News

Avast (LON:AVST), a company best known for its antivirus and other cybersecurity products for consumers, has joined the Trust Over IP (ToIP) Foundation as a Steering Member. Avast recently acquired Evernym, a founding ToIP Steering Member, and SecureKey, a ToIP Contributor Member since 2020.

Avast’s ToIP Steering Committee member will be Drummond Reed, Director of Trust Services at Avast. Mr. Reed has served as Evernym’s Steering Committee member since the founding of ToIP in May 2020. He currently co-chairs the ToIP Governance Stack Working Group and Concepts and Terminology Working Group and is a vice-chair of the Technology Stack Working Group.

“Avast brings a new perspective to the Foundation’s mission of defining Internet-scale decentralized digital trust infrastructure,” said Mr. Reed. “Avast has a 30 year history of protecting the digital devices of over 435 million consumers. Now Avast wants to extend that protection to individual’s digital identity and relationships online because identity is at the very heart of cybersecurity.”

Avast, headquartered in Prague, is rapidly building one of the largest decentralized digital trust teams in the world. In June of 2021, they hired Charles Walton, a former Mastercard executive (and Mastercard’s original ToIP Steering Committee member), as General Manager of their new Digital Trust Services division. Then in December 2021, Avast acquired Evernym, one of the global leaders in self-sovereign identity (SSI). In March 2022 they announced the acquisition of SecureKey, operators of the Verified.Me network in Canada that is one of the largest bank ID networks in the world.

In a keynote speech at the European Identity Conference in Berlin, Mr. Walton said Avast would be focusing its efforts on the “empowered consumer”—giving individuals the tools they need to have portable, reusable digital identity credentials that do not depend on any one device, operating system, or identity federation. “It is finally time we had digital wallets with digital credentials that work exactly the same way our real-world wallets do,” said Mr. Reed. “We can take and use them anywhere to privately prove just what another party needs to know in the context of a particular transaction. We don’t have to go through any third-party gatekeeper to do this. That’s the way it should work in the digital world too.”

The challenge, of course, is interoperability—the entire raison d’etre of the ToIP Foundation. According to Mr. Reed, this is the reason that Avast intends to participate very actively in advancing the work of ToIP Working Groups. “Avast is a global company, and the #1 challenge in establishing digital wallets and credentials that work around the world is interoperability,” said Mr. Reed. “It is a key focus of the European Digital Identity Wallets initiative as well as other government-sanctioned digital wallet projects. Avast believes that the ToIP stack is the answer, and we want to help drive its completion and adoption as quickly as possible.”For more information about Avast’s digital trust services and products, please visit www.avast.com/digital-trust. For more information about the ToIP Foundation, visit our website or see the Introduction to ToIP white paper.

Two of the most influential global membership organisations in the digital ID space have aligned to forge a faster and more secure route to a shared and trusted digital future.

Both The Open Identity Exchange (OIX) and Trust over IP Foundation (ToIP) have driven key development and made significant progress in their respective communities towards addressing the challenges around establishing ‘trust’ in users via digital means.

They have now committed to aligning their efforts, having realised the synergies in the work they were doing and the vast potential of working more closely together to drive their common agenda across the globe.

With a combined worldwide membership of over 400 organisations and individuals, including some of the world’s largest stakeholders in a digital ID future, this is a crucial development in the journey towards full digital ID adoption and a digital future that will work for everyone involved.

Born from the self-sovereign identity movement, ToIP’s widely recognised ToIP Stack is defining a complete architecture for internet-scale digital trust that combines the technical requirements for cryptographic trust at the machine layer with the governance requirements for human trust at the business, legal, and social layers.

Equally, the OIX’s comprehensive work around the governance of digital ID has been highly influential and widely accepted. It complements the governance elements of the ToIP stack. A prime example is OIX’s recently launched Guide to Trust Frameworks for Smart Digital ID that encompasses over 10 years of research and in-depth evaluation of existing Trust Frameworks around the world.

The Guide outlines how a both a simple digital ID (i.e., digitised credentials within a wallet) and a smart digital ID (i.e., one that understands rules to “to selectively disclose, derivate a specific attribute and aggregate several single attributes” per the EU’s new eIDAS2 ARF) can meet the needs of all the parties involved in a digital relationship or transaction. With a specific focus on placing the needs of the end users at the forefront (also a key driver for ToIP), the Guide defines the roles, responsibilities, principles, policies, procedures and standards needed.While remaining technology agnostic, a particular feature of the Guide is its alignment with the self-sovereign paradigm of decentralized identifiers (DIDs) and verifiable credentials stored in individual digital wallets. The Guide includes a mapping of OIX Trust Framework roles to SSI Roles as illustrated in the infographics below.

While this first infographic illustrates the relatively straightforward mapping of the SSI issuer/holder/verifier “trust triangle”, the Guide also shows how to map more complex SSI scenarios such as the one below, in which a holder submits proofs of one set of credentials to a rules engine to obtain a new derived level-of-assurance credential.

John Jordan, Executive Director of ToIP, said: “The lack of globally interoperable digital trust infrastructure has presented an urgent and widely acknowledged need for both technical standards and governance that ensure trust can be established quickly and safely across all sectors and borders. Our two organisations have a common vision – building trust online, and simplifying and standardising how trust is established. Our collective knowledge, expertise and research will be a powerful force ensuring the benefits of digital ID are realised by everyone involved – the end consumers, governments, relying parties and ID providers.”

Nick Mothershaw, Chief Identity Strategist at OIX, said: “Various initiatives around the world are trying to address the same issue with differing approaches. It is a highly complex global challenge that needs a united global response, and one that ensures the needs of all parties are met. To achieve it, governance must be generic and technology agnostic, and smart digital ID will need to play a significant role. The goals and strategies of both organisations highly complement each other. We have both already made significant progress, which has been reflected in the growth of our memberships, and the Self-sovereign alignment of the new OIX trust framework. By further aligning our efforts, we can have a greater impact.”

ENDS

For more information, please contact Serj Hallam 

E: communications@openidentityexchange.org 

T: 07789372771

About The Open Identity Exchange (OIX)

The OIX is a non-profit trade organisation on a mission to create a world where everyone can prove their identity and eligibility anywhere through a universally trusted ID. OIX is a community for all those involved in the ID sector to connect and collaborate, developing the guidance needed for inter-operable, trusted identities. Through our definition of, and education on Trust Frameworks, we create the rules, tools and confidence that will allow every individual a trusted, universally accepted, identity.

About The Trust over IP Foundation (ToIP)

As a Joint Development Foundation project of the Linux Foundation, the mission of the ToIP Foundation is to simplify and standardise how trust is established over a digital network or using digital tools. The ToIP model is a complete architecture for decentralized digital trust infrastructure that combines cryptographic verifiability at the machine layers with human accountability at the legal, business, and social layers. ToIP is a collaborative community of international experts working together to design the specifications, recommendations, guides, and tools for using the ToIP four-layer dual stack of technology and governance.

Tampa-based Schellman, a leading provider of attestation and compliance services, announced today that it is joining the Trust over IP Foundation (ToIP) as a Steering Committee member. As the first IT audit firm to join the leadership of ToIP, this move represents Schellman’s belief in the growing suite of digital governance specifications and tools being developed by ToIP Working Groups.

Representing Schellman on the Steering Committee will be Scott Perry, whose firm Scott S. Perry CPA, PLLC, was recently acquired by Schellman. Scott was a founding Contributing Member of ToIP and has served as co-chair of the ToIP Governance Stack Working Group since its inception in May 2020.

“This is the culmination of work that began over six years ago when I started collaborating with Timothy Ruff, co-founder of Evernym and of the Sovrin Foundation, on audit and compliance in the emerging SSI space,” said Scott. “We realized that this could revolutionize how digital trust works everywhere on the Internet, and out of that was born the ToIP Foundation. So it is very gratifying for me to now join the Steering Committee and contribute directly to the success of the ToIP model.”

Scott has authored or co-authored a number of deliverables from the ToIP Governance Stack WG including:

• ToIP Governance Metamodel Specification (PDF) and Companion Guide (PDF)
• ToIP Risk Assessment Worksheet Template (Excel) and Companion Guide (PDF)
• ToIP Trust Assurance and Certification Controlled Document Template (Excel) and Companion Guide (PDF)
• ToIP Trust Criteria Matrix Template (Excel) and Companion Guide (PDF)

Scott saw the acquisition of his firm as a means of harnessing a well-established delivery capability of digital trust audit services from a top CPA Firm; Schellman saw this as a quick entry into an important emerging segment of the compliance marketplace and wanted to cement this commitment by joining the ToIP Steering Committee.

“Holding digital trust actors accountable in any or all layers of the ToIP stack will require independent audit skills and experience in a variety of compliance frameworks,” said Avani Desai, CEO at Schellman. “The deliverables already published by ToIP serve as an audit methodology for trust assurance, so they will nicely complement the services we currently offer as a WebTrust CPA firm, an ISO Certification Body, a PCI Qualified Security Assessor Company, a HITRUST assessor, a FedRAMP 3PAO, and as one of the first CMMC Authorized C3PAOs.”

“I am very happy to see this recognition of the ToIP Foundation’s groundbreaking work in digital governance frameworks,” said Judith Fleenor, ToIP Director of Strategic Engagements. “Scott has been a leader in this work from the start, and the acquisition of his firm and the support of Schellman signals that the ToIP governance metamodel is starting to see serious traction in the market. Look for more evidence coming from several new digital trust ecosystems later this year.”

Visit the Schellman website to learn more about their new Crypto and Digital Trust Service practice.

The Trust over IP (ToIP) Foundation announced a critical governing framework (PDF) to assist Santa in making his toughest choices during Christmas Eve.

For generations, Santa used many information sources, potentially unreliable, to choose gifts. However, with the advent of verifiable credential standards, systems, and governance, a more trustworthy ecosystem is being built which will issue NAUGHTY and NICE verifiable credentials based upon trustworthy evidence and accountability standards for all participants.

ToIP, working closely with the Santa-led Meaningful Gift Alliance (MEGA), applied its ground-breaking Metamodel Specification to define the ecosystem whereby trustworthy NAUGHTY and NICE credentials will be made available to Santa on Christmas Eve. This effort is expected to save Santa and his elves around 3.14159 million elf-hours per Christmas event which translates into a minimum of 742,000 additional toy deliveries for the 2.2 billion children of the world. #logistics #supplychain

Santa is thrilled. “Those NAUGHTY and NICE lists are just too difficult to scroll through when I’m out all-night delivering presents. I get acid reflux worrying that I’ll get my lists mixed up! This new ecosystem delivers all the information I need right to my satellite smartphone with the confidence I need to sail through the night!” #UXdesign

The Governance Framework (PDF) sets nuanced and contextual rules for the privacy protection of BAD and GOOD life events for children, used as input to the quantum-computer generated algorithm that issues NAUGHTY and NICE credentials. It also allows for parents, guardians, and child-advocates to petition on a child’s behalf.  The Glossary of Terms for uses for the MEGA Governance Framework (PDF) is supported by a Trust Over IP terms community using the Trust Over IP terms wiki tool.

“While we want to save Santa some stress, the main focus is ensuring every child gets a meaningful gift each gift-giving season.” says Nichola Hickman, Secretariat for the Meaningful Gift Alliance. “We consulted with many meaningful gift-givers, including representatives for Wookie Life Day, Mother Earth, the IFFF (International Federation of Fairy Godmothers & Tooth Fairies) and the Free Magi-Sons. They all had experienced fraud from grown-ups claiming to be children, so we are delighted with this new method of ensuring that every child gets exactly what they deserve.” 

Bids will be announced shortly for vendors for MEGA’s technical infrastructure. 

MEGA also joined the Good Elf Pass Initiative whose “interoperability blueprint” supports its crucial role as issuers of these credentials. The ground-breaking “Hypersleigh” blockchain standard will also support rapid delivery and high security for all Meaningful Gifts. #hypersleigh

For more information on these emerging ecosystems and the Trust Over IP Foundation, contact us at https://trustoverip.org/contact/.  Happy Holidays and Happy New Year!

Following the September announcement of its first tools for managing risk in digital trust ecosystems, today the ToIP Foundation announced three more pairs of tools to assist in the task of generating digital governance and trust assurance schemes:

1. The ToIP Governance Framework Matrix and Companion Guide.
2. The ToIP Trust Assurance and Certification Template and Companion Guide.
3. The ToIP Trust Criteria Matrix Template and Companion Guide.

“These three new tools—each with its accompanying Companion Guide—are explicitly designed to simplify and streamline the process of developing robust governance for any digital trust community building on ToIP infrastructure,” said Scott Perry, co-chair of the ToIP Governance Stack Working Group (GSWG) and a certified WebTrust auditor. “They can help turn a job that often takes years into one that takes weeks or months.”

The physical credentials we use today, such as credit card and driver’s licenses, have governance frameworks and trust assurance schemes built by governments and industry associations over many years. Now we are moving to digital credentials verified using cryptography, we need to make the process of adapting these existing governance frameworks—or creating new ones explicitly tailored for digital life—much easier and faster.

“Governance is both simple and complex. Everyone has their own ideas of what Governance is and should be. The complexity comes when multiple parties need to agree on what it is and should be,” said Savita Farooqui, GSWG member and primary author of the Governance Framework Matrix. “The Governance Framework Matrix divides the problem in small chunks and provides a flexible framework to define governance and seek agreements.”

The Governance Framework Matrix is a recipe for setting the process of governance in motion.  Without a starter set of governance topics to drive discussion and consensus, governing bodies stall in its formation.

The Trust Assurance Companion Guide explains in detail, in plain language, how accountability is generated from community participation in a governance framework.

“The Trust Assurance Template and Companion Guide is akin to the ‘Cliff Notes of Accountability’,” said Drummond Reed, GSWG co-chair. “When you combine it with the Trust Criteria Matrix, it means you don’t need to be a cybersecurity audit professional to grasp what is needed to meet the accountability requirements of your digital trust ecosystem.”

The Trust Over IP (ToIP) Foundation together with the Good Health Pass Collaborative (GHPC) today announced the release of the Good Health Pass (GHP) Interoperability Blueprint V1.0.0 (PDF). Produced by over 125 participating companies and organizations spanning global travel, health, cybersecurity, privacy, and government, the Blueprint is an urgently needed solution that describes how to unify the widely disparate set of digital vaccination certificate solutions on the market.

“Over the past several months, different vaccination certificate formats have been announced by at least a dozen different governments, health authorities, and industry consortia around the world, including the European Union’s Digital COVID Certificate and the World Health Organisation’s Digital Document of COVID-19 Certificates,” said John Jordan, Executive Director of the ToIP Foundation. “Each of these is good and valuable in its own right, however because they are designed to be digital health documents, they share more information than is necessary simply to prove one’s COVID-19 status for purposes of travel or entry to a venue. The Good Health Pass Blueprint was designed from the ground up to provide an international trust framework that addresses the need for a simple, secure, standard, privacy-preserving health pass that works anywhere you need to prove your health status, just like a mobile boarding pass works with any airline.”

The Good Health Pass effort began with the Good Health Pass Collaborative (GHPC) organized by ID2020, a non-profit organization focused on ethical digital identity. In February 2021, GHPC published the Good Health Pass Interoperability Blueprint Outline, which specified the key problems that needed to be solved and the core design principles that needed to be followed. GHPC then formed a partnership with the ToIP Foundation to launch the Interoperability Working Group for Good Health Pass. Working Group leadership and cross-industry expertise were also contributed by Linux Foundation Public Health (LFPH), particularly its COVID Credentials Initiative (CCI). This combined effort resulted in a fully open and transparent process that created the full Blueprint in under eight weeks.

After a public review period during June with stakeholders in air travel, government, healthcare, hospitality, and other affected sectors, the Blueprint was finalized in mid-July for final approval and publication. “Publication of the V1.0.0 Blueprint is just the first step in seeing interoperable privacy preserving digital health passes adopted in order to support people being able to gather together again with lower personal and public health risk,” said Kaliya Young, chair of the Working Group and Ecosystems Director at CCI. “Our next task is collaborating with real world implementers to fill in any remaining gaps to get to an interoperable system and working with LFPH and other partners to deliver open source code that can be deployed.”

Judith Fleenor, Director of Strategic Engagements at the ToIP Foundation, adds “The best news is that the Good Health Pass Blueprint does not compete with or replace any of the publicly announced COVID-19 health certificates. It is compatible with all of them—and others still to come. With the right software, all those health certificates can be ingested and verified in order to issue a Good Health Pass-compliant health pass. This focus on interoperability will make life much simpler and safer for both users and verifiers.”

The ToIP Foundation is especially proud of this effort because it demonstrates how applying the core principles of interoperable digital trust architecture solves global problems and builds confidence in solutions that have data integrity, portability, and confidentiality built-in. This is the fundamental motivation for creating the ToIP Stack, the ToIP Foundation’s model for developing privacy-preserving, interoperable, and decentralized digital identity solutions that form and sustain digital trust relationships.

The high-speed collaboration enabled by the Interoperability Working Group for Good Health Pass also illustrates the value of the antitrust and royalty-free intellectual property rights protections that all our Working Groups enjoy as a Linux Foundation (LF) project. “Good Health Pass is a textbook example of the kind of project the LF was formed to support,” said Brian Behlendorf, LF General Manager of Healthcare, Blockchain, and Identity. “Being able to bring together this many global experts to work so intensively in such a short period is unprecedented—and shows the kind of confidence that the LF has built in an open public collaboration process.”

We encourage you to review the Blueprint, endorse it, and adopt it—and to join the Interoperability Working Group for Good Health Pass if you would like to collaborate with other industry leaders in creating the world’s first privacy-preserving health credential interoperability framework.

The Trust over IP Foundation will host a live, interactive webinar event on December 15, 2020.

Titled “Trust over IP and Government,” this event will feature a panel of industry leaders speaking to topics that include travel, healthcare, education, regulatory compliance and public-private sector collaboration.

This will be an excellent opportunity to better understand how decentralized, verifiable credentials can be used by governments across jurisdictions to simplify and improve the lives of citizens.

Two sessions of the webinar will be held to accommodate participants in various time zones globally (see poster below).

Please join us by registering for the webinar here: https://bit.ly/36I8ipL

Governments, nonprofits and private sectors across finance, health care, enterprise software and more team up with Linux Foundation to enhance universal security and privacy protocols for consumers and businesses in the digital era

The ToIP Foundation is being developed with global, pan-industry support from leading organizations with sector-specific expertise. Founding Steering members include Accenture, BrightHive, Cloudocracy, Continuum Loop, CULedger, Dhiway, esatus, Evernym, Finicity, Futurewei Technologies, IBM Security, IdRamp, Lumedic, Mastercard, MITRE, the Province of British Columbia and SICPA. Contributing members include DIDx, GLEIF, The Human Colossus Foundation, iRespond, kiva.org, Marist College, Northern Block, R3, Secours.io, TNO and University of Arkansas.

Businesses today are struggling to protect and manage digital assets and data, especially in an increasingly complex enterprise environment that includes the Internet of Things (IoT), Edge Computing, Artificial Intelligence and much more. This is compounding the already low consumer confidence in the use of personal data and is slowing innovation on opportunities like digital identity and the adoption of new services that can support humanity.

Without a global standard for how to ensure digital trust, these trends are bound to continue. The ToIP Foundation will use digital identity models that leverage interoperable digital wallets and credentials and the new W3C Verifiable Credentials standard to address these challenges and enable consumers, businesses and governments to better manage risk, improve digital trust and protect all forms of identity online.

“The ToIP Foundation has the promise to provide the digital trust layer that was missing in the original design of the Internet and to trigger a new era of human possibility,” said Jim Zemlin, executive director at the Linux Foundation. “The combination of open standards and protocols, pan-industry collaboration and our neutral governance structure will support this new category of digital identity and verifiable data exchange.”

The Linux Foundation’s open governance model enables the ToIP Foundation to advance a combination of technology and governance standards for digital trust in a neutral forum that supports pan-industry collaboration. An open governance model that can be integrated into the development of the standards for digital trust is essential where the business, legal and social guidelines for technology adoption impacts human trust and behavior.

The ToIP Foundation will initially host four Working Groups. The Technical Stack Working Group and the Governance Stack Working Group will focus on building out and hardening the Technical and Governance halves of the ToIP stack, respectively. The Utility Foundry Working Group and the Ecosystem Foundry Working Group will serve as communities of practice for projects that wish to collaborate on the development of ToIP utility networks or entire ToIP digital trust ecosystems.

The ToIP Foundation will host an all-digital launch event on May 7, 2020 at 9AM PDT that will feature a panel discussion, interoperability demonstration and live Q&A. Register now for the live event. A second event will be hosted for the APAC region.

For more information about the ToIP Foundation, please visit www.trustoverip.org

Steering Member Comments

Accenture

“The internet and digital technologies are a critical part of the way we engage with each other and with organizations. Accenture has a deep commitment to developing solutions to build trust, protect privacy and put control of an individual’s data squarely in their hands. The Trust over IP (ToIP) Foundation is bringing together a powerful mix of experts and doing it at the exact right time given the urgent need to encourage greater adoption and increase trust in data privacy and ownership,” said Christine Leong, managing director, global lead for Decentralized Identity & Biometrics at Accenture.

BrightHive

“Now, perhaps more than ever, networks of public and private sector organizations know the value that can be created by collaborating with one another around their combined data to create novel insights and better align their work. But they also want to collaborate in the most responsible way possible. The work of the Trust over IP Foundation will radically strengthen the infrastructure of responsible data sharing by establishing a global standard for digital trust—ensuring that the very way that data is exchanged and verified creates a much-needed layer of security, privacy and trust. BrightHive is excited by the promise of this standard, and proud to partner with the other members to help see it realized,” said Matt Gee, CEO, BrightHive.

Cloudocracy

“Trust is the foundational element of all relationships between government, organizations, and each of us as individuals. Trust at Internet-scale, serves our greater global community and is best accomplished by communities of trust ecosystems. The Trust Over IP Foundation is the next stage of enabling this journey globally. The paradigm-shifting model of decentralized, person-centric identity is likely one of the most important breakthroughs in data privacy, cyber security and unlocking business value in many years. Cloudocracy seeks to facilitate coalitions of government, supply-chains and individuals to embark on journeys to establish value-based trust ecosystems towards achieving highly secure and empowered private ecosystems and the public-private ‘Internet of Value.’ The global shift will go beyond enabling government and organizations to reduce costs, complexity and add value but will also help steer to a better compass heading in protecting individual data privacy, health and biometric information, while also reducing risks and economic impacts of cyber security data breaches,” said Will Groah, executive director, Cloudocracy.

Continuum Loop

“The leaders we work with know that trust on the Internet isn’t working. They want to start building deep trust with their customers and partners. Our clients are investing, as are we, in the Trust Over IP Foundation. We all want to make sure we are involved in building the digital trust layer that the Internet needs. The technology works – now it is about building business cases and governance,” said Darrell O’Donnell, president and CEO, Continuum Loop.

CULedger

“The credit union movement is based on the idea that trusted interactions between people connected by a common bond are the best interactions.  A self-sovereign, secure, trusted identity, like MemberPass, is essential in the world ahead, and CULedger is paving the way for credit unions and financial cooperatives worldwide to pioneer this important effort and bring this frictionless digital experience to more than 270 million credit union members.  The work developed out of the Trust over IP Foundation will be the cornerstone to facilitate these trusted interactions in the new digital age.  We are excited about the opportunity to be working with other leading organizations in support of this effort,” said John Ainsworth, president/CEO, CULedger.

Dhiway

“Dhiway is happy to join the Trust over IP (ToIP) Foundation as one of the founding members. Our strategic initiatives are designed to bring a higher degree of assurance to the exchange of data between peers, over the Internet and other digital networks. Our participation is aligned with our vision to make the world more transparent and trusted, using digital frameworks that can be universally referenced, understood and consumed.  We intend to contribute our knowledge and expertise to support the ToIP foundation in its mission to build an interoperable architecture for Internet-scale digital trust –  empowering a growing ecosystem of companies and communities to exercise control over their digital assets. It’s encouraging to see the open collaboration that has led to the formation of this Foundation, and we are humbled and thrilled to be a part of this pioneering effort,” said Satish Mohan, Founder & CTO, Dhiway.

esatus

“On our mission of enforcing information security, strong trust relationships are essential. We need them to be equally strong in the real world and online. The Trust over IP Foundation facilitates easy composition, ramp-up and maintenance of digital trust components. Conveying real-world trust online is ultimately possible at flexibility and scale. esatus enterprise solutions employ digital trust components already, making next-gen security and privacy available to its customers today. Being a founding member of the Trust over IP Foundation is a natural fit,” said Dr. André Kudra, CIO at esatus AG. 

Evernym

“Evernym believes the only way to truly solve the avalanche of trust problems on the Internet is with an open standard and open governance model that is as universal as the TCP/IP stack that created the Internet itself. We have helped build the architecture of the ToIP stack layer by layer for the past three years, including the W3C Verifiable Credentials and Decentralized Identifiers standards that are at the heart of this new model, because we believe it will unlock a new explosion of value for every person, business, community and government using digital communications. We are thrilled to help stand up the ToIP Foundation at the Linux Foundation and hope that it attracts every company and contributor who wants to build a strong and lasting trust layer for the Internet,” said Drummond Reed, chief trust officer at Evernym and co-editor of the W3C Decentralized Identifier (DID) specification.

Finicity

“The Internet has fueled incredible innovation over that past few decades. And yet it has been significantly handicapped due to a general lack of trust. As we solve the trust dilemma, we will see a rapid acceleration of innovations that will change the way we do business, connect with others and consume information and entertainment,” said Nick Thomas, president & chief scientist and innovation officer, Finicity. “Finicity looks forward to advancing digital trust standards through its participation in the Trust over IP (ToIP) Foundation.”

IBM

“In today’s digital economy, businesses and consumers need a way to be certain that data being exchanged has been sent by the rightful owner and that it will be accepted as truth by the intended recipient. Many privacy focused innovations are now being developed to solve this challenge, but there is no ‘recipe book’ for the exchange of trusted data across multiple vendor solutions,” said Dan Gisolfi, CTO, Decentralized Identity, IBM Security. “The new Trust over IP Foundation marks an evolutionary step which goes beyond standards, specs and code, with the goal of creating a community-driven playbook for establishing ‘ecosystems of trust.’ IBM believes that the next wave of innovation in identity access management will be for credential issuers and verifiers to partake in these ecosystems, where trusted relationships are built upon cryptographic proofs.”

IdRamp

“Formation of The ToIP Foundation will transform and improve how digital services operate. Traditional centralized identity systems are hinged to vast security vulnerabilities that are not sustainable in a growing digital economy. Centralized services for things like mufti-factor authentication or social login encumber user flow and unnecessarily expose sensitive information to third parties. Decentralized systems resolve these problems but struggle with interoperability and standards to accelerate mass adoption. The Trust Over IP Foundation will help formalize and simplify adoption of Trust as a basic digital utility for everyone. The TOIP stack provides the foundation for a new generation of digital identity services. These services will provide high security frictionless interaction that put the user in control of their personal data. Organizations will establish personal connections with employees and user communities that are immune to the vulnerabilities of centralized systems. Individuals will be able to connect with one another without exposing personal information to the mediators that regulate digital interactions today. This will help businesses move beyond complex identity security investments that erode the bottom line and slow innovation. Verifiable digital trust in a decentralized data economy will open a world of possibilities for all individuals and businesses. As a founding member of the ToIP foundation, IdRamp is committed to helping businesses build a new decentralized digital economy that will evolve organically from traditional centralized systems,” said Mike Vesey, CEO, IdRamp.

Lumedic

“As the first representative of the health care industry on the Steering Committee, Lumedic sees tremendous potential for the Trust over IP Foundation to contribute to health care interoperability,” said Chris Ingrao, chief operating officer of Lumedic. “In confronting the challenges raised by the COVID-19 pandemic, we’ve seen that modern technologies can make a powerful difference when paired with strong governance models. The TOIP stack ensures that the way we exchange trusted health care information meets industry needs at a global scale.”

Mastercard

“We are building a bridge to a world where a person’s identity can be verified immediately, safely and securely for use in the digital world – where now, more than ever, identity is essential for delivery of digital health, education and government services. This cannot be accomplished in isolation. We are collaborating and innovating with governments, technology companies, financial institutions and industry sectors to make this a reality. Our participation within the Trust over IP Foundation builds atop the groundwork we currently have in place to ensure industry standards to guarantee we all transact and interact in a secure, convenient and trusted manner,” said Charles Walton, senior vice president, Digital Identity, Mastercard.

MITRE

“Advances in digital technologies and the Internet have brought great convenience to our lives.  But they also present risk – the inability to verify with confidence the identity of those you are connected with leaves us vulnerable to cyberattacks, identity theft, human trafficking, and financial fraud,” said Jim Cook, vice president of Strategic Engagement and Partnerships at MITRE. “As a not-for-profit company working in the public interest with a mission to solve problems for a safer world, we at MITRE are committed to creating a digital world in which people can interact safely and with confidence.  We applaud the Linux Foundation initiative to launch the Trust over IP Foundation, and we are honored to be a founding member.  We believe real innovation is made possible through open partnership, collaboration and cooperation, and we look forward to contributing to a safer internet through the Trust over IP Stack project.”

The Province of British Columbia

“The Province of British Columbia sees our collective potential to enable global-scale digital trust. The Trust over IP Foundation will be a significant leap forward in establishing a standards-based way for individuals and businesses around the world to interact and transact in safe and secure ways over the Internet,” said Dave Nikolejsin, Deputy Minister of Energy, Mines and Petroleum Resources and Chair of the Board of Digital Identity and Authentication Council of Canada. “From our perspective, this work augments our foundational regulatory role in the economy. In the natural resources sector, we see the potential to empower companies to have a new digitally trusted means to demonstrate due diligence on environmental and social impacts of projects as they work with Indigenous peoples and government. The Province of British Columbia is a founding member of the Trust over IP Foundation to help promote this new era of trusted digital services that everyone can rely on.”

SICPA

“For over 90 years, SICPA has partnered with governments, companies and organizations worldwide, to enable trust in banknotes, identities, products and brands. Our customers’ physical and digital lives are increasingly entwined, at work and at home, and our mission is to help shape trusted digital interactions by collaborating in enabling initiatives like the Trust over IP Foundation.  Building trust at a distance and at scale is a global challenge that will form the keystone in delivering the ultimate promise of an interconnected world: to respect the rights, privacy and security of everyone online and offline,” said Kalin Nicolov, Head of Digital Currency, SICPA.

Contributing Member Comments

DIDx

“The Internet lacks a digital trust layer that is not centrally controlled and managed. It is more important than ever to take control of our digital identities and data. The ToIP stack provides full control of digital identities and enables secure, privacy-preserving trust channels with verifiable data exchange. The digital trust layer of the internet. DIDx (a South African based startup) is excited to contribute and build interoperable trust ecosystems across Africa using the ToIP stack and are pleased to join the establishment of the ToIP Foundation together with the Linux Foundation,” said Lohan Spies, CEO DIDx.

GLEIF

“Trust is paramount within today’s digital world and we shouldn’t be afraid to challenge existing online processes for the greater good. The Trust over IP Foundation provides a neutral environment for these important conversations and will facilitate industry collaboration to create a global standard which businesses and consumers can trust. This aligns closely with GLEIF’s work to date as a not-for-profit organization which enables smarter, less costly and more reliable decisions about who to do business with. Our Global LEI System solves the problem of trust for legal entities worldwide, and we look forward to applying our expertise alongside many leading organizations within the foundation,” said Stephan Wolf, CEO, Global Legal Entity Identifier Foundation (GLEIF).

kiva.org

“As internet connectivity and digital services reach the world’s most vulnerable populations, it is paramount that we implement standardized, interoperable systems,” said Matthew Davie, chief strategy officer at Kiva. “The Trust over IP Foundation provides a framework to bring trust to this emerging segment of the digital economy and does so in a way that is consumer-centric and privacy-centric by design.”

The Human Colossus Foundation

“The synergistic domains of trusted identity and immutable semantics are required for organizations to integrate into a new decentralized data economy. The Human Colossus Foundation mission to implement decentralized semantics is aligned with the Trust over IP Foundation. We are proud to contribute to the collaborative projects and initiatives being launched,” said Paul Knowles, Head of the Advisory Board at The Human Colossus Foundation.

iRespond

“Trust is the foundation of every ecosystem, and governance is critical to build trust.  The creation of the ToIP foundation is a critical step toward both trust and governance, built on inclusion, transparency and open standards. We expect ToIP to be part of the essential glue that binds decentralized networks and identity.  The disadvantaged beneficiaries we serve will likely gain from this critical step to address challenges of guardianship and disruption of traditional barriers to establishing identity,” said Scott Reid, CEO, iRespond.

Marist College

“Marist College has long been on the cutting edge of technology innovation. We are excited to be a founding member of this effort to address digital trust and decentralized identity management at a time when internet transactions are a vital part of higher education and our growing digital economy,” said Michael Caputo, MS, vice president for Information Technology/CIO, Marist College.

Northern Block

“Northern Block is committed to empowering the mass adoption of digital verifiable credentials, which we believe won’t be possible without robust and common standards. The launch of the ToIP Foundation is the beginning of a new chapter for any organization who has been working diligently to enhance trust in life’s experiences. We look forward to supporting increasing participation in trusted ecosystems and burgeoning innovation in consumer experiences through digital trust,” said Mathieu Glaude, CEO at Northern Block.

R3

“R3 remains committed to supporting the development of secure, trusted and privacy preserving digital identity ecosystems and our participation in the Trust over IP Foundation is a reflection of that commitment. Our customers across industries including banking, insurance health care and telecommunications all agree that identity cannot be solved in isolation. With the industry coming together under the Trust Over IP Foundation we can work on the standards that will enable interoperability and unlock new opportunities for all. Our Corda platform is designed to enable private transactions, and by incorporating the work of the ToIP Foundation, we can develop solutions uniquely suitable for self-sovereignty in the digital world,” said Abbas Ali, Head of Digital Identity at R3.

Secours.io

“Our past inability to deal with privacy has cost human lives, because it limits innovation that can save lives. Trust over IP gives government the verification and governance it needs, and the public gets the trust it needs now allowing innovation to save lives,” said Sgt. J. Stirling Ret., Ontario Provincial Police, Provincial SAR Coordinator.

TNO

“TNO has deep involvement in the standardization and ecosystems of self-sovereign identity, including W3C, DIF, Hyperledger, Sovrin, RWoT and IIW. Our national and international partners and customers are looking for full-stack Trust-over-IP solutions. The ToIP approach is unique, as it includes the complexities of the top ‘business’ parts of the Trust-over-IP stack, as well as the governance of all layers. We believe that ToIP provides an excellent ground to contribute and further develop this knowledge base and apply it to many projects in ‘admintech’ and other industry sectors where trust in the provenance of data is essential,” said Dr. Oskar van Deventer, senior scientist Self-Sovereign Identity, TNO.

University of Arkansas

“The Internet was built in the 1970s and 1980s to allow machine-to-machine transfer of information, but it was missing the trust layer that identifies the people, organizations, or objects running those machines. The Trust over IP (ToIP) Foundation is building the technical and governance standards to provide that missing layer, which will enable trusted, secure, peer-to-peer transfers of value.  Voices from industry, governments and academia are needed to realize the vision. As an academic partner, the Blockchain Center of Excellence at the University of Arkansas is pleased to join this effort to develop open standards for a trust layer over the Internet,” said Mary Lacity, Walton Professor and Director of the Blockchain Center of Excellence at the University of Arkansas.

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Media Contacts
Beth Handoll
ReTHINKitMedia
beth@rethinkitmedia.com
+1 415 535 8658