What is the Trust over IP Foundation?

The Trust over IP Foundation is an independent project hosted at Linux Foundation to enable the trustworthy exchange and verification of data between any two parties on the Internet.

What is the Foundation’s mission?

To provide a robust, common standard that gives people and businesses the confidence that data is coming from a trusted source, allowing them to connect, interact and innovate at a speed and scale not possible today.

Who belongs to the Foundation?

The ToIP Foundation is being developed with global, pan-industry support from leading organizations with sector-specific expertise.  For a full list of Member organizations, please click here.

What challenge does it answer?

Businesses today are struggling to protect and manage digital assets and data, especially in an increasingly complex enterprise environment that includes the Internet of Things (IoT), Edge Computing, Artificial Intelligence and much more. This is compounding the already low consumer confidence in the use of personal data and is slowing innovation on opportunities like digital identity and the adoption of new services that can support our daily, hyper-connected lives.

Without a global standard for how to ensure digital trust between any two peers—just like the Internet’s TCP/IP standards ensures a network connection between any two peers—these trends are bound to continue. The ToIP Foundation will use the new W3C Verifiable Credentials and Decentralized Identifiers (DID) standards to leverage interoperable digital wallets and credentials to address these challenges and enable consumers, businesses and governments to better manage risk, improve digital trust and protect all forms of identity online.

Which privacy acts does the ToIP stack comply with?

The ToIP stack has incorporated Privacy by Design from the ground up. This means that it can be used to implement solutions compliant with all major global data protection regulations, including the EU General Data Protection Regulation (GDPR), the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), or the California Consumer Privacy Act (CCPA). It can also be used to meet strict privacy and security protection regulations such as the U.S. Health Insurance Portability and Accountability Act (HIPAA).

What will be the impact on consumers, business and governments?

The Internet seeded innovations in a way no one could have predicted. The result is a far more connected and convenient world. But the clear compromise has been privacy. And while most consumers today acknowledge they’re willing to trade some privacy for convenience, they’re increasingly uncomfortable with the personal information they have littered across the web. With the global political landscape increasingly volatile and security breaches on the rise, people are becoming more anxious about how their personal information is shared. Businesses and governments understand there are technologies today that could help improve trust and deliver new and better services to consumers and to the public, but these issues demand a collective response. No one can do it alone.

By adding a layer of trust to all digital interactions, we can reduce exposure to fraud and privacy issues breaches. Business-to-business (B2B) partnerships, private-government/public relationships, global standards and specifications are the way to get us there. That means sharing expertise, defining standards and specifications and playing a leading role in securing trust in the digital landscape.

Is this the only effort like this?

The ToIP Foundation is the only project defining a full stack for digital trust infrastructure that includes both technical interoperability of blockchains, digital wallets and digital credentials AND policy interoperability of the governance frameworks needed for these solutions to meet the business, legal and social requirements of different jurisdictions and industries around the world.

The ToIP stack will reference open standards for specific components at specific layers, such as the W3C standards for Verifiable Credentials and Decentralized Identifiers (DIDs). It will also reference ToIP stack components being defined by working groups at DIF, Hyperledger, the W3C Credentials Community Group, and other open source and open standard projects worldwide.

Do you have to be a dues-paying member of the Foundation to contribute to the Foundation’s Working Groups?

No, anyone can become a Contributor member and contribute to the Working Groups of the Foundation without any funding requirement.

What is the intellectual property licensing structure for the Foundation?

Contributions to the Foundation’s working group are made under the CC-BY-4.0 license for copyrights and under the Joint Development Foundation’s “W3C Mode” for patents.  Source code contributions to the Working Groups will be under the Apache-2.0 license.

What is the ToIP Stack?

Trust over IP defines an Internet-scale solution for creating and maintaining trusted relationships between any two peers on the Internet: people, organizations and connected things.

The unique “dual stack” design—combining the ToIP Governance Stack for human trust and the ToIP Technology Stack for technical trust —is a complete architecture for Internet-scale digital trust because it combines both cryptographic trust at the machine layer and human trust at the business, legal, and social layers.

This enables the ToIP stack to address key problems experienced by every enterprise engaged in digital communications and commerce today: password fatigue, form fatigue, customer onboarding, KYC, secure messaging, data portability, business process automation, privacy management, supply chain provenance, GDPR compliance—almost everything a Chief Security Officer, Chief Privacy Officer, and Chief Compliance Officer are looking for.