Within eSSIF-Lab, we maintain a set of mental models, i.e. casual and formal descriptions (patterns) of concepts, relations between them, and constraints, that provide a specific 'viewpoint', or 'way of thinking' about a certain topic. They have been crafted so that they may serve as a basis for architecting, desiging, and implementing IT components and their governance processes.
These are models that are quite mature. They have been applied during several years in various circumstances, and have shown to be valid (when consistently and consequently applied). Therefore, they are proposed for widespread use (and further evaluation/validation).
The Parties, Actors and Actions pattern captures the foundational concepts and relations that we need for thinking about how things get done. It answers questions such as: 'Who/what does things?', 'How are their actions being guided/controlled?', 'Who controls whom/what?', 'Who/what may be held accountable?'.
These are models that are either not very mature, or placeholders for models that are but haven't been properly documented yet.
The envisaged Mandates, Delegation and Hiring pattern will capture the ideas behind Mandating, Delegating, Hiring and their relations. It will extend the Parties, Actors and Actions pattern with concepts that describe how the ownership and
works for relations between parties and actors are to be (de)populated, and how to determine for party the actor is working as it executes an action.
The envisaged Duties and Rights pattern will describe the relations between jurisdictions, legal entities and the duties and rights they have within them. This pattern will be based on the theory of Hohfeld.
The envisaged Decentralized GRC pattern](./terms/pattern-decentralized-GRC) will describe how parties can set objectives, and pursue them to be succesful. The latter means that the party must be capable of assessing and managing the risks associated with not realizing them. In a decentralized world, this means that it needs to depend on other parties, that may or may not be too reliable. Also, it means that the party must be able to set and realize objectives to satisfy requirements of other parties (compliance).