Today, Evernym and 28 other founding member organizations launched the Trust over IP Foundation, a new project hosted by the Linux Foundation to enable the trustworthy exchange and verification of data between any two parties on the Internet.
The ToIP Foundation’s mission is to provide a robust, common standard that gives people and businesses the confidence that data is coming from a trusted source, allowing them to connect, interact, and innovate at a speed and scale not possible today.
The foundation is the culmination of years of work across the decentralized identity and trusted data exchange communities, with other key contributors and steering members including Accenture, Cloudocracy, Continuum Loop, CULedger, Dhiway, esatus AG, IBM Security, IdRamp, Kiva.org, Lumedic, Mastercard, MITRE, the Province of British Columbia, and SICPA. The Linux Foundation was chosen to host the Trust over IP Foundation due to its legacy of fostering open-source collaboration and innovation for some of the largest projects in the world.
Here’s what it means for the future of portable, digital identity:
1. There will finally be a full architectural stack for digital trust—not just for the technology, but for governance as well.
Often in the digital identity space, interoperability is confined to technology. We strive to build solutions that support the technical interoperability of blockchains, identity wallets, and digital credentials. It’s a critical prerequisite for not only mass adoption but to truly enable the trusted exchange of data for everyone, everywhere.
Yet, what’s often missing from these conversations is the importance of policy interoperability. Solutions don’t just have to work with one another; they have to work with the rich tapestry of business, legal, and social requirements of different jurisdictions and industries around the world. We must build for privacy by design and default, and this means implementing solutions that support compliance with regulations like the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Health Insurance Portability and Accountability Act (HIPAA).
The “Trust over IP Stack” combines technical interoperability with policy interoperability to create a complete digital trust architecture:
The dual ‘Trust over IP Stack.’
For an overview of each layer, see our recorded webinar on Trust over IP.
While the dual-stack approach and governance focus are unique, it’s worth noting that there are several other organizations and groups working on a set of open standards and protocols to enable true interoperability. These include the Decentralized Identity Foundation (DIF), Hyperledger, the World Wide Web Consortium (W3C), and the Sovrin Governance Framework Working Group, each of which Evernym is an active member in.
The Trust over IP Foundation represents a “growing of this tent” and an invitation to organizations and governments around the world to join in these conversations. It offers a forum for organizations and governments around the world to come together and discuss needs and considerations unique to specific contexts. We encourage anyone interested in advancing digital trust to get involved in the Trust over IP Foundation through its working groups, which are open to all and do not require member dues.
2. The Trust over IP stack will serve as a decision-making framework for implementing complete digital trust solutions.
Working groups at the Trust over IP Foundation are already working on V1 definitions of both the ToIP Technology Stack and the ToIP Governance Stack, which should be finalized within the next year. There are also plans to establish a suite of ToIP interoperability testing and certification standards over the next two years.
For credential issuers and verifiers, these definitions will provide a powerful framework for evaluating vendor solutions across what we expect will become a flourishing market of ToIP implementations.
Looking at this framework, businesses and governments will be able to run solutions through a series of questions, including:
- Based on our business requirements, have we captured all the necessary policies in one or more governance frameworks at the right levels of the ToIP Governance Stack?
- Once we have our governance right, how does that map to interoperable components in the ToIP Technology Stack?
- Do the vendors for those components meet the interoperability testing requirements?
- Does the solution handle personal information in a way that meets or exceeds GDPR, CCPA, and HIPAA requirements?
- Is the solution designed with privacy, selective disclosure, and data minimization in mind?
- Can verifiers ask for pieces of data smaller than a single credential and see only what they require?
- Can the holder share verifiable data even if the issuer is offline?
- Does the solution incorporate safe signatures to prevent credentials from being correlated?
When we assess solutions from a governance perspective, we can better understand the risks and concerns.
3. Evernym is committed to being a premier ToIP solution provider.
While the Foundation may be new, the concept of Trust over IP is something we’ve supported from the get-go (hear Evernym’s Drummond Reed present the ToIP Stack at MyData 2019 and the Dutch Blockchain Coalition) and played a major role in advancing over the past year. Our products are proudly designed around the ToIP pillars of privacy, interoperability, and open standards, and we’re already working with several of our customers to help them design governance frameworks unique to their use cases and market.
We will continue to be a firm champion of ToIP, both within the Trust over IP Foundation working groups and in our solutions.
Learn more by attending the virtual kick-off events
To learn more and discover how you can get involved in the Trust over IP Foundation, watch the recorded launch event.