# =============================================================================
# STANDARDS ANCHOR REGISTRY  -  trademark-like unique proper names
# =============================================================================
# Implements the Pathways `external_name` registry kind (PATHWAYS_REFERENCE
# Level-F+ grammar) as concrete data. Each anchor is BOTH:
#   (1) a unique, independently discernible proper name to track across every
#       indexed context and Pathway dimension (a "trademark-like" name), and
#   (2) an authenticated entry point for engagement with that standard/community.
#
# Slug grammar: tm:<kebab-slug>   (tm: = tracked proper name / mark)
# Every mention of an anchored name anywhere in this bundle should cite its slug
# so mentions, and the individual/entity associations with them, are trackable
# and deep-linkable (see hypergraph-domain/techniques/ANCHOR_NAME_LEDGER.v1.md).
#
# `authenticated_entry_point` DIDs are placeholders for engagement endpoints not
# yet provisioned; `steward` and `engagement_url` are researched public refs.
# `stops_short` paraphrases the Gap Analysis finding for that effort.
# `poc_domains` = which of the six SDGs the anchor primarily affiliates with.
# =============================================================================

registry_version: "1.0"
registry_kind: external_name
category: Onc  # lineage marker; this registry is domain-agnostic
mark_authority: "djat-poc-hypergraph-20260716 (open invitation registry)"

# The construct everything else anchors to.
core_anchor:
  slug: tm:poc-cv-standard
  proper_name: "Proof-of-Control Cryptographic Verification Standard"
  short_form: "the Standard"
  steward: "AAI Society (Proof-of-Control Lab)"
  stewards_named: ["Ken Huang (co-chair)", "Tricia Wang (co-chair)"]
  engagement_url: "https://djat-poc-hub.pages.dev/"
  authenticated_entry_point: "did:web:poc.aai-society.org"
  section_root: "std:poc-cv-0.1.0-rev"
  poc_domains: [security, privacy, portability, authorization, identity, provenance]
  note: >
    The construct all six Shared Domain Graphs connect to. Defines Stage 3
    (cryptographically verifiable) of the Proof-of-Control spectrum.

anchors:

  # ── Governance / risk-management frameworks ────────────────────────────
  - slug: tm:nist-ai-rmf
    proper_name: "NIST AI Risk Management Framework (AI RMF 1.0 / NIST AI 100-1)"
    aliases: ["NIST AI RMF", "AI RMF"]
    steward: "National Institute of Standards and Technology (NIST)"
    engagement_url: "https://www.nist.gov/itl/ai-risk-management-framework"
    authenticated_entry_point: "did:web:airc.nist.gov"
    kind: governance-framework
    answers: "How should organizations govern AI risk?"
    stops_short: "Guidance for people and process; produces no evidence at execution."
    poc_domains: [security, authorization, provenance]
    gap_row: nist_ai_rmf

  - slug: tm:iso-iec-42001
    proper_name: "ISO/IEC 42001:2023 - AI Management System (AIMS)"
    aliases: ["ISO 42001", "ISO/IEC 42001"]
    steward: "ISO/IEC JTC 1/SC 42"
    engagement_url: "https://www.iso.org/standard/81230.html"
    authenticated_entry_point: "did:web:iso.org"
    kind: management-system-standard
    answers: "Is there a management system for AI?"
    stops_short: "Attests process maturity, not system behavior."
    poc_domains: [authorization, provenance, security]
    gap_row: iso_iec_42001

  - slug: tm:csa-aicm
    proper_name: "CSA AI Controls Matrix (AICM v1.1)"
    aliases: ["CSA AI Controls Matrix", "AICM"]
    steward: "Cloud Security Alliance (CSA)"
    engagement_url: "https://cloudsecurityalliance.org/artifacts/ai-controls-matrix-v1-1"
    authenticated_entry_point: "did:web:cloudsecurityalliance.org"
    kind: control-catalog
    answers: "Which controls should an AI deployment have?"
    stops_short: >
      Control objectives; evidence they operated remains operator-produced.
      (Working-group co-chair authored it - said with precision.)
    detail: "247 control objectives across 18 domains; maps to ISO 42001, ISO 27001, BSI AIC4, EU AI Act."
    poc_domains: [security, authorization, privacy]
    gap_row: csa_aicm

  - slug: tm:ieee-7000
    proper_name: "IEEE 7000-series Standards (ethical/values-based system design)"
    aliases: ["IEEE 7000", "IEEE 7000-series"]
    steward: "IEEE Standards Association"
    engagement_url: "https://standards.ieee.org/initiatives/autonomous-intelligence-systems/"
    authenticated_entry_point: "did:web:standards.ieee.org"
    kind: design-process-standard
    answers: "Was the system designed responsibly?"
    stops_short: "Design-time process standards, not runtime evidence."
    poc_domains: [provenance, identity]
    gap_row: ieee_7000

  - slug: tm:soc2
    proper_name: "SOC 2 (Trust Services Criteria)"
    aliases: ["SOC 2", "SOC2"]
    steward: "AICPA & CIMA"
    engagement_url: "https://www.aicpa-cima.com/topic/audit-assurance/audit-and-assurance-greater-than-soc-2/"
    authenticated_entry_point: "did:web:aicpa-cima.com"
    kind: attestation-report
    answers: "Did the organization implement its controls?"
    stops_short: >
      Auditor attestation, sampled at the organization level; an agent can execute
      an unauthorized action while its vendor remains fully compliant.
    detail: >
      2017 Trust Services Criteria (revised points of focus 2022): Security (mandatory),
      Availability, Processing Integrity, Confidentiality, Privacy. AICPA update: exposure
      draft expected Fall 2026, final 2027.
    poc_domains: [security, privacy, authorization]
    gap_row: soc2

  - slug: tm:eu-ai-act
    proper_name: "EU AI Act (Regulation (EU) 2024/1689)"
    aliases: ["EU AI Act"]
    steward: "European Commission / EU AI Office"
    engagement_url: "https://artificialintelligenceact.eu/"
    authenticated_entry_point: "did:web:digital-strategy.ec.europa.eu"
    kind: regulation
    answers: "Does the system meet agreed criteria?"
    stops_short: >
      Accredited assessors with privileged access certify conformance; no evidence
      anyone else can check of what the system actually did.
    detail: >
      Full high-risk enforcement Aug 2, 2026. Art. 12 tamper-evident logging (>=6mo),
      Art. 14 human oversight + interruption, Art. 15 cybersecurity resilience;
      Recitals 99-100 extend the compliance boundary to every agent in a chain.
    poc_domains: [authorization, provenance, security, privacy]
    gap_row: eu_ai_act

  # ── Zero-trust and runtime foundations ─────────────────────────────────
  - slug: tm:nist-sp-800-207
    proper_name: "NIST SP 800-207 - Zero Trust Architecture"
    aliases: ["Zero-trust architecture", "NIST SP 800-207", "ZTA"]
    steward: "National Institute of Standards and Technology (NIST)"
    engagement_url: "https://csrc.nist.gov/pubs/sp/800/207/final"
    authenticated_entry_point: "did:web:csrc.nist.gov"
    kind: architecture-paradigm
    answers: "Should this request be trusted?"
    stops_short: "Governs access at the moment of each request; silent on what the agent did once access was granted."
    poc_domains: [authorization, identity, security]
    gap_row: zero_trust

  - slug: tm:anthropic-zt-agents
    proper_name: "Anthropic - Zero Trust for AI Agents (May 2026)"
    aliases: ["Anthropic Zero Trust for AI Agents"]
    steward: "Anthropic"
    engagement_url: "https://www.anthropic.com/"
    authenticated_entry_point: "did:web:anthropic.com"
    kind: vendor-guidance
    answers: "Are the agent's controls set correctly?"
    stops_short: >
      Preventive at provisioning; explicitly guidance rather than assurance,
      producing no evidence an outside party can check that controls held.
    poc_domains: [authorization, identity, security]
    gap_row: anthropic_zt

  - slug: tm:confidential-computing-tee
    proper_name: "Confidential Computing / Trusted Execution Environments (TEEs)"
    aliases: ["Confidential computing", "TEEs", "TEE"]
    steward: "Confidential Computing Consortium (Linux Foundation)"
    engagement_url: "https://confidentialcomputing.io/"
    authenticated_entry_point: "did:web:confidentialcomputing.io"
    kind: hardware-mechanism
    answers: "Was the execution environment protected?"
    stops_short: >
      Attests the enclave was untampered, not who authorized the agent or what it
      did; one mechanism the PoC evidence layer can build on.
    poc_domains: [security, provenance, identity]
    gap_row: tee

  # ── Vendor toolkits and protocols ──────────────────────────────────────
  - slug: tm:ms-agent-governance-toolkit
    proper_name: "Microsoft Agent Governance Toolkit"
    steward: "Microsoft"
    engagement_url: "https://www.microsoft.com/en-us/security/business/ai-machine-learning/"
    authenticated_entry_point: "did:web:microsoft.com"
    kind: vendor-toolkit
    answers: "How does one vendor's agent stay governed?"
    stops_short: "Single-vendor and proprietary; no shared evidence definition, no evidence crossing vendor boundaries with the agent."
    poc_domains: [authorization, identity]
    gap_row: vendor_toolkits

  - slug: tm:mastercard-verifiable-intent
    proper_name: "Mastercard Verifiable Intent / Agent Pay"
    steward: "Mastercard"
    engagement_url: "https://www.mastercard.com/news/"
    authenticated_entry_point: "did:web:mastercard.com"
    kind: vendor-protocol
    answers: "How does one vendor's agent stay governed?"
    stops_short: "Single-vendor and proprietary; no shared, cross-boundary evidence definition."
    poc_domains: [authorization, identity]
    gap_row: vendor_toolkits

  - slug: tm:ping-kya
    proper_name: "Ping Identity - Know Your Agent (KYA)"
    aliases: ["Ping Identity", "KYA"]
    steward: "Ping Identity"
    engagement_url: "https://www.pingidentity.com/"
    authenticated_entry_point: "did:web:pingidentity.com"
    kind: vendor-protocol
    answers: "How does one vendor's agent stay governed?"
    stops_short: "Single-vendor and proprietary; no shared, cross-boundary evidence definition."
    poc_domains: [identity, authorization]
    gap_row: vendor_toolkits

  - slug: tm:agent-observability
    proper_name: "Agent Observability Tooling (operator logs)"
    steward: "(various vendors)"
    engagement_url: "https://genai.owasp.org/"
    authenticated_entry_point: null
    kind: observability
    answers: "What happened, per the operator's own logs?"
    stops_short: "Proprietary and operator-controlled; the record can be altered by the party it describes."
    poc_domains: [provenance, security]
    gap_row: observability

  # ── Orchestration & provenance substrate ───────────────────────────────
  - slug: tm:pathways
    proper_name: "Pathways - Reference Implementation Specification (RIS v1.2.0)"
    aliases: ["Pathways", "Pathways RIS", "Pathways v1.2.0", "Pathways Reference Implementation Specification"]
    steward: "the open Pathways project (Originator)"
    stewards_named: ["DJ Thomson (technique-originator)"]
    engagement_url: "https://djat-poc-hub.pages.dev/"
    authenticated_entry_point: "did:placeholder:dj-thomson-pathways"
    kind: reference-implementation-spec
    answers: "How is agentic orchestration encoded, provenanced, and exchanged as verifiable pathways?"
    stops_short: >
      Orchestration and provenance encoding via PathwayRuns and Aqua trees; PoC Stage-3
      conformance is declared against the Standard, not implied by Pathways alone.
    detail: >
      Normative RIS v1.2.0 (*Governance and Boundary Classes*): pathway templates,
      PathwayRuns, gate profiles, boundary classes (Z1-Z4), governance descriptors,
      trusted peering, and collaborative pathway exchange. Reference implementation
      for the adopted PoC Provenance domain; deeply integrated with FINOS CALM in
      this bundle. Lineage: djat_x_poc canon/PATHWAYS_REFERENCE_v1.2.0.md.
    poc_domains: [provenance, portability, authorization, identity, security, privacy]
    role_in_bundle: shared-orchestration-and-encoding-language

  # ── Security verification standards / certifications ────────────────────
  - slug: tm:aiuc-1
    proper_name: "AIUC-1 (AI Underwriting Certification / standard)"
    aliases: ["AIUC-1"]
    steward: "AIUC"
    engagement_url: "https://www.aiuc-1.com/"
    authenticated_entry_point: "did:web:aiuc-1.com"
    kind: certification
    answers: "Can an AI product be certified for underwriting/insurance?"
    stops_short: "Certification and crosswalks; not itself a cryptographic runtime-evidence layer."
    detail: "Crosswalks bidirectionally to OWASP Agentic Top 10; oriented to AI insurance/underwriting."
    poc_domains: [security, authorization, provenance]
    gap_row: aiuc_1
    insurance_relevant: true

  - slug: tm:owasp-agentic-top10
    proper_name: "OWASP Top 10 for Agentic Applications (2026)"
    aliases: ["OWASP Top 10 for Agentic AI", "OWASP Agentic AI Top 10"]
    steward: "OWASP GenAI Security Project"
    engagement_url: "https://genai.owasp.org/resource/owasp-top-10-for-agentic-applications-for-2026/"
    authenticated_entry_point: "did:web:owasp.org"
    kind: threat-catalog
    answers: "What are the most critical agentic AI security risks?"
    stops_short: "Names the threats (ASI01-ASI10); does not itself produce evidence a control held at runtime."
    threats: ["ASI01 Agent Goal Hijack", "ASI02 Tool Misuse", "ASI03 Identity & Privilege Abuse", "ASI04 Agentic Supply Chain", "ASI05 Unexpected Code Execution", "ASI06 Memory & Context Poisoning", "ASI07 Insecure Inter-Agent Comms", "ASI08 Cascading Failures", "ASI09 Human-Agent Trust Exploitation", "ASI10 Rogue Agents"]
    poc_domains: [security, identity, authorization]
    gap_row: owasp_agentic

  - slug: tm:owasp-aivss
    proper_name: "OWASP AI Security Verification Standard (AISVS v1.0)"
    aliases: ["AIVSS", "AISVS", "OWASP AIVSS"]
    steward: "OWASP Foundation"
    stewards_named: ["Jim Manico (contributor)"]
    engagement_url: "https://owasp.org/www-project-artificial-intelligence-security-verification-standard-aisvs-docs/"
    authenticated_entry_point: "did:web:owasp.org"
    kind: verification-standard
    answers: "Which testable security requirements has an AI system met?"
    stops_short: "A catalogue of testable requirements; verification is performed and attested by the tester, not openly checkable by any third party."
    detail: "v1.0 released 2026-06-24; 3 levels; categories incl. Access Control & Identity, Autonomous Orchestration, MCP Security, Monitoring/Logging."
    poc_domains: [security, identity, authorization]
    gap_row: owasp_aivss

  - slug: tm:csa-vanta-agent-trust-controls
    proper_name: "CSA / Vanta - Agent Trust Controls"
    aliases: ["CSA Vanta Agent Trust Controls", "Agent Trust Controls"]
    steward: "Cloud Security Alliance + Vanta"
    engagement_url: "https://www.trustcontrols.ai/"
    authenticated_entry_point: "did:web:trustcontrols.ai"
    kind: control-mapping-initiative
    answers: "Which agent trust controls apply, and how do they map?"
    stops_short: "Open initiative to map to new controls; mapping, not runtime evidence."
    poc_domains: [security, authorization, provenance]
    gap_row: csa_vanta

  - slug: tm:csa-atf
    proper_name: "CSA Agentic Trust Framework (ATF)"
    aliases: ["Agentic Trust Framework", "ATF"]
    steward: "Cloud Security Alliance"
    engagement_url: "https://github.com/massivescale-ai/agentic-trust-framework"
    authenticated_entry_point: "did:web:cloudsecurityalliance.org"
    kind: zero-trust-governance
    answers: "How is a zero-trust governance model applied to autonomous agents?"
    stops_short: "Operationalizes OWASP Agentic threats within zero trust; governance architecture, not open runtime evidence."
    detail: "Published 2026-02-02; five elements incl. incident response; maps to AICM, OWASP Agentic, NIST 800-207, ISO 42001."
    poc_domains: [security, authorization, identity]
    gap_row: csa_atf

  # ── Discovery / interoperability ───────────────────────────────────────
  - slug: tm:agent-resource-discovery
    proper_name: "Agentic Resource Discovery (ARD) Specification"
    aliases: ["Agent Resource Discovery Spec", "ARD"]
    steward: "Google and industry partners"
    engagement_url: "https://developers.googleblog.com/announcing-the-agentic-resource-discovery-specification/"
    authenticated_entry_point: "did:web:google.com"
    kind: discovery-spec
    answers: "How do agents discover and verify tools/services across boundaries?"
    stops_short: "Discovery + domain-based verification of resources; not evidence of what an agent did after connecting."
    detail: "ai-catalog.json + registries; domain-based ownership/verification; compatible with MCP and OpenAPI."
    poc_domains: [portability, identity]
    gap_row: agent_resource_discovery

  # ── Healthcare pilot alignment ─────────────────────────────────────────
  - slug: tm:haarf
    proper_name: "HAARF - Healthcare AI Agents Regulatory Framework (1.0)"
    aliases: ["HAARF"]
    steward: "Task Force for AI Agents in Healthcare"
    engagement_url: "https://github.com/Task-force-for-AI-agents-in-Healthcare/haarf"
    authenticated_entry_point: "did:web:github.com:Task-force-for-AI-agents-in-Healthcare"
    kind: sector-regulatory-framework
    answers: "How are autonomous medical AI agents verified across their lifecycle?"
    stops_short: "Synthesizes 279 requirements across 8 categories; the PoC health pilot maps evidence directly to HAARF rather than competing with it."
    detail: "8 categories incl. C2 Model Passport & Traceability, C3 Cybersecurity, C5 Agent Registration & Identity, C6 Autonomy Governance, C8 Tool-Use Security."
    poc_domains: [provenance, identity, authorization, security]
    gap_row: haarf
    mappings_ref: "https://github.com/Task-force-for-AI-agents-in-Healthcare/haarf/tree/main/HAARF/1.0/mappings"

  # ── The collaboration bundle's own invitation targets (FINOS) ──────────
  - slug: tm:finos
    proper_name: "FINOS (Fintech Open Source Foundation)"
    steward: "FINOS (Linux Foundation)"
    stewards_named: ["Karl Moll (Technical Project Advocate)"]
    engagement_url: "https://finos.org"
    authenticated_entry_point: "did:web:finos.org"
    kind: open-source-foundation
    answers: "Who convenes cross-industry open collaboration for financial-services AI?"
    poc_domains: [security, authorization, provenance]
    invitation_target: true

  - slug: tm:finos-calm
    proper_name: "FINOS CALM - Common Architecture Language Model"
    aliases: ["CALM", "Common Architecture Language Model"]
    steward: "FINOS Architecture as Code (AasC) community"
    stewards_named: ["Karl Moll (Technical Project Advocate)"]
    engagement_url: "https://calm.finos.org/"
    authenticated_entry_point: "did:web:calm.finos.org"
    kind: modeling-language
    answers: "How is system architecture defined as machine-readable code?"
    detail: >
      JSON meta-schema. Nodes (unique-id, node-type, name, description),
      Relationships (interacts | connects | deployed-in | composed-of),
      Controls (pattern-keyed, requirement-url + config), Flows (sequenced
      transitions over relationships). Adopted here as the shared modeling
      language, integrated with Pathway encodings.
    poc_domains: [security, authorization, provenance, portability, identity, privacy]
    invitation_target: true
    role_in_bundle: shared-modeling-language

  - slug: tm:finos-aigf
    proper_name: "FINOS AI Governance Framework (AIGF)"
    aliases: ["AIGF", "AI Governance Framework"]
    steward: "FINOS"
    engagement_url: "https://air-governance-framework.finos.org/"
    authenticated_entry_point: "did:web:finos.org"
    kind: governance-framework
    answers: "What are the risks and mitigations for AI in financial services?"
    detail: "Catalog of AI risks + mitigations; converging with CALM (reference architectures) and CCC (controls)."
    poc_domains: [security, authorization, privacy, provenance]
    invitation_target: true

  - slug: tm:finos-ccc
    proper_name: "FINOS Common Cloud Controls (CCC)"
    aliases: ["CCC", "Common Cloud Controls"]
    steward: "FINOS"
    engagement_url: "https://www.finos.org/common-cloud-controls-project"
    authenticated_entry_point: "did:web:finos.org"
    kind: control-catalog
    answers: "What are the technology-neutral controls for compliant cloud deployments?"
    detail: "Controls catalog in the AIGF x CCC x CALM convergence Karl Moll convenes."
    poc_domains: [security, authorization]
    invitation_target: true

  # ── Complementary precedents referenced by the PoC standard ────────────
  - slug: tm:c2pa
    proper_name: "C2PA - Coalition for Content Provenance and Authenticity"
    aliases: ["C2PA"]
    steward: "C2PA (Joint Development Foundation / Linux Foundation)"
    engagement_url: "https://c2pa.org/"
    authenticated_entry_point: "did:web:c2pa.org"
    kind: provenance-standard
    answers: "How is content provenance cryptographically attested?"
    stops_short: "Content provenance, not agent-action provenance; a precedent the PoC provenance domain builds on."
    poc_domains: [provenance]
    gap_row: null

  - slug: tm:maestro
    proper_name: "MAESTRO - 7 Layers of Control (agentic threat modeling)"
    aliases: ["MAESTRO", "MAESTRO 7 Layers of Control"]
    steward: "Cloud Security Alliance (referenced)"
    engagement_url: "https://cloudsecurityalliance.org/"
    authenticated_entry_point: "did:web:cloudsecurityalliance.org"
    kind: threat-modeling
    answers: "How is an agentic system threat-modeled across seven layers?"
    detail: "Proposed for the PoC conformance-tier assessment methodology (threat modeling)."
    poc_domains: [security, authorization]
    gap_row: null

# ---------------------------------------------------------------------------
# Cross-cutting note: the AAIS domain classification (Jim's table in the Gap
# Analysis) maps each PoC domain to an architectural mechanism and external
# alignment targets. That table is encoded in
# cross-domain/data/gap-analysis-matrix.v1.json under "aais_domain_map".
# ---------------------------------------------------------------------------
