Section 1: Pre-Launch – Intro by John Jordan, Executive Director of the Trust Over IP Foundation (April 16, 2020)
Darrell: They certainly can, and we’re starting to see that right now. John and I are both pushing forward to make sure of the interoperability; that my credit union app will work with a generic wallet, that also works with the health application. We’re helping to define these requirements. The Government of BC is a founding member of a new foundation called the Trust Over IP Foundation. We’re starting to set those standards, so that we don’t have to reinvent how to ask for credentials.
A digital wallet is really great if you can put everything in it, but if you can’t ask to see something in it, it doesn’t help me. It’s just a database. You need to have an electronic way of saying, “Could I please see that prepaid visa card?”
John, perhaps you could speak a little bit about the Trust Over IP Foundation, because that’s really what that’s all about so that we don’t all have to reinvent the wheel. We can show the patterns: here’s how you get a driver’s license, here’s how you show a corporate registration, and so on. Do you want to talk about Trust Over IP, John?
John: Sure. I also wanted to provide an example, so I’m going to share my screen here.
I want to give a coming real-world example. We’re working with the Law Society in British Columbia and the BC Court Service. The challenge there, is that, as a result of a Supreme Court ruling a year ago, bail review hearings must be held every 30 days, no matter what. They were taking too long, and it was violating the constitutional rights of folks who are being held without bail. It’s going to create extra demand on the court systems, and it requires the lawyer who is representing the defendant to have access to the audio recordings that the government holds in their systems, to do the research they need. So, they need to get access to that online if they currently don’t have it, and the government only wants to provide a lawyer with that information.
How do I prove I’m a lawyer, online? Even if I have strong digital identity systems and I know your name, it doesn’t mean you’re a lawyer. Who’s the authority on who’s a lawyer? It’s the Law Society. They have a mechanism called the Practicing Certificate in Law, which they issue to a lawyer in good standing. What if we could give the Law Society the ability to issue these things digitally? That’s what we’re working with them for.
Province of BC: John Jordan
They will add us this print driver to go to their member portal.
A member can log-in and request the credential, and hold it in a wallet. For me, I’m going to show right now that I have a verified person credential, but this could be my Law Society credential. In order to gain access to the new site, I simply go to the new site and say access site — I’m going to use a credential to get in.
Province of BC: John Jordan
I’m going to scan that code, which is requesting my lawyership-ness. Here it is, I present it, and I’m in. That’s the kind of experience we’re looking for, right?
There was no integration between the Law Society and the BC court service. That’s certainly a technical option, but what happens when the next service wants to provide access to lawyers? The Land Registry, the BC services registry, the registry in Alberta; getting access to a BC lawyer. Is every service that needs to prove a lawyer going to call up the BC Law Society and integrate with it? Not very practical. If we give the lawyers something that they can carry with them and provide evidence, and it is trusted at a technical and governance level, we’re in good shape. That’s a little preview into that.
Here’s another share. We’re not going to go into this in detail, but here’s the logo for the Trust Over IP Foundation. The job of the Trust Over IP Foundation is to facilitate the global adoption of this model.
Province of BC: John Jordan
We need a way for businesses to understand what’s being offered, that there’s a clear and certain pattern that’s being followed, and a way to evaluate technical and governance solutions that are being offered to them. That’s what this stack is about.
In technology, we like to organize things so that we have the ability to evaluate things, such as the components of an overall system. That’s what this diagram is getting at. It’s a bit technical, not a nice graphic design version, but it provides the ability for somebody to evaluate the different aspects of an overall solution. What’s really important here that I’m very pleased about as we bring this to the market, is that it puts governance at an equal footing to technology. That is where we’ve fallen down with respect to the Internet. We’ve relinquished control of things, because we didn’t pay attention to the fact that whoever owns the account service, actually owns the relationship. That’s a governance failure not a technical fall down.
With each of these layers illustrated, there’s an opportunity to deploy a technical solution. There’s an opportunity to govern that solution, there’s an opportunity to define what interoperability means, and in the end, enable fast ecosystems of applications and services that can interoperate. That’s the vision. We have a number of organizations that are founding this, including the government of British Columbia, MasterCard, Kiva, Large Social Enterprise Service, IBM, Evernym (which is one of the startups in this space. In addition, we have Esatus, which is a German company specializing in information security and working closely with the government and banks there. We have dozens of other organizations that were actively engaged in discussions to launch this organization on the 5th of May. I should also say that it is a Linux foundation organization, which is really important to us. They provide world class governance for open community building.
Mathieu: That’s awesome. Thanks, John. If people want more information on this, how could they find out? or find you?
Section 2: Northern Block, Founding Member of the Trust over IP Foundation (May 5, 2020)
Today, Northern Block and 28 other founding member organizations launched the Trust over IP Foundation, a new project hosted by the Linux Foundation to enable the trustworthy exchange and verification of data between any two parties on the Internet.
The ToIP Foundation’s mission is to provide a robust, common standard that gives people and businesses the confidence that data is coming from a trusted source, allowing them to connect, interact, and innovate at a speed and scale not possible today.
The ToIP Foundation is being developed with global, pan-industry support from leading organizations with sector-specific expertise. Key contributors include Accenture, Cloudocracy, Continuum Loop, CULedger, esatus AG, IBM Security, IdRamp, Kiva.org, Lumedic, Mastercard, MITRE, and the Province of British Columbia. The Linux Foundation was chosen to host the Trust over IP Foundation due to its legacy of fostering open-source collaboration and innovation for some of the largest projects in the world.
What Challenge Does It Answer?
Businesses today are struggling to protect and manage digital assets and data, especially in an increasingly complex enterprise environment that includes the Internet of Things (IoT), Edge Computing, Artificial Intelligence and much more. This is compounding the already low consumer confidence in the use of personal data and is slowing innovation on opportunities like digital identity and the adoption of new services that can support our daily, hyper-connected lives.
Without a global standard for how to ensure digital trust between any two peers — just like the Internet’s TCP/IP standards ensures a network connection between any two peers — these trends are bound to continue. The ToIP Foundation will use the new W3C Verifiable Credentials and Decentralized Identifiers (DID) standards to leverage interoperable digital wallets and credentials to address these challenges and enable consumers, businesses and governments to better manage risk, improve digital trust and protect all forms of identity online.
Which Privacy Acts Does the ToIP Stack Comply With?
The ToIP stack has incorporated Privacy by Design from the ground up. This means that it can be used to implement solutions compliant with all major global data protection regulations, including the EU General Data Protection Regulation (GDPR), the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), or the California Consumer Privacy Act (CCPA). It can also be used to meet strict privacy and security protection regulations such as the U.S. Health Insurance Portability and Accountability Act (HIPAA).
What Does the ToIP Stack Look Like?
The “Trust over IP Stack” combines technical interoperability with policy interoperability to create a complete digital trust architecture:
For an overview of verifiable credentials, an important part of the stack, see our explainer video on it.
Trust over IP defines an Internet-scale solution for creating and maintaining trusted relationships between any two peers on the Internet: people, organizations and connected things.
The unique “dual stack” design — combining the ToIP Governance Stack for human trust and the ToIP Technology Stack for technical trust — is a complete architecture for Internet-scale digital trust because it combines both cryptographic trust at the machine layer and human trust at the business, legal, and social layers.
This enables the ToIP stack to address key problems experienced by every enterprise engaged in digital communications and commerce today: password fatigue, form fatigue, customer onboarding, KYC, secure messaging, data portability, business process automation, privacy management, supply chain provenance, GDPR compliance — almost everything a Chief Security Officer, Chief Privacy Officer, and Chief Compliance Officer are looking for.
Has COVID Accelerated the Need for a ToIP Stack?
COVID-19 has become a clarion call for the need for digital credentials for many different use cases: doctors’ and nurses’ passports, immunity certificates, essential worker credentials, deep cleaning credentials. For these digital credentials to be interoperable both at a technical level and a policy level is a crystal clear example of why we need the ToIP stack.
In response to multiple calls to action within the identity community, Northern Block joined the COVID Credentials Initiative (CCI), a global movement to deploy Verifiable Credential (VC) solutions aimed at mitigating the further spread of COVID, while enabling global societies to return to normal in a controlled, measurable, and most importantly, privacy-preserving way.
This crisis is a perfect example of why digital trust infrastructure is needed to establish confidence at both ends of the interaction. Each party needs to be confident that the party at the other end is who they say they are in order to trust the business they will transact. If people don’t trust it, they won’t use it. That’s the measure by which new technologies succeed or fail.
It was a straightforward decision for Northern Block to join the ToIP Foundation as a contributor.
Northern Block is committed to empowering the mass adoption of digital verifiable credentials, which we believe won’t be possible without robust and common standards. The launch of the ToIP Foundation is the beginning of a new chapter for any organization who has been working diligently to enhance trust in life’s experiences. We look forward to supporting increasing participation in trusted ecosystems and burgeoning innovation in consumer experiences through digital trust,” said Mathieu Glaude, CEO at Northern Block.