The Trust Registry Task Force (TRTF) at the Trust Over IP (ToIP) Foundation has released a new version of its ToIP Trust Registry Protocol Specification as an Implementers Draft. This draft aims to elicit open public feedback from implementers of any type of online registry service or client software. Instructions for providing feedback are at the end of this post.
Background
The TRTF was established in the summer of 2021 in response to the sudden demand for cross-jurisdiction verification of digital health credentials during the COVID crisis. In the fall of 2021, the TRTF produced a preliminary version of the ToIP Trust Registry Protocol Specification to begin public experimentation with the protocol.
As the adoption of digital wallets and verifiable digital credentials has grown, so has the challenge for relying parties to verify the authorized issuers of those credentials. The same applies to credential holders, who need to judge which relying parties they can safely trust with their credential data.
These digital trust decisions are complicated—in both directions. To make them more accessible, participants need trusted sources of information. That’s the job of trust registries. A trust registry is a system of record that contains answers to questions that help drive trust decisions.
Many of these systems of record already exist. For example, almost any legal jurisdiction has a method of registering and licensing all types of businesses and professionals (CPAs, lawyers, doctors, professional engineers, etc.) And there are hundreds of registries of accredited institutions—universities, hospitals, insurance companies, nursing homes, etc.
New trust registries are also emerging for new online communities, including social networks, blockchains, and peer-to-peer networks. The challenge is that the methods of accessing the information across all these different registries are wildly inconsistent—if such information is available online.
The Trust Registry Protocol V2.0
The ToIP Trust Registry Protocol (TRP) V2.0 aims to solve this problem by providing a simple and consistent way to discover who is authorized to do what within a specific digital trust ecosystem. In short, it enables parties to ask programmatically:
Does entity X hold authorization Y under ecosystem governance framework Z?
In addition to that core query type, the TRP V2 also supports queries to:
- Assist integrators in retrieving information critical to interacting with the trust registry (e.g. get a list of supported authorizations, namespaces, or resources).
- Assert the relationships of the queried trust registry with other trust registries, allowing the development of a registry-of-registries capability.
Currently, in this Implementers Draft stage, this question can be asked via a RESTful (OpenAPI Specification 3.1.0) protocol query. Future versions of the TRP may support other underlying protocol specifications (e.g. DIDComm co-protocols, ToIP Trust Spanning Protocol).
It is important to note that in V2, the TRP does not manage information inside the trust registry (i.e., the system-of-record). It is a read-only query protocol. Create, update, or delete operations may be specified in future protocol versions if demand exists.
To be clear, a trust registry does not create trust in itself. Your decision to trust the outputs from a trust registry is entirely yours. However, the information provided by trust registries is often required to build trust—especially between parties with no previous relationship.
“A trust registry does not create authority. The authority of a trust registry is an outcome of governance.”
– Jacques Latour, CTO, CIRA.ca (.ca top-level domain registry)
How to Provide Feedback
We invite feedback from implementers: systems integrators, developers, and product leaders who either need to share or access the information necessary to facilitate digital trust decisions within their ecosystem.
To review the specification:
- Github Pages version: https://trustoverip.github.io/tswg-trust-registry-protocol/
- Markdown version: https://github.com/trustoverip/tswg-trust-registry-protocol
To make a comment, report a bug, or file an issue, please follow the ToIP Public Review Process on GitHub: