The Trust Over IP (ToIP) Foundation today announced the release of its first two official specifications for ToIP-compliant governance frameworks (aka trust frameworks):
- The ToIP Governance Architecture Specification V1.0 (PDF).
- The ToIP Governance Metamodel Specification V1.0 (PDF).
Produced by the ToIP Governance Stack Working Group (GSWG), these two specifications together with the ToIP Governance Metamodel Specification Companion Guide V1.0 are tools that CIOs, CISOs, Chief Privacy Officers, trust architects, and other policymakers can begin using immediately to construct a governance framework for any of the four ToIP layers of decentralized digital trust infrastructure.
“In our first 18 months the GSWG has produced 11 deliverables,” said GSWG co-chair Scott Perry, Principal of the Crypto and Digital Trust Services practice at Schellman, a leading global provider of attestation, compliance, and certification services. “These are the first two official ToIP specifications that define what a governance framework must include to comply with the ToIP model.”
These specifications and the Companion Guide have already been used to craft the first governance frameworks for ToIP-based digital trust ecosystems. “When the Yoma (Youth Agency Marketplace) project needed decentralized governance, starting with the ToIP governance model saved us months of time,” said Lohan Spies, CTO of Yoma. “It also helped us produce a governance framework in which all the major stakeholders—Yoma, Generation Unlimited, GIZ, youth, service providers, donors, developers—had confidence.”
These three deliverables are also the first from ToIP to incorporate terms from the ToIP Foundation’s cross-industry glossary development project. “The subjects of digital identity and trust are extremely challenging to discuss with great clarity,” said Drummond Reed, who co-chairs both the GSWG and the ToIP Concepts and Terminology Working Group (CTWG). “These deliverables use the CTWG terms wiki and glossary development tools to link together terms curated by experts in each relevant domain.”
About the Governance Half of the ToIP Stack
The mission of the ToIP Foundation is to define a complete architecture for Internet-scale digital trust that combines cryptographic assurance at the machine layer with human accountability at the business, legal, and social layers. This four-layer architecture is referred to as the ToIP stack, summarized in this diagram (and in this interactive model):
This diagram highlights that the ToIP stack is fundamentally composed of two halves:
- The technology stack defines the technical standards and protocols needed to establish interoperable technical trust (aka cryptographic trust) at each of the four layers.
- The governance stack defines the requirements for governance frameworks (aka trust frameworks) to specify the policies and rules the members of a community need to follow to achieve institutional trust (aka human trust) at each of the four layers.
The central premise of the ToIP model is that neither half alone is sufficient to achieve interoperable decentralized digital trust infrastructure. You must have both halves working together.
A specific governance framework is designed for a specific layer of the ToIP stack (public utility, agent/wallet, credential, or ecosystem). However, certain interoperability requirements apply to all ToIP-compliant governance frameworks regardless of layer. The purpose of this relatively short (10 page) specification is to specify those overall requirements. It consists of five sections:
- Identification—the requirements for ToIP governance framework documents—and the parties they govern—to be identified by persistent, verifiable, globally unique decentralized identifiers (DIDs).
- Verification—the requirements for ToIP governance framework documents to be digitally signed by their governing authorities—and for all governed parties to have a means of cryptographically verifying the GF role in which they are serving using either a verifiable credential, a trust registry, or both.
- Transparency—the requirements for any publicly-available ToIP governance framework document to be published on the Web and discoverable via its DID. It also covers localization and accessibility.
- Technical Interoperability—the requirements for a ToIP governance framework to specify technical interop using the ToIP Technology Stack.
- ToIP Governance Metamodel—the requirement to comply with the ToIP Governance Metamodel Specification (below).
About the ToIP Governance Metamodel Specification V1.0 and Companion Guide
The standard structure of a ToIP-compliant governance framework—the documents it should include, and the content required or recommended in each document—were extensive enough that these were broken into a separate 13-page specification that is divided into two parts:
- Primary Document. This is the “master document” or “home page” of a ToIP governance framework. The specification covers the following 13 sections of this document:
- Terminology and Notation
- Governing Authority
- Administering Authority
- General Requirements
- Schedule of Controlled Documents
- Controlled Documents. These are subdocuments that form component “modules” of a ToIP-compliant governance framework. This modular architecture is recommended to simplify revisions and delegate policymaking to the most appropriate parties.
- Risk Assessment
- Trust Assurance and Certification
- Governance Requirements
- Business Requirements
- Technical Requirements
- Information Trust Requirements (security, privacy, confidentiality, etc.)
- Inclusion, Equitability, and Accessibility Requirements
- Legal Agreements
The GSWG also produced the ToIP Governance Metamodel Specification Companion Guide V1.0 to serve as 28-page “users manual” intended to give governance framework authors the background, context, and guidelines they need in the drafting process. It also suggests the policy areas for which the authors may want to consult subject matter experts (SMEs) within their own community and/or external professionals.
Future Specifications Coming from the GSWG
With this milestone accomplished, the next goal of the GSWG is to produce layer-specific templates for ToIP-compliant governance frameworks. These templates will specify the roles and processes, and governance best practices recommended for each of the four layers of the ToIP stack. Look for future announcements coming from the ToIP Foundation about these templates.If you have a particular interest in decentralized digital trust governance, we invite you to join the work of the ToIP Governance Stack Working Group. Please contact us via the ToIP website.