|
|
* Deliverable: Identifier & Namespace RFC.
|
|||
|
|
* Accept: Collision tests + recovery drill.
|
|||
|
|
|
|||
|
|
### 2.2 Credentials & Schemas
|
|||
|
|
|
|||
|
|
* Define verifiable credential (VC) schemas for: eResident Card, eCitizen Passport (digital), Address Attestation, Good Standing, Professional Orders.
|
|||
|
|
* Deliverable: JSON-LD schemas + Registry.
|
|||
|
|
* Accept: Interop tests with 3rd-party verifiers.
|
|||
|
|
|
|||
|
|
### 2.3 PKI / Trust Anchors
|
|||
|
|
|
|||
|
|
* Stand up Sovereign Root CA (offline), Issuing CAs (online), Certificate Policy/Practice Statements (CP/CPS), CRL/OCSP endpoints.
|
|||
|
|
* Deliverable: Root ceremony artifacts + HSM key custody procedures.
|
|||
|
|
* Accept: External PKI audit checklist passed.
|
|||
|
|
|
|||
|
|
### 2.4 Wallet & Verification
|
|||
|
|
|
|||
|
|
* User wallet options: web wallet + mobile wallet (iOS/Android) with secure enclave; verifier portal; QR/NFC presentation.
|
|||
|
|
* Deliverable: Wallet apps + Verifier SDK (JS/TS) + sample verifier site.
|
|||
|
|
* Accept: LOA-aligned presentation proofs; offline-capable QR working.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## Phase 3 — Application, Vetting & Issuance (6–10 weeks)
|
|||
|
|
|
|||
|
|
### 3.1 eResidency Workflow (MVP)
|
|||
|
|
|
|||
|
|
* Application: email + device binding, basic identity, selfie liveness.
|
|||
|
|
* KYC: doc scan (passport/ID), sanctions/PEP screening, proof-of-funds if needed.
|
|||
|
|
* Issuance: eResident VC + X.509 client cert; optional pseudonymous handle tied to real identity at LOA 2.
|
|||
|
|
* Deliverable: eResidency Portal v1 + Reviewer Console.
|
|||
|
|
* Accept: Median approval time <48h; false-reject rate <3%.
|
|||
|
|
|
|||
|
|
### 3.2 eCitizenship Workflow (elevated assurance)
|
|||
|
|
|
|||
|
|
* Eligibility: tenure as eResident, sponsorship, service merit, oath ceremony (digital).
|
|||
|
|
* Additional checks: video interview, multi-source corroboration, background attestations.
|
|||
|
|
* Issuance: eCitizen VC (higher LOA), qualified e-signature capability, digital heraldry/insignia.
|
|||
|
|
* Deliverable: eCitizenship Portal v1 + Ceremony Module.
|
|||
|
|
* Accept: Chain-of-custody logs complete; ceremony audit trail immutable.
|
|||
|
|
|
|||
|
|
### 3.3 Appeals & Ombuds
|
|||
|
|
|
|||
|
|
* Build case management, independent panel roster, timelines, remedy types.
|
|||
|
|
* Deliverable: Appeals System + Public Register of Decisions (redacted).
|
|||
|
|
* Accept: Two mock cases resolved end-to-end.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## Phase 4 — Services Layer & Interoperability (6–8 weeks)
|
|||
|
|
|
|||
|
|
### 4.1 Qualified e-Signatures & Notarial
|
|||
|
|
|
|||
|
|
* Implement signature flows (advanced/qualified), timestamping authority (TSA), document registry hashes.
|
|||
|
|
* Deliverable: Signature Service + Notarial Policy.
|
|||
|
|
* Accept: External relying party verifies signatures without DSB assistance.
|
|||
|
|
|
|||
|
|
### 4.2 Interop & Recognition
|
|||
|
|
|
|||
|
|
* Map to global standards (ISO/IEC 24760 identity; W3C VC/DID; ICAO Digital Travel Credentials roadmap; ETSI eIDAS profiles for cross-recognition where feasible).
|
|||
|
|
* Deliverable: Interop Gateway + Conformance Reports.
|
|||
|
|
* Accept: Successful cross-verification with at least 3 external ecosystems.
|
|||
|
|
|
|||
|
|
### 4.3 Membership & Services
|
|||
|
|
|
|||
|
|
* Roll out directories (opt-in), guilds/orders, dispute resolution forum, grant program, education/badging.
|
|||
|
|
* Deliverable: Service Catalog live.
|
|||
|
|
* Accept: ≥3 live services consumed by ≥20% of cohort.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## Phase 5 — Security, Audit, & Resilience (continuous; gate before GA)
|
|||
|
|
|
|||
|
|
### 5.1 Security
|
|||
|
|
|
|||
|
|
* Threat model (insider, phishing, bot farms, deepfakes), red team, bug bounty, key compromise drills, geo-redundant infra.
|
|||
|
|
* Deliverable: Security Plan + PenTest Report + DR/BCP playbooks.
|
|||
|
|
* Accept: RTO/RPO targets met in exercise.
|
|||
|
|
|
|||
|
|
### 5.2 Compliance & Audit
|
|||
|
|
|
|||
|
|
* Annual external audits for PKI and issuance, privacy audits, sanctions/KYC reviews, SOC2-style controls where applicable.
|
|||
|
|
* Deliverable: Audit Pack.
|
|||
|
|
* Accept: No critical findings outstanding.
|
|||
|
|
|
|||
|
|
### 5.3 Ethics & Human Rights
|
|||
|
|
|
|||
|
|
* Anti-discrimination tests, appeal transparency, proportionality guidelines.
|
|||
|
|
* Deliverable: Human Rights Impact Assessment (HRIA).
|
|||
|
|
* Accept: Board attestation.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## Phase 6 — Diplomacy & External Relations (parallel tracks)
|
|||
|
|
|
|||
|
|
### 6.1 Recognition Strategy
|
|||
|
|
|
|||
|
|
* Prioritize MOUs with NGOs, universities, chambers, standards bodies, and willing states for limited-purpose recognition (e.g., accepting DSB e-signatures or credentials).
|
|||
|
|
* Deliverable: Recognition Dossier + Template MOU.
|
|||
|
|
* Accept: ≥3 executed MOUs in Year 1.
|
|||
|
|
|
|||
|
|
### 6.2 Host-State Arrangements
|
|||
|
|
|
|||
|
|
* Negotiate data hosting safe harbors, registered offices (non-territorial), or cultural mission status to facilitate operations.
|
|||
|
|
* Deliverable: Host Agreement Playbook.
|
|||
|
|
* Accept: At least one host agreement finalized.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## Product & Engineering Backlog (cross-phase)
|
|||
|
|
|
|||
|
|
### Core Systems
|
|||
|
|
|
|||
|
|
* Member Registry (event-sourced), Credential Registry (revocation lists), Case/Appeals, Payments (if fees), Messaging & Ceremony.
|
|||
|
|
|
|||
|
|
### APIs/SDKs
|
|||
|
|
|
|||
|
|
* Issuance API, Verification API, Webhooks for status changes, Admin API with immutable audit logs.
|
|||
|
|
|
|||
|
|
### Integrations
|
|||
|
|
|
|||
|
|
* KYC providers (document, selfie liveness), sanctions screening, HSM/KMS, email/SMS gateways.
|
|||
|
|
|
|||
|
|
### UX
|
|||
|
|
|
|||
|
|
* Application flows ≤10 minutes, save/resume, accessibility AA+, multilingual, oath UX.
|
|||
|
|
|
|||
|
|
### Observability
|
|||
|
|
|
|||
|
|
* Metrics: time-to-issue, approval rates, fraud rate, credential use rate, verifier NPS.
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## Distinguishing eResidency vs eCitizenship (policy knobs)
|
|||
|
|
|
|||
|
|
### Assurance
|
|||
|
|
* **eResidency**: LOA 1–2
|
|||
|
|
* **eCitizenship**: LOA 2–3
|
|||
|
|
|
|||
|
|
### Rights
|
|||
|
|
* **eResident**: Use DSB digital ID, signatures, services
|
|||
|
|
* **eCitizen**: Governance vote, public offices, honors, diplomatic corps (as policy allows)
|
|||
|
|
|
|||
|
|
### Duties
|
|||
|
|
* **eCitizen**: Oath; possible service contribution/hour benchmarks
|
|||
|
|
|
|||
|
|
### Fees
|
|||
|
|
* **eResidency**: Lower, subscription-like
|
|||
|
|
* **eCitizenship**: One-time plus renewal/continuing good standing
|
|||
|
|
|
|||
|
|
### Revocation
|
|||
|
|
* Graduated sanctions; transparent registry
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## Acceptance Metrics (90-day MVP)
|
|||
|
|
|
|||
|
|
* 95% issuance uptime; <48h median eResidency decision
|
|||
|
|
* <0.5% confirmed fraud after adjudication
|
|||
|
|
* ≥2 independent external verifiers using the SDK
|
|||
|
|
* First recognition MOU executed
|
|||
|
|
* Public policy corpus published and versioned
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## Minimal Document Set (ready-to-draft list)
|
|||
|
|
|
|||
|
|
* Charter & Statute Book
|
|||
|
|
* TFP (Trust Framework Policy)
|
|||
|
|
* CP/CPS (Certificate Policy/Practice Statements)
|
|||
|
|
* KYC/AML SOP
|
|||
|
|
* Privacy Pack (DPIA, DPA templates)
|
|||
|
|
* Security Plan
|
|||
|
|
* HRIA (Human Rights Impact Assessment)
|
|||
|
|
* Benefits & SLA Catalog
|
|||
|
|
* Ceremony & Oath Script
|
|||
|
|
* Appeals Rules
|
|||
|
|
* Recognition MOU Template
|
|||
|
|
* Host-State Playbook
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## RACI Snapshot (who does what)
|
|||
|
|
|
|||
|
|
* **Founding Council**: Approves Charter, Statutes, Recognition targets
|
|||
|
|
* **Chancellor (Policy Lead)**: Owns legal/policy stack, diplomacy
|
|||
|
|
* **CIO/CISO**: Owns PKI, security, audits
|
|||
|
|
* **CTO/Eng**: Platforms, wallets, APIs, issuance & verification
|
|||
|
|
* **Registrar**: Operations, case management, ceremonies
|
|||
|
|
* **Ombuds Panel**: Appeals & remedies
|
|||
|
|
* **External Counsel/Auditors**: Opinions, audits, certifications
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## Implementation Priority
|
|||
|
|
|
|||
|
|
### Immediate (Phase 0-1)
|
|||
|
|
1. Draft DSB Charter
|
|||
|
|
2. Legal & Risk Framework
|
|||
|
|
3. Trust Framework Policy
|
|||
|
|
4. Constitutional Instruments
|
|||
|
|
5. Privacy & Data Governance
|
|||
|
|
|
|||
|
|
### Short-term (Phase 2-3)
|
|||
|
|
1. Identifier Strategy
|
|||
|
|
2. Credential Schemas
|
|||
|
|
3. PKI Infrastructure
|
|||
|
|
4. eResidency Workflow
|
|||
|
|
5. eCitizenship Workflow
|
|||
|
|
|
|||
|
|
### Medium-term (Phase 4-5)
|
|||
|
|
1. Qualified e-Signatures
|
|||
|
|
2. Interoperability
|
|||
|
|
3. Security & Compliance
|
|||
|
|
4. Services Layer
|
|||
|
|
|
|||
|
|
### Long-term (Phase 6)
|
|||
|
|
1. Recognition Strategy
|
|||
|
|
2. Host-State Arrangements
|
|||
|
|
3. External Relations
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## Integration with The Order
|
|||
|
|
|
|||
|
|
This task map integrates with The Order's existing systems:
|
|||
|
|
|
|||
|
|
* **Identity Service**: Extends credential issuance for eResidency and eCitizenship
|
|||
|
|
* **Database Package**: Member registry, credential registry, case management
|
|||
|
|
* **Auth Package**: Enhanced authentication and authorization for membership classes
|
|||
|
|
* **Workflows Package**: Application workflows, appeals, ceremonies
|
|||
|
|
* **Notifications Package**: Application status, ceremony invitations, renewal reminders
|
|||
|
|
* **Compliance Package**: KYC/AML, sanctions screening, risk scoring
|
|||
|
|
|