Today, Northern Block and 28 other founding member organizations launched the Trust over IP Foundation, a new project hosted by the Linux Foundation to enable the trustworthy exchange and verification of data between any two parties on the Internet.
The ToIP Foundation’s mission is to provide a robust, common standard that gives people and businesses the confidence that data is coming from a trusted source, allowing them to connect, interact, and innovate at a speed and scale not possible today.
The ToIP Foundation is being developed with global, pan-industry support from leading organizations with sector-specific expertise. Key contributors include Accenture, Cloudocracy, Continuum Loop, CULedger, esatus AG, IBM Security, IdRamp, Kiva.org, Lumedic, Mastercard, MITRE, and the Province of British Columbia. The Linux Foundation was chosen to host the Trust over IP Foundation due to its legacy of fostering open-source collaboration and innovation for some of the largest projects in the world.
What Challenge Does It Answer?
Businesses today are struggling to protect and manage digital assets and data, especially in an increasingly complex enterprise environment that includes the Internet of Things (IoT), Edge Computing, Artificial Intelligence and much more. This is compounding the already low consumer confidence in the use of personal data and is slowing innovation on opportunities like digital identity and the adoption of new services that can support our daily, hyper-connected lives.
Without a global standard for how to ensure digital trust between any two peers — just like the Internet’s TCP/IP standards ensures a network connection between any two peers — these trends are bound to continue. The ToIP Foundation will use the new W3C Verifiable Credentials and Decentralized Identifiers (DID) standards to leverage interoperable digital wallets and credentials to address these challenges and enable consumers, businesses and governments to better manage risk, improve digital trust and protect all forms of identity online.
Which Privacy Acts Does the ToIP Stack Comply With?
The ToIP stack has incorporated Privacy by Design from the ground up. This means that it can be used to implement solutions compliant with all major global data protection regulations, including the EU General Data Protection Regulation (GDPR), the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), or the California Consumer Privacy Act (CCPA). It can also be used to meet strict privacy and security protection regulations such as the U.S. Health Insurance Portability and Accountability Act (HIPAA).
What Does the ToIP Stack Look Like?
The “Trust over IP Stack” combines technical interoperability with policy interoperability to create a complete digital trust architecture:
For an overview of verifiable credentials, an important part of the stack, see our explainer video on it.
Trust over IP defines an Internet-scale solution for creating and maintaining trusted relationships between any two peers on the Internet: people, organizations and connected things.
The unique “dual stack” design — combining the ToIP Governance Stack for human trust and the ToIP Technology Stack for technical trust — is a complete architecture for Internet-scale digital trust because it combines both cryptographic trust at the machine layer and human trust at the business, legal, and social layers.
This enables the ToIP stack to address key problems experienced by every enterprise engaged in digital communications and commerce today: password fatigue, form fatigue, customer onboarding, KYC, secure messaging, data portability, business process automation, privacy management, supply chain provenance, GDPR compliance — almost everything a Chief Security Officer, Chief Privacy Officer, and Chief Compliance Officer are looking for.
Has COVID Accelerated the Need for a ToIP Stack?
COVID-19 has become a clarion call for the need for digital credentials for many different use cases: doctors’ and nurses’ passports, immunity certificates, essential worker credentials, deep cleaning credentials. For these digital credentials to be interoperable both at a technical level and a policy level is a crystal clear example of why we need the ToIP stack.
In response to multiple calls to action within the identity community, Northern Block joined the COVID Credentials Initiative (CCI), a global movement to deploy Verifiable Credential (VC) solutions aimed at mitigating the further spread of COVID, while enabling global societies to return to normal in a controlled, measurable, and most importantly, privacy-preserving way.
This crisis is a perfect example of why digital trust infrastructure is needed to establish confidence at both ends of the interaction. Each party needs to be confident that the party at the other end is who they say they are in order to trust the business they will transact. If people don’t trust it, they won’t use it. That’s the measure by which new technologies succeed or fail.
It was a straightforward decision for Northern Block to join the ToIP Foundation as a contributor.
“Northern Block is committed to empowering the mass adoption of digital verifiable credentials, which we believe won’t be possible without robust and common standards. The launch of the ToIP Foundation is the beginning of a new chapter for any organization who has been working diligently to enhance trust in life’s experiences. We look forward to supporting increasing participation in trusted ecosystems and burgeoning innovation in consumer experiences through digital trust,” said Mathieu Glaude, CEO at Northern Block.
Learn more by attending the virtual kick-off events
To learn more and discover how you can get involved in the Trust over IP Foundation, join the Linux Foundation for one of two virtual launch events:
- Session A: 8–9:30am PT, Thursday, May 7 (4–5:30pm London). Register here.
- Session B: 6–7:30pm PT, Thursday, May 7 (11am-12:30pm Sydney, Friday, May 8). Register here.