Best practices for enabling consistent, accessible and trustworthy data exchange experiences for all
Since the missions of ToIP and OpenWallet Foundation (OWF) are so complementary, the ToIP Foundation is joining the OWF as an Associate Member.
Representing over a thousand collective hours of work, it specifies the architectural requirements for the ToIP Technology Stack.
Avast (LON:AVST), a company best known for its antivirus and other cybersecurity products for consumers, has joined the Trust Over IP (ToIP) Foundation as a Steering Member. Avast recently acquired Evernym, a founding ToIP Steering Member, and SecureKey, a ToIP Contributor Member since 2020.
Avast’s ToIP Steering Committee member will be Drummond Reed, Director of Trust Services at Avast. Mr. Reed has served as Evernym’s Steering Committee member since the founding of ToIP in May 2020. He currently co-chairs the ToIP Governance Stack Working Group and Concepts and Terminology Working Group and is a vice-chair of the Technology Stack Working Group.
“Avast brings a new perspective to the Foundation’s mission of defining Internet-scale decentralized digital trust infrastructure,” said Mr. Reed. “Avast has a 30 year history of protecting the digital devices of over 435 million consumers. Now Avast wants to extend that protection to individual’s digital identity and relationships online because identity is at the very heart of cybersecurity.”
Avast, headquartered in Prague, is rapidly building one of the largest decentralized digital trust teams in the world. In June of 2021, they hired Charles Walton, a former Mastercard executive (and Mastercard’s original ToIP Steering Committee member), as General Manager of their new Digital Trust Services division. Then in December 2021, Avast acquired Evernym, one of the global leaders in self-sovereign identity (SSI). In March 2022 they announced the acquisition of SecureKey, operators of the Verified.Me network in Canada that is one of the largest bank ID networks in the world.
In a keynote speech at the European Identity Conference in Berlin, Mr. Walton said Avast would be focusing its efforts on the “empowered consumer”—giving individuals the tools they need to have portable, reusable digital identity credentials that do not depend on any one device, operating system, or identity federation. “It is finally time we had digital wallets with digital credentials that work exactly the same way our real-world wallets do,” said Mr. Reed. “We can take and use them anywhere to privately prove just what another party needs to know in the context of a particular transaction. We don’t have to go through any third-party gatekeeper to do this. That’s the way it should work in the digital world too.”
The challenge, of course, is interoperability—the entire raison d’etre of the ToIP Foundation. According to Mr. Reed, this is the reason that Avast intends to participate very actively in advancing the work of ToIP Working Groups. “Avast is a global company, and the #1 challenge in establishing digital wallets and credentials that work around the world is interoperability,” said Mr. Reed. “It is a key focus of the European Digital Identity Wallets initiative as well as other government-sanctioned digital wallet projects. Avast believes that the ToIP stack is the answer, and we want to help drive its completion and adoption as quickly as possible.”For more information about Avast’s digital trust services and products, please visit www.avast.com/digital-trust. For more information about the ToIP Foundation, visit our website or see the Introduction to ToIP white paper.
Two of the most influential global membership organisations in the digital ID space have aligned to forge a faster and more secure route to a shared and trusted digital future.
Both The Open Identity Exchange (OIX) and Trust over IP Foundation (ToIP) have driven key development and made significant progress in their respective communities towards addressing the challenges around establishing ‘trust’ in users via digital means.
They have now committed to aligning their efforts, having realised the synergies in the work they were doing and the vast potential of working more closely together to drive their common agenda across the globe.
With a combined worldwide membership of over 400 organisations and individuals, including some of the world’s largest stakeholders in a digital ID future, this is a crucial development in the journey towards full digital ID adoption and a digital future that will work for everyone involved.
Born from the self-sovereign identity movement, ToIP’s widely recognised ToIP Stack is defining a complete architecture for internet-scale digital trust that combines the technical requirements for cryptographic trust at the machine layer with the governance requirements for human trust at the business, legal, and social layers.
Equally, the OIX’s comprehensive work around the governance of digital ID has been highly influential and widely accepted. It complements the governance elements of the ToIP stack. A prime example is OIX’s recently launched Guide to Trust Frameworks for Smart Digital ID that encompasses over 10 years of research and in-depth evaluation of existing Trust Frameworks around the world.
The Guide outlines how a both a simple digital ID (i.e., digitised credentials within a wallet) and a smart digital ID (i.e., one that understands rules to “to selectively disclose, derivate a specific attribute and aggregate several single attributes” per the EU’s new eIDAS2 ARF) can meet the needs of all the parties involved in a digital relationship or transaction. With a specific focus on placing the needs of the end users at the forefront (also a key driver for ToIP), the Guide defines the roles, responsibilities, principles, policies, procedures and standards needed.While remaining technology agnostic, a particular feature of the Guide is its alignment with the self-sovereign paradigm of decentralized identifiers (DIDs) and verifiable credentials stored in individual digital wallets. The Guide includes a mapping of OIX Trust Framework roles to SSI Roles as illustrated in the infographics below.
While this first infographic illustrates the relatively straightforward mapping of the SSI issuer/holder/verifier “trust triangle”, the Guide also shows how to map more complex SSI scenarios such as the one below, in which a holder submits proofs of one set of credentials to a rules engine to obtain a new derived level-of-assurance credential.
John Jordan, Executive Director of ToIP, said: “The lack of globally interoperable digital trust infrastructure has presented an urgent and widely acknowledged need for both technical standards and governance that ensure trust can be established quickly and safely across all sectors and borders. Our two organisations have a common vision – building trust online, and simplifying and standardising how trust is established. Our collective knowledge, expertise and research will be a powerful force ensuring the benefits of digital ID are realised by everyone involved – the end consumers, governments, relying parties and ID providers.”
Nick Mothershaw, Chief Identity Strategist at OIX, said: “Various initiatives around the world are trying to address the same issue with differing approaches. It is a highly complex global challenge that needs a united global response, and one that ensures the needs of all parties are met. To achieve it, governance must be generic and technology agnostic, and smart digital ID will need to play a significant role. The goals and strategies of both organisations highly complement each other. We have both already made significant progress, which has been reflected in the growth of our memberships, and the Self-sovereign alignment of the new OIX trust framework. By further aligning our efforts, we can have a greater impact.”
For more information, please contact Serj Hallam
About The Open Identity Exchange (OIX)
The OIX is a non-profit trade organisation on a mission to create a world where everyone can prove their identity and eligibility anywhere through a universally trusted ID. OIX is a community for all those involved in the ID sector to connect and collaborate, developing the guidance needed for inter-operable, trusted identities. Through our definition of, and education on Trust Frameworks, we create the rules, tools and confidence that will allow every individual a trusted, universally accepted, identity.
About The Trust over IP Foundation (ToIP)
As a Joint Development Foundation project of the Linux Foundation, the mission of the ToIP Foundation is to simplify and standardise how trust is established over a digital network or using digital tools. The ToIP model is a complete architecture for decentralized digital trust infrastructure that combines cryptographic verifiability at the machine layers with human accountability at the legal, business, and social layers. ToIP is a collaborative community of international experts working together to design the specifications, recommendations, guides, and tools for using the ToIP four-layer dual stack of technology and governance.
Tampa-based Schellman, a leading provider of attestation and compliance services, announced today that it is joining the Trust over IP Foundation (ToIP) as a Steering Committee member. As the first IT audit firm to join the leadership of ToIP, this move represents Schellman’s belief in the growing suite of digital governance specifications and tools being developed by ToIP Working Groups.
Representing Schellman on the Steering Committee will be Scott Perry, whose firm Scott S. Perry CPA, PLLC, was recently acquired by Schellman. Scott was a founding Contributing Member of ToIP and has served as co-chair of the ToIP Governance Stack Working Group since its inception in May 2020.
“This is the culmination of work that began over six years ago when I started collaborating with Timothy Ruff, co-founder of Evernym and of the Sovrin Foundation, on audit and compliance in the emerging SSI space,” said Scott. “We realized that this could revolutionize how digital trust works everywhere on the Internet, and out of that was born the ToIP Foundation. So it is very gratifying for me to now join the Steering Committee and contribute directly to the success of the ToIP model.”
Scott has authored or co-authored a number of deliverables from the ToIP Governance Stack WG including:
- ToIP Governance Metamodel Specification (PDF) and Companion Guide (PDF)
- ToIP Risk Assessment Worksheet Template (Excel) and Companion Guide (PDF)
- ToIP Trust Assurance and Certification Controlled Document Template (Excel) and Companion Guide (PDF)
- ToIP Trust Criteria Matrix Template (Excel) and Companion Guide (PDF)
Scott saw the acquisition of his firm as a means of harnessing a well-established delivery capability of digital trust audit services from a top CPA Firm; Schellman saw this as a quick entry into an important emerging segment of the compliance marketplace and wanted to cement this commitment by joining the ToIP Steering Committee.
“Holding digital trust actors accountable in any or all layers of the ToIP stack will require independent audit skills and experience in a variety of compliance frameworks,” said Avani Desai, CEO at Schellman. “The deliverables already published by ToIP serve as an audit methodology for trust assurance, so they will nicely complement the services we currently offer as a WebTrust CPA firm, an ISO Certification Body, a PCI Qualified Security Assessor Company, a HITRUST assessor, a FedRAMP 3PAO, and as one of the first CMMC Authorized C3PAOs.”
“I am very happy to see this recognition of the ToIP Foundation’s groundbreaking work in digital governance frameworks,” said Judith Fleenor, ToIP Director of Strategic Engagements. “Scott has been a leader in this work from the start, and the acquisition of his firm and the support of Schellman signals that the ToIP governance metamodel is starting to see serious traction in the market. Look for more evidence coming from several new digital trust ecosystems later this year.”
Visit the Schellman website to learn more about their new Crypto and Digital Trust Service practice.
These are tools that CIOs, CISOs, Chief Privacy Officers, trust architects, and other policymakers can begin using immediately to construct governance frameworks.
The Trust over IP (ToIP) Foundation announced a critical governing framework (PDF) to assist Santa in making his toughest choices during Christmas Eve.
For generations, Santa used many information sources, potentially unreliable, to choose gifts. However, with the advent of verifiable credential standards, systems, and governance, a more trustworthy ecosystem is being built which will issue NAUGHTY and NICE verifiable credentials based upon trustworthy evidence and accountability standards for all participants.
ToIP, working closely with the Santa-led Meaningful Gift Alliance (MEGA), applied its ground-breaking Metamodel Specification to define the ecosystem whereby trustworthy NAUGHTY and NICE credentials will be made available to Santa on Christmas Eve. This effort is expected to save Santa and his elves around 3.14159 million elf-hours per Christmas event which translates into a minimum of 742,000 additional toy deliveries for the 2.2 billion children of the world. #logistics #supplychain
Santa is thrilled. “Those NAUGHTY and NICE lists are just too difficult to scroll through when I’m out all-night delivering presents. I get acid reflux worrying that I’ll get my lists mixed up! This new ecosystem delivers all the information I need right to my satellite smartphone with the confidence I need to sail through the night!” #UXdesign
The Governance Framework (PDF) sets nuanced and contextual rules for the privacy protection of BAD and GOOD life events for children, used as input to the quantum-computer generated algorithm that issues NAUGHTY and NICE credentials. It also allows for parents, guardians, and child-advocates to petition on a child’s behalf. The Glossary of Terms for uses for the MEGA Governance Framework (PDF) is supported by a Trust Over IP terms community using the Trust Over IP terms wiki tool.
“While we want to save Santa some stress, the main focus is ensuring every child gets a meaningful gift each gift-giving season.” says Nichola Hickman, Secretariat for the Meaningful Gift Alliance. “We consulted with many meaningful gift-givers, including representatives for Wookie Life Day, Mother Earth, the IFFF (International Federation of Fairy Godmothers & Tooth Fairies) and the Free Magi-Sons. They all had experienced fraud from grown-ups claiming to be children, so we are delighted with this new method of ensuring that every child gets exactly what they deserve.”
Bids will be announced shortly for vendors for MEGA’s technical infrastructure.
MEGA also joined the Good Elf Pass Initiative whose “interoperability blueprint” supports its crucial role as issuers of these credentials. The ground-breaking “Hypersleigh” blockchain standard will also support rapid delivery and high security for all Meaningful Gifts. #hypersleigh
For more information on these emerging ecosystems and the Trust Over IP Foundation, contact us at https://trustoverip.org/contact/. Happy Holidays and Happy New Year!
Following the September announcement of its first tools for managing risk in digital trust ecosystems, today the ToIP Foundation announced three more pairs of tools to assist in the task of generating digital governance and trust assurance schemes:
- The ToIP Governance Framework Matrix and Companion Guide.
- The ToIP Trust Assurance and Certification Template and Companion Guide.
- The ToIP Trust Criteria Matrix Template and Companion Guide.
“These three new tools—each with its accompanying Companion Guide—are explicitly designed to simplify and streamline the process of developing robust governance for any digital trust community building on ToIP infrastructure,” said Scott Perry, co-chair of the ToIP Governance Stack Working Group (GSWG) and a certified WebTrust auditor. “They can help turn a job that often takes years into one that takes weeks or months.”
The physical credentials we use today, such as credit card and driver’s licenses, have governance frameworks and trust assurance schemes built by governments and industry associations over many years. Now we are moving to digital credentials verified using cryptography, we need to make the process of adapting these existing governance frameworks—or creating new ones explicitly tailored for digital life—much easier and faster.
“Governance is both simple and complex. Everyone has their own ideas of what Governance is and should be. The complexity comes when multiple parties need to agree on what it is and should be,” said Savita Farooqui, GSWG member and primary author of the Governance Framework Matrix. “The Governance Framework Matrix divides the problem in small chunks and provides a flexible framework to define governance and seek agreements.”
The Governance Framework Matrix is a recipe for setting the process of governance in motion. Without a starter set of governance topics to drive discussion and consensus, governing bodies stall in its formation.
The Trust Assurance Companion Guide explains in detail, in plain language, how accountability is generated from community participation in a governance framework.
“The Trust Assurance Template and Companion Guide is akin to the ‘Cliff Notes of Accountability’,” said Drummond Reed, GSWG co-chair. “When you combine it with the Trust Criteria Matrix, it means you don’t need to be a cybersecurity audit professional to grasp what is needed to meet the accountability requirements of your digital trust ecosystem.”
The Trust Over IP (ToIP) Foundation together with the Good Health Pass Collaborative (GHPC) today announced the release of the Good Health Pass (GHP) Interoperability Blueprint V1.0.0 (PDF). Produced by over 125 participating companies and organizations spanning global travel, health, cybersecurity, privacy, and government, the Blueprint is an urgently needed solution that describes how to unify the widely disparate set of digital vaccination certificate solutions on the market.
“Over the past several months, different vaccination certificate formats have been announced by at least a dozen different governments, health authorities, and industry consortia around the world, including the European Union’s Digital COVID Certificate and the World Health Organisation’s Digital Document of COVID-19 Certificates,” said John Jordan, Executive Director of the ToIP Foundation. “Each of these is good and valuable in its own right, however because they are designed to be digital health documents, they share more information than is necessary simply to prove one’s COVID-19 status for purposes of travel or entry to a venue. The Good Health Pass Blueprint was designed from the ground up to provide an international trust framework that addresses the need for a simple, secure, standard, privacy-preserving health pass that works anywhere you need to prove your health status, just like a mobile boarding pass works with any airline.”
The Good Health Pass effort began with the Good Health Pass Collaborative (GHPC) organized by ID2020, a non-profit organization focused on ethical digital identity. In February 2021, GHPC published the Good Health Pass Interoperability Blueprint Outline, which specified the key problems that needed to be solved and the core design principles that needed to be followed. GHPC then formed a partnership with the ToIP Foundation to launch the Interoperability Working Group for Good Health Pass. Working Group leadership and cross-industry expertise were also contributed by Linux Foundation Public Health (LFPH), particularly its COVID Credentials Initiative (CCI). This combined effort resulted in a fully open and transparent process that created the full Blueprint in under eight weeks.
After a public review period during June with stakeholders in air travel, government, healthcare, hospitality, and other affected sectors, the Blueprint was finalized in mid-July for final approval and publication. “Publication of the V1.0.0 Blueprint is just the first step in seeing interoperable privacy preserving digital health passes adopted in order to support people being able to gather together again with lower personal and public health risk,” said Kaliya Young, chair of the Working Group and Ecosystems Director at CCI. “Our next task is collaborating with real world implementers to fill in any remaining gaps to get to an interoperable system and working with LFPH and other partners to deliver open source code that can be deployed.”
Judith Fleenor, Director of Strategic Engagements at the ToIP Foundation, adds “The best news is that the Good Health Pass Blueprint does not compete with or replace any of the publicly announced COVID-19 health certificates. It is compatible with all of them—and others still to come. With the right software, all those health certificates can be ingested and verified in order to issue a Good Health Pass-compliant health pass. This focus on interoperability will make life much simpler and safer for both users and verifiers.”
The ToIP Foundation is especially proud of this effort because it demonstrates how applying the core principles of interoperable digital trust architecture solves global problems and builds confidence in solutions that have data integrity, portability, and confidentiality built-in. This is the fundamental motivation for creating the ToIP Stack, the ToIP Foundation’s model for developing privacy-preserving, interoperable, and decentralized digital identity solutions that form and sustain digital trust relationships.
The high-speed collaboration enabled by the Interoperability Working Group for Good Health Pass also illustrates the value of the antitrust and royalty-free intellectual property rights protections that all our Working Groups enjoy as a Linux Foundation (LF) project. “Good Health Pass is a textbook example of the kind of project the LF was formed to support,” said Brian Behlendorf, LF General Manager of Healthcare, Blockchain, and Identity. “Being able to bring together this many global experts to work so intensively in such a short period is unprecedented—and shows the kind of confidence that the LF has built in an open public collaboration process.”
We encourage you to review the Blueprint, endorse it, and adopt it—and to join the Interoperability Working Group for Good Health Pass if you would like to collaborate with other industry leaders in creating the world’s first privacy-preserving health credential interoperability framework.
Good Health Pass Collaborative Releases Draft Blueprint for Digital Health Passes in Advance of G7 Summit
In an eﬀort to restore global travel and restart the global economy, the Good Health Pass Collaborative today announced the release of the eagerly-anticipated Good Health Pass Interoperability Blueprint.
The Blueprint – released today in draft form for a three-week period of stakeholder consultations and public comment – is intended to stimulate discussion at the G7 Summit, which will open Friday in Carbis Bay, Cornwall, UK.
This announcement follows on a May 18 letter, sent by the Good Health Pass Collaborative to G7 leaders, urging them to adopt a statement of principles for digital health passes. The letter also called for the formation of a working group – composed of senior ministerial staﬀ from G7, G20, and European Union health and transport ministries – with the task of reaching international consensus on standards by July 16.
Unprecedented global collaboration – between governments, nonproﬁts, universities, and the private sector – propelled the rapid development and distribution of highly eﬀective COVID vaccines. A similar level of collaboration is urgently needed to ensure that veriﬁable digital health passes for international travel can be issued and universally accepted worldwide by airlines, border control agencies, and others.
Most governments already require proof of travelers’ COVID status – either through a recent negative test or, increasingly, proof of vaccination– as a precondition of entry. While dozens of solutions have been rushed to market to meet this growing demand, they vary greatly in the extent to which they protect user privacy and security and enable individuals to control access to their personal health information.
The absence of internationally recognized, consensus-based open standards – to which all solutions adhere – could leave individuals uncertain about the security and privacy of their data and even unsure of whether their health pass will be accepted for travel.
“Digital health passes oﬀer our best hope to safely, conﬁdently, and promptly restore global travel and restart the global economy – but only if they are widely trusted and adopted by the public and universally accepted by airlines and border control agencies,” said ID2020 executive director, Dakota Gruener. “The standards proposed in the Good Health Pass Interoperability Blueprint will make it possible for digital health pass systems around the world to be interoperable with one another, thus creating a trusted, convenient, and seamless experience for travelers as well as for airlines, airports, and border control agencies.”
Restoring international travel is vital to restarting the global economy. The World Travel and Tourism Council estimates that 61.6 million tourism-related jobs worldwide have been lost as a result of the pandemic. In 2020, travel and tourism contributions to global GDP decreased by 49.1%, a loss of $4.5 trillion (USD), nearly 18 times the impact experienced during the 2009 global ﬁnancial crisis.
Under normal circumstances, it would take years to develop standards for digital health passes.
In February, ID2020 launched the Good Health Pass Collaborative, a multi-sector, global initiative to establish guiding principles for digital health passes and dramatically streamline the standards development process. Within weeks, the Collaborative grew from 25 partners to more than 125 companies and organizations from across the health, travel, and technology sectors.
Nine “drafting groups”, bringing together more than 120 experts from the health, travel, and technology sectors were managed through a partnership with the Trust Over IP Foundation the Covid-19 Credentials Initiative and Linux Foundation Public Health – all projects of the Linux Foundation.
The resulting Good Health Pass Interoperability Blueprint addresses – in considerable depth and detail – nine technical and interoperability challenges around which global consensus must be reached:
- Design principles
- Creating a consistent user experience
- Standard data models and elements
- Credential formats, signatures, and exchange protocols
- Security, privacy, and data protection
- Trust registries
- Rules engines
- Identity binding (ensuring the authenticity of the holder)
“This draft blueprint is historic, both in its depth and breadth of proposed standards, as well as the number of expert volunteers who contributed their time to its development,” said Gruener. “When we partnered with the Trust Over IP Foundation, we committed to an open and inclusive process. Releasing the draft for public comment today takes that commitment a step further. We felt this was incredibly important, given the range of public and private entities expected to play a role in the issuance and acceptance of digital health passes and the need to build public trust and support their adoption.”
The UK government – in its capacity as president of the G7 – has identiﬁed “leading the global recovery from coronavirus, while strengthening our resilience against further pandemic” as the highest policy priority for this 47th G7 Summit. International agreement on principles and standards for digital health passes are critical to achieving this policy priority.
ID2020 is a global public-private partnership that harnesses the collective power of nonproﬁts, corporations, and governments to promote the adoption and implementation of user-managed, privacy-protecting and portable digital ID solutions.
By developing and applying rigorous technical standards to certify identity solutions, providing advisory services and implementing pilot programs, and advocating for the ethical implementation of digital ID, ID2020 is strengthening social and economic development globally. Alliance partners are committed to a future in which all of the world’s seven billion people can fully exercise their basic human rights, while ensuring data remains private and in the hands of the individual. www.id2020.org
The Sovrin Foundation (“Sovrin”) Board of Trustees and Trust over IP Foundation (“ToIP”) Steering Committee are pleased to announce that they have signed a Letter Agreement (dated March 18, 2021). This agreement signifies the commitment of both organizations to mutual cooperation and recognition for each other’s mandates. Sovrin and ToIP intend to work together toward advancing the infrastructure and governance required for digital trust and digital identity ecosystems.
“By signing this Letter Agreement, Sovrin and ToIP are excited to take a step further to support the need and importance of our separate but interrelated mandates to benefit people and organizations across all social and economic sectors through secure digital identity ecosystems based on verifiable credentials and SSI,” said Chris Raczkowski, Chairman of Board of Trustees, Sovrin Foundation.
Under the agreement, each organization will assign one member to act as a liaison to coordinate and maintain lines of communication, attend plenary sessions, and provide periodic updates to the Sovrin Board of Trustees and ToIP Steering Committee. They will also seek opportunities proactively to exchange information, participate in discussions of shared interest, promote the value of each other’s work through joint announcements and media products, as well as collaborate to achieve their respective mandates.
Sovrin and ToIP both operate in a manner that respects open licensing, open source code and open standards. The organizations agree that their open, public materials will be available for reference (with attribution) by the other.
“ToIP and Sovrin each offer something unique to the market. Our members already collaborate together informally on many topics. Signing this agreement makes our work together more visible and open. It will create new opportunities to collaborate on challenges that affect every layer of our trust model,” said John Jordan, Executive Director of Trust over IP Foundation. “By working together, we want to help solve interoperability problems more quickly and support the adoption of digital trust ecosystems more widely.””
If you have any questions or suggestions, please contact email@example.com or firstname.lastname@example.org
To view the text of the agreement, please find it here.
About Sovrin Foundation
The Sovrin Foundation is a non-profit social enterprise which acts as the administrator and governance authority for public available SSI infrastructure, as well as supporting interoperability digital identity ecosystems that adhere to the Principles of SSI. Sovrin’s activities aim to serve the common good of providing secure, privacy-respecting digital identity for all, including individuals, organizations and things.
About Trust over IP Foundation
Launched in 2020, the Trust over IP Foundation is an independent project hosted by the Linux Foundation. Its members include over 200 leading companies, organizations and individual contributors sharing expertise and collaborating to define standard specifications to advance a secure trust layer for the digital world. Through this collaborative effort, the Trust over IP Foundation aims to define a complete architecture for Internet-scale digital trust that combines cryptographic trust at the machine layer with human trust at the business, legal, and social layers. For more information, please visit us at trustoverip.org
Digital health passes — often mischaracterized as “vaccine passports” in the popular press — are making headlines as a key component in the drive to restore global travel and restart the global economy after the massive impact of the COVID-19 pandemic.
Enabling individuals to receive and selectively share proof-of-test, proof-of-vaccination, and proof-of-recovery with the highest standards for security, privacy and data protection will allow destination countries and travel systems worldwide to accept credentials from multiple market vendors. But concerns related to equity and access can only be addressed if these health pass implementations are designed to be interoperable.
As the leading global consortium for interoperable digital trust infrastructure, the ToIP Foundation has partnered with the Good Health Pass Collaborative – a project of ID2020 – to host a new Working Group focused on the core issues of interoperability, privacy, and equity for digital health passes. The Interoperability Working Group for Good Health Pass consists of nine drafting groups, each focused on a specific interoperability challenge as defined in the Interoperability Blueprint Outline.
“The Good Health Pass Collaborative is bringing people together to solve a set of problems that affect the entire world,” said John Jordan, executive director of the ToIP Foundation. “This ambitious effort uniquely aligns with the mission of ToIP because it requires interoperable digital credentials that can be accepted and verified anywhere they are needed. Getting this right, and doing so now, will not only make it safe for people to travel again, it will open the door for new tools and services that can solve other challenging problems that also require global-scale digital trust. For these reasons, ToIP is honored to contribute to this urgent global mission by hosting the Interoperability Working Group on behalf of the Good Health Pass Collaborative.”
Each drafting group, consisting of volunteer representatives from around the world representing the health, travel, technology, and policy sectors, will first conduct an intensive 30-day sprint to develop an initial set of draft recommendations. This will be followed by a second 30 day community and public review process to develop a final set of recommendations.
“Digital health passes – If properly designed and implemented – could offer a path to safely restore domestic and international travel, resume certain aspects of public life, and restart the global economy,“ said ID2020 executive director, Dakota Gruener. “Collaboration is critical at this juncture. Our organizations share a commitment to ensuring that digital health passes are designed and implemented in ways that serve the needs of the individuals and institutions that rely on them, while simultaneously protecting core values like privacy, civil liberties, and equity. ToIP has developed a powerful set of tools and models for digital trust frameworks, and we are delighted to be partnering with them in this critically important effort.”
The nine drafting groups collaborating within the new Working Group are:
- Paper Based Credentials will define how a paper-based alternative can be created for any digital health pass so access will be available to all.
- Consistent User Experience will specify the common elements required so that individuals can easily, intuitively, and safely use digital health pass implementations.
- Standard Data Models and Elements will determine the core data items needed across all digital health pass implementations for both COVID-19 testing and vaccinations.
- Credential Formats, Signatures, and Exchange Protocols will specify the requirements for technical interoperability of Good Health Pass implementations.
- Security, Privacy, and Data Protection will define the safety requirements for Good Health Pass compliant implementations.
- Trust Registries will specify how verifiers can confirm that a digital health pass has been issued by an authorized issuer.
- Rules Engines will define how digital health pass apps can access different sources of policy information to determine what test or vaccination status is needed for a specific usage scenario.
- Identity Binding will specify the options for verifying that the holder of a digital health pass is the individual who received the test or vaccination credential.
- Governance Framework will define the overall set of policies that must be followed for an implementation to qualify as Good Health Pass compliant.
By adhering to the Good Health Pass Interoperability Blueprint that will be synthesized from the outputs of these nine drafting groups, airlines, airports, hospitality industries, international customs officials and others will be able to process visitors easily without requiring additional unnecessary steps mandated by proprietary systems. Travelers will not be confused about which credential they need for each point of verification. Moreover, since individuals will be fully in control of their own personal data in credentials in their own wallets or devices, they can be confident that their private health data is not being tracked or misused.
Interested organizations are invited to join the ToIP Foundation to participate directly in this new Working Group or in the public comment period in May. They are also encouraged to join the Good Health Pass Collaborative at ID2020 to participate in the construction, adoption, and advocacy of the Good Health Pass Interoperability Blueprint.
The Trust over IP Foundation will host a live, interactive webinar event on December 15, 2020.
Titled “Trust over IP and Government,” this event will feature a panel of industry leaders speaking to topics that include travel, healthcare, education, regulatory compliance and public-private sector collaboration.
This will be an excellent opportunity to better understand how decentralized, verifiable credentials can be used by governments across jurisdictions to simplify and improve the lives of citizens.
Two sessions of the webinar will be held to accommodate participants in various time zones globally (see poster below).
Please join us by registering for the webinar here: https://bit.ly/36I8ipL
Governments, nonprofits and private sectors across finance, health care, enterprise software and more team up with Linux Foundation to enhance universal security and privacy protocols for consumers and businesses in the digital era
The ToIP Foundation is being developed with global, pan-industry support from leading organizations with sector-specific expertise. Founding Steering members include Accenture, BrightHive, Cloudocracy, Continuum Loop, CULedger, Dhiway, esatus, Evernym, Finicity, Futurewei Technologies, IBM Security, IdRamp, Lumedic, Mastercard, MITRE, the Province of British Columbia and SICPA. Contributing members include DIDx, GLEIF, The Human Colossus Foundation, iRespond, kiva.org, Marist College, Northern Block, R3, Secours.io, TNO and University of Arkansas.
Businesses today are struggling to protect and manage digital assets and data, especially in an increasingly complex enterprise environment that includes the Internet of Things (IoT), Edge Computing, Artificial Intelligence and much more. This is compounding the already low consumer confidence in the use of personal data and is slowing innovation on opportunities like digital identity and the adoption of new services that can support humanity.
Without a global standard for how to ensure digital trust, these trends are bound to continue. The ToIP Foundation will use digital identity models that leverage interoperable digital wallets and credentials and the new W3C Verifiable Credentials standard to address these challenges and enable consumers, businesses and governments to better manage risk, improve digital trust and protect all forms of identity online.
“The ToIP Foundation has the promise to provide the digital trust layer that was missing in the original design of the Internet and to trigger a new era of human possibility,” said Jim Zemlin, executive director at the Linux Foundation. “The combination of open standards and protocols, pan-industry collaboration and our neutral governance structure will support this new category of digital identity and verifiable data exchange.”
The Linux Foundation’s open governance model enables the ToIP Foundation to advance a combination of technology and governance standards for digital trust in a neutral forum that supports pan-industry collaboration. An open governance model that can be integrated into the development of the standards for digital trust is essential where the business, legal and social guidelines for technology adoption impacts human trust and behavior.
The ToIP Foundation will initially host four Working Groups. The Technical Stack Working Group and the Governance Stack Working Group will focus on building out and hardening the Technical and Governance halves of the ToIP stack, respectively. The Utility Foundry Working Group and the Ecosystem Foundry Working Group will serve as communities of practice for projects that wish to collaborate on the development of ToIP utility networks or entire ToIP digital trust ecosystems.
The ToIP Foundation will host an all-digital launch event on May 7, 2020 at 9AM PDT that will feature a panel discussion, interoperability demonstration and live Q&A. Register now for the live event. A second event will be hosted for the APAC region.
For more information about the ToIP Foundation, please visit www.trustoverip.org
Steering Member Comments
“The internet and digital technologies are a critical part of the way we engage with each other and with organizations. Accenture has a deep commitment to developing solutions to build trust, protect privacy and put control of an individual’s data squarely in their hands. The Trust over IP (ToIP) Foundation is bringing together a powerful mix of experts and doing it at the exact right time given the urgent need to encourage greater adoption and increase trust in data privacy and ownership,” said Christine Leong, managing director, global lead for Decentralized Identity & Biometrics at Accenture.
“Now, perhaps more than ever, networks of public and private sector organizations know the value that can be created by collaborating with one another around their combined data to create novel insights and better align their work. But they also want to collaborate in the most responsible way possible. The work of the Trust over IP Foundation will radically strengthen the infrastructure of responsible data sharing by establishing a global standard for digital trust—ensuring that the very way that data is exchanged and verified creates a much-needed layer of security, privacy and trust. BrightHive is excited by the promise of this standard, and proud to partner with the other members to help see it realized,” said Matt Gee, CEO, BrightHive.
“Trust is the foundational element of all relationships between government, organizations, and each of us as individuals. Trust at Internet-scale, serves our greater global community and is best accomplished by communities of trust ecosystems. The Trust Over IP Foundation is the next stage of enabling this journey globally. The paradigm-shifting model of decentralized, person-centric identity is likely one of the most important breakthroughs in data privacy, cyber security and unlocking business value in many years. Cloudocracy seeks to facilitate coalitions of government, supply-chains and individuals to embark on journeys to establish value-based trust ecosystems towards achieving highly secure and empowered private ecosystems and the public-private ‘Internet of Value.’ The global shift will go beyond enabling government and organizations to reduce costs, complexity and add value but will also help steer to a better compass heading in protecting individual data privacy, health and biometric information, while also reducing risks and economic impacts of cyber security data breaches,” said Will Groah, executive director, Cloudocracy.
“The leaders we work with know that trust on the Internet isn’t working. They want to start building deep trust with their customers and partners. Our clients are investing, as are we, in the Trust Over IP Foundation. We all want to make sure we are involved in building the digital trust layer that the Internet needs. The technology works – now it is about building business cases and governance,” said Darrell O’Donnell, president and CEO, Continuum Loop.
“The credit union movement is based on the idea that trusted interactions between people connected by a common bond are the best interactions. A self-sovereign, secure, trusted identity, like MemberPass, is essential in the world ahead, and CULedger is paving the way for credit unions and financial cooperatives worldwide to pioneer this important effort and bring this frictionless digital experience to more than 270 million credit union members. The work developed out of the Trust over IP Foundation will be the cornerstone to facilitate these trusted interactions in the new digital age. We are excited about the opportunity to be working with other leading organizations in support of this effort,” said John Ainsworth, president/CEO, CULedger.
“Dhiway is happy to join the Trust over IP (ToIP) Foundation as one of the founding members. Our strategic initiatives are designed to bring a higher degree of assurance to the exchange of data between peers, over the Internet and other digital networks. Our participation is aligned with our vision to make the world more transparent and trusted, using digital frameworks that can be universally referenced, understood and consumed. We intend to contribute our knowledge and expertise to support the ToIP foundation in its mission to build an interoperable architecture for Internet-scale digital trust – empowering a growing ecosystem of companies and communities to exercise control over their digital assets. It’s encouraging to see the open collaboration that has led to the formation of this Foundation, and we are humbled and thrilled to be a part of this pioneering effort,” said Satish Mohan, Founder & CTO, Dhiway.
“On our mission of enforcing information security, strong trust relationships are essential. We need them to be equally strong in the real world and online. The Trust over IP Foundation facilitates easy composition, ramp-up and maintenance of digital trust components. Conveying real-world trust online is ultimately possible at flexibility and scale. esatus enterprise solutions employ digital trust components already, making next-gen security and privacy available to its customers today. Being a founding member of the Trust over IP Foundation is a natural fit,” said Dr. André Kudra, CIO at esatus AG.
“Evernym believes the only way to truly solve the avalanche of trust problems on the Internet is with an open standard and open governance model that is as universal as the TCP/IP stack that created the Internet itself. We have helped build the architecture of the ToIP stack layer by layer for the past three years, including the W3C Verifiable Credentials and Decentralized Identifiers standards that are at the heart of this new model, because we believe it will unlock a new explosion of value for every person, business, community and government using digital communications. We are thrilled to help stand up the ToIP Foundation at the Linux Foundation and hope that it attracts every company and contributor who wants to build a strong and lasting trust layer for the Internet,” said Drummond Reed, chief trust officer at Evernym and co-editor of the W3C Decentralized Identifier (DID) specification.
“The Internet has fueled incredible innovation over that past few decades. And yet it has been significantly handicapped due to a general lack of trust. As we solve the trust dilemma, we will see a rapid acceleration of innovations that will change the way we do business, connect with others and consume information and entertainment,” said Nick Thomas, president & chief scientist and innovation officer, Finicity. “Finicity looks forward to advancing digital trust standards through its participation in the Trust over IP (ToIP) Foundation.”
“In today’s digital economy, businesses and consumers need a way to be certain that data being exchanged has been sent by the rightful owner and that it will be accepted as truth by the intended recipient. Many privacy focused innovations are now being developed to solve this challenge, but there is no ‘recipe book’ for the exchange of trusted data across multiple vendor solutions,” said Dan Gisolfi, CTO, Decentralized Identity, IBM Security. “The new Trust over IP Foundation marks an evolutionary step which goes beyond standards, specs and code, with the goal of creating a community-driven playbook for establishing ‘ecosystems of trust.’ IBM believes that the next wave of innovation in identity access management will be for credential issuers and verifiers to partake in these ecosystems, where trusted relationships are built upon cryptographic proofs.”
“Formation of The ToIP Foundation will transform and improve how digital services operate. Traditional centralized identity systems are hinged to vast security vulnerabilities that are not sustainable in a growing digital economy. Centralized services for things like mufti-factor authentication or social login encumber user flow and unnecessarily expose sensitive information to third parties. Decentralized systems resolve these problems but struggle with interoperability and standards to accelerate mass adoption. The Trust Over IP Foundation will help formalize and simplify adoption of Trust as a basic digital utility for everyone. The TOIP stack provides the foundation for a new generation of digital identity services. These services will provide high security frictionless interaction that put the user in control of their personal data. Organizations will establish personal connections with employees and user communities that are immune to the vulnerabilities of centralized systems. Individuals will be able to connect with one another without exposing personal information to the mediators that regulate digital interactions today. This will help businesses move beyond complex identity security investments that erode the bottom line and slow innovation. Verifiable digital trust in a decentralized data economy will open a world of possibilities for all individuals and businesses. As a founding member of the ToIP foundation, IdRamp is committed to helping businesses build a new decentralized digital economy that will evolve organically from traditional centralized systems,” said Mike Vesey, CEO, IdRamp.
“As the first representative of the health care industry on the Steering Committee, Lumedic sees tremendous potential for the Trust over IP Foundation to contribute to health care interoperability,” said Chris Ingrao, chief operating officer of Lumedic. “In confronting the challenges raised by the COVID-19 pandemic, we’ve seen that modern technologies can make a powerful difference when paired with strong governance models. The TOIP stack ensures that the way we exchange trusted health care information meets industry needs at a global scale.”
“We are building a bridge to a world where a person’s identity can be verified immediately, safely and securely for use in the digital world – where now, more than ever, identity is essential for delivery of digital health, education and government services. This cannot be accomplished in isolation. We are collaborating and innovating with governments, technology companies, financial institutions and industry sectors to make this a reality. Our participation within the Trust over IP Foundation builds atop the groundwork we currently have in place to ensure industry standards to guarantee we all transact and interact in a secure, convenient and trusted manner,” said Charles Walton, senior vice president, Digital Identity, Mastercard.
“Advances in digital technologies and the Internet have brought great convenience to our lives. But they also present risk – the inability to verify with confidence the identity of those you are connected with leaves us vulnerable to cyberattacks, identity theft, human trafficking, and financial fraud,” said Jim Cook, vice president of Strategic Engagement and Partnerships at MITRE. “As a not-for-profit company working in the public interest with a mission to solve problems for a safer world, we at MITRE are committed to creating a digital world in which people can interact safely and with confidence. We applaud the Linux Foundation initiative to launch the Trust over IP Foundation, and we are honored to be a founding member. We believe real innovation is made possible through open partnership, collaboration and cooperation, and we look forward to contributing to a safer internet through the Trust over IP Stack project.”
The Province of British Columbia
“The Province of British Columbia sees our collective potential to enable global-scale digital trust. The Trust over IP Foundation will be a significant leap forward in establishing a standards-based way for individuals and businesses around the world to interact and transact in safe and secure ways over the Internet,” said Dave Nikolejsin, Deputy Minister of Energy, Mines and Petroleum Resources and Chair of the Board of Digital Identity and Authentication Council of Canada. “From our perspective, this work augments our foundational regulatory role in the economy. In the natural resources sector, we see the potential to empower companies to have a new digitally trusted means to demonstrate due diligence on environmental and social impacts of projects as they work with Indigenous peoples and government. The Province of British Columbia is a founding member of the Trust over IP Foundation to help promote this new era of trusted digital services that everyone can rely on.”
“For over 90 years, SICPA has partnered with governments, companies and organizations worldwide, to enable trust in banknotes, identities, products and brands. Our customers’ physical and digital lives are increasingly entwined, at work and at home, and our mission is to help shape trusted digital interactions by collaborating in enabling initiatives like the Trust over IP Foundation. Building trust at a distance and at scale is a global challenge that will form the keystone in delivering the ultimate promise of an interconnected world: to respect the rights, privacy and security of everyone online and offline,” said Kalin Nicolov, Head of Digital Currency, SICPA.
Contributing Member Comments
“The Internet lacks a digital trust layer that is not centrally controlled and managed. It is more important than ever to take control of our digital identities and data. The ToIP stack provides full control of digital identities and enables secure, privacy-preserving trust channels with verifiable data exchange. The digital trust layer of the internet. DIDx (a South African based startup) is excited to contribute and build interoperable trust ecosystems across Africa using the ToIP stack and are pleased to join the establishment of the ToIP Foundation together with the Linux Foundation,” said Lohan Spies, CEO DIDx.
“Trust is paramount within today’s digital world and we shouldn’t be afraid to challenge existing online processes for the greater good. The Trust over IP Foundation provides a neutral environment for these important conversations and will facilitate industry collaboration to create a global standard which businesses and consumers can trust. This aligns closely with GLEIF’s work to date as a not-for-profit organization which enables smarter, less costly and more reliable decisions about who to do business with. Our Global LEI System solves the problem of trust for legal entities worldwide, and we look forward to applying our expertise alongside many leading organizations within the foundation,” said Stephan Wolf, CEO, Global Legal Entity Identifier Foundation (GLEIF).
“As internet connectivity and digital services reach the world’s most vulnerable populations, it is paramount that we implement standardized, interoperable systems,” said Matthew Davie, chief strategy officer at Kiva. “The Trust over IP Foundation provides a framework to bring trust to this emerging segment of the digital economy and does so in a way that is consumer-centric and privacy-centric by design.”
The Human Colossus Foundation
“The synergistic domains of trusted identity and immutable semantics are required for organizations to integrate into a new decentralized data economy. The Human Colossus Foundation mission to implement decentralized semantics is aligned with the Trust over IP Foundation. We are proud to contribute to the collaborative projects and initiatives being launched,” said Paul Knowles, Head of the Advisory Board at The Human Colossus Foundation.
“Trust is the foundation of every ecosystem, and governance is critical to build trust. The creation of the ToIP foundation is a critical step toward both trust and governance, built on inclusion, transparency and open standards. We expect ToIP to be part of the essential glue that binds decentralized networks and identity. The disadvantaged beneficiaries we serve will likely gain from this critical step to address challenges of guardianship and disruption of traditional barriers to establishing identity,” said Scott Reid, CEO, iRespond.
“Marist College has long been on the cutting edge of technology innovation. We are excited to be a founding member of this effort to address digital trust and decentralized identity management at a time when internet transactions are a vital part of higher education and our growing digital economy,” said Michael Caputo, MS, vice president for Information Technology/CIO, Marist College.
“Northern Block is committed to empowering the mass adoption of digital verifiable credentials, which we believe won’t be possible without robust and common standards. The launch of the ToIP Foundation is the beginning of a new chapter for any organization who has been working diligently to enhance trust in life’s experiences. We look forward to supporting increasing participation in trusted ecosystems and burgeoning innovation in consumer experiences through digital trust,” said Mathieu Glaude, CEO at Northern Block.
“R3 remains committed to supporting the development of secure, trusted and privacy preserving digital identity ecosystems and our participation in the Trust over IP Foundation is a reflection of that commitment. Our customers across industries including banking, insurance health care and telecommunications all agree that identity cannot be solved in isolation. With the industry coming together under the Trust Over IP Foundation we can work on the standards that will enable interoperability and unlock new opportunities for all. Our Corda platform is designed to enable private transactions, and by incorporating the work of the ToIP Foundation, we can develop solutions uniquely suitable for self-sovereignty in the digital world,” said Abbas Ali, Head of Digital Identity at R3.
“Our past inability to deal with privacy has cost human lives, because it limits innovation that can save lives. Trust over IP gives government the verification and governance it needs, and the public gets the trust it needs now allowing innovation to save lives,” said Sgt. J. Stirling Ret., Ontario Provincial Police, Provincial SAR Coordinator.
“TNO has deep involvement in the standardization and ecosystems of self-sovereign identity, including W3C, DIF, Hyperledger, Sovrin, RWoT and IIW. Our national and international partners and customers are looking for full-stack Trust-over-IP solutions. The ToIP approach is unique, as it includes the complexities of the top ‘business’ parts of the Trust-over-IP stack, as well as the governance of all layers. We believe that ToIP provides an excellent ground to contribute and further develop this knowledge base and apply it to many projects in ‘admintech’ and other industry sectors where trust in the provenance of data is essential,” said Dr. Oskar van Deventer, senior scientist Self-Sovereign Identity, TNO.
University of Arkansas
“The Internet was built in the 1970s and 1980s to allow machine-to-machine transfer of information, but it was missing the trust layer that identifies the people, organizations, or objects running those machines. The Trust over IP (ToIP) Foundation is building the technical and governance standards to provide that missing layer, which will enable trusted, secure, peer-to-peer transfers of value. Voices from industry, governments and academia are needed to realize the vision. As an academic partner, the Blockchain Center of Excellence at the University of Arkansas is pleased to join this effort to develop open standards for a trust layer over the Internet,” said Mary Lacity, Walton Professor and Director of the Blockchain Center of Excellence at the University of Arkansas.
About the Linux Foundation
Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.
+1 415 535 8658