10H/ Introduction To Trust Over IP
Introduction to Trust Over IP
Convener: Judith Fleenor
Notes-taker(s): Charles Lehner
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Join Trust Over IP
How does the Trust Over IP foundation fit in? What kinds of work products do we create? What is the organizational structure? How do you get involved? Support us financially?
Difference from other organizations: we focus on both cryptographic interoperability at the machine layer, but also on the human accountability on the legal, business and social impact layers. We do both.
ToIP is a collaborative community.
We get together, discuss things, hash them out, argue about it. A JDF project within the Linux Foundation. Financially supported by membership. Contributors can join for free.
Collaborative community. Uses Zoom. Also uses asynchronous collaboration via Google Docs, GitHub and Slack.
Who is involved? Industry experts, and people new to Decentralized Identity.
JDF is a proto-standards development foundation within the Linux Foundation. JDF has special tracks to take something out of the JDF, for standardization - a “fast track”.
… Linux foundation provides infrastructure also…
ToIP foundation started just over a year ago - 27 founding members - but the need came way before that. See the whitepaper on the website for more history. Now has over 360 member organizations and individuals. You can join as an individual or for your member organization.
We are financially supported by our members.
When we have enough money…. We can hire… otherwise work is done by [volunteers].
Trust is not just about technology.
We’re not just the Technology over IP foundation… The tech must be trustworthy, but also the social, legal and business relationships… The ToIP Dual Stack.
We collaborate with DIF… whether at the public utility layer, exchange protocols…. This work is getting pretty solid in the world. From our point of view, so much is not done yet… but compared to a few years ago, we’ve come a long way.
We’ve noticed that even though the technology layer is starting to come together, there is a missing piece to make it all work - that’s the governance - the legal, business, social impacts that must happen - because this technology exists. We’ve realized that these things cannot be separate: you cannot design the tech without the governance… In fact, the governance leads the tech decisions.
I’m a “muggle”... want to make it simple… Stole this from Drummond…. Four layers like ground transportation…. Layer 1: Roads, highways, public utilities that have to be there in order for anyone to do transportation. Above that….
Layer 2..., Layer 3..., Layer 4...
Compare to Trust over IP…
(layer 1) Sovereign network governance framework most fully formed at, but other networks like ID Union and Check’d are working on theirs and I think Check’d is giving a presentation on theirs later today.
Above that, peer to peer protocols (layer 2)
Above that, …
(layer 4) Some examples of governance frameworks at layer 4 being worked on at ToIP and elsewhere are YOMA, GLIEIF, IATA… etc.
Yoma - organization working with UNICEF for jobs for youth - their governance framework sits in conjunction with the technology choices.
The Trust Triangle… Issuer issues certificate, puts it in the Holder’s wallet… Then some Verifier asks for some sort of proof to verify whatever it is… Think of the driver license… trying to get beer, they ask for it so you can’t get it [when you are too young]... That’s okay, in the old world, because you don’t remember everything you see on it - unless you’re Rain Man. Now you just want to give the proof “are they old enough” to the verifier. In the old model, you have to go back to the issuer to ensure trust - in the new model, you don’t have to do that.
In a governance framework, you don’t want to have to go back to every verifier to make sure it is okay… the verifier can just look at it and say yes this is a valid credential… like in the real world a credit/debit/bank card… they issued it because they are part of a governance framework. This bank gives it…. To the holder…. Then the verifier knows it is part of the governance framework and knows they can trust it… This is why governance
No integration(?) needed between the issuer and verifier.
Work products done in Working Groups… meant to create deliverables… We make things and have synergy… that’s the fun… but the work is to create deliverables.
Example: first year…. Introductory white paper being rewritten… in a collaborative process, since August… hopefully the new ones will come out soon…
Larger project: Good Health Pass Interoperability Blueprint… shows the collaborative effort… started in 2020… Good Health Pass Collaborative… realized they didn’t have the infrastructure to get it written… task forces, working groups…. So we spun off a working group, the Interoperability for Good Health Pass Working Group to help develop this - that became a 180-page paper. But governments didn’t pick it up? Doesn’t mean it wasn’t very important work…. The 120 collaborators were able to think of issues they might not have thought of otherwise.... The work, even if not immediately adopted, is making movement toward the eventual future.
Human experience group… on its third meeting… Europe-friendly time… join that.
ToIP isn’t trying to replace any of the other organizations, standards bodies, development organizations… but we are constantly collaborating with them….
Hyperledger…. Aries…. DIF… doesn’t mean we’re all about that, but we collaborate with them… If you know someone..., they can become a member as well.
Working groups…. They work across with each other…. Governance Stack and Technology Stack are not working completely separately…. Inputs and Semantics goes deep talking technical details all day…. Concepts and Terminology - creating a terms wiki - for use by any organization… to render a glossary… so two projects could list wording conflicts in the directory, when different ecosystems have different meanings for words… available for any organizations, not just ToIP WGs.
How to Join? Go to website, select membership that fits with you.
Question from Jeff O - what is frustratingly exciting about this work for you right now?
Any edge-space stuff that you are reaching towards but maybe don’t know the people…?
Judith: There is so much work to be done in all these areas… Sometimes we can get sideways on little details… then people get frustrated they don’t have time to work on it, because it’s too complex, and they are overstretched on multiple projects and tasks… People may get frustrated it’s not moving fast enough…. But at the same time too overwhelmed to do it all… Baby steps are better than no steps… We didn’t start walking by running a marathon, we stand up and fall down, stand up and fall down, then eventually can run the marathon.
Jeff O: Thank you.
Judith continues the presentation...
Levels of membership…
General Membership Level
Steering Committee Level[[File:./output/media/image20.png|624x346px]]
You don’t have to know everything about Decentralized Identity to contribute…. We need writers, designers, GitHub experts, bloggers… [you can learn about decentralized identity through this]…. We also need experts in governance frameworks.
… If you like to get into terminology, mental models, there is a working group for that.
… Human experience… may have several task forces coming up…
… For people who want to join, meet people, and enjoy collaborating.
General Membership Level - if you want to show support, get recognized for building the movement, financially. Logo placement. Fees based on size of organization. Must be a member of the Linux foundation.
Steering Committee…. For organizations that want to be a part of the strategic direction… they have the ability to become voting members of the Trust Over IP Foundation…. If you are interested in this, reach out to me firstname.lastname@example.org and we can discuss it further.
Jeff O: What’s the stickiest stuff… if you were to tell someone in a minute the “cool factor”... what would you say?.... Great technological concepts in play and underway…. If they are technologically inclined… what’s your best one or two lines for someone interested?
Judith: One ecosystem is called Yoma(?). They are working on a marketplace for youth in Africa… The big problem is that they can go to school, get education, but they when going to get a job, they’re asked “where is your experience?” - So this marketplace… people could put things on it like “I need a designer to do XYZ…” then youth can apply do the work and they get credits that show they have this experience in the marketplace… An example of a good use for Verifiable Credentials solving a need in the world.
… Another project…out of Luxemburg… Product Circularity Data Sheet(PCDS)… What’s actually in various goods… so when it comes time to recycle… the recycler would know how to process it… Our General Member GS1 might be able to assist them.... The more they start to look at their PCDS module they are seeing… we need to be able to do it in a decentralized way. They came to collaborate with with our industry experts.
Darrell is the chair of our Technology Stack…. Led a session yesterday… Interoperability not really there yet…. The sticking point…
Phil: The reason I came to this session is I’m still trying to figure out where I need to be… I have at least 2000 unread emails from Heather’s group in the CCG… many from ToIP… please don’t take it personally… I know that GS1 collectively… my colleagues… we know we need to engage more… but we can’t be everywhere at once, and we need to work out where we need to be… Heather has good lines about why I should be in the CCG…. You mentioned the Circular Economy…. Yeah, and hundreds of others…. How does anyone navigate this space? Come to IIW... I don’t know the answer.
Judith: ToIP isn’t trying to displace other organizations… we want to be a collaborator that pulls other organizations in, and works across silos…. I think we have to bring ourselves back down a bit and work across silos at the thinking level… Let’s get a call in the next couple weeks… I think the PCDS people… would be good for you to know about…
Heather: I came here because… there are lots of different groups… My attitude and personality… my role in CCG… I’m in the CCG world, but I got the role because I was annoyed by the way things were being done, and decided to be the change I wanted to see… so please don’t think I’m some W3C tool… I don’t think I’m particularly well-liked there… But my goal is to increase diversity and inclusion there…. I tend to be blunt, please don’t be offended… There are a lot of groups…. DIF said they would do protocols(?).... Now there’s the European ones…. Ah! And we can’t seem to work together. On an individual perspective… On logistics… I hang out with the supply chain folks, because I’m interested in supply chain tracking stuff, and have done research… no wonder the community is confused… Then there’s IETF… and ISO - mobile driver license. Ah! What I’ve learned in my time as a co-chair is that there will be drama… that’s just part-and-parcel with it, because of business… Honestly I don’t understand what ToIP does… I’m super fine with collaborative stuff… I’ve invited… I just don’t know what the solution is… My role is … I limit my hour engagement…. Another thing is that organizations don’t want to fund this connector work…. But they will fund a startup that’s going to go bust in 2 years… I’d love to be part of the solution… I’m a co-chair at W3C CCG now, not forever… for some very specific things.
Judith: I’m sorry, I was just about to tell you to watch the recording that says where ToIP fits in, but for some reason it wasn’t recording… Maybe I will do it a second time… Let’s see how good I did explaining it… Can someone on the call repeat what I said on where ToIP fits in with regards to all these organizations?
Timothy: Is there a document with links?
… Question about provenance… What people do in the artificial world of companies… legal groups of people… corporation as a group of persons… global(?) infrastructure… made by mankind… a whole bunch of people who work on things for different reasons - not all necessarily paid… Open standards… How does ToIP support provenance? History of this work... With standards bodies… patent protection…. Intellectual property… permission to use others’ prior art… The combination of those two things… what’s the position of ToIP… what are the issues?
Judith: I don’t know if this really answers your question, but going back to this slide about the organizational structure of ToIP… It’s a JDF project… You sign membership agreements… You can join as a collaborator for free… but you still have to join the ToIP Foundation…. By joining it, you are then signing the legal documents with regards to IPR. Everything done at ToIP currently picked Apache(2.0)? And Creative Commons 4.0... So you are working in an open standards, open software environment… The other piece is that you are not just giving things away, it protects you… Anything you contribute… who picks it up is picking it up at their own risk… They can’t come back to you and say this piece of software doesn’t work and sue you… This is part of why ToIP went to the Linux Foundation / JDF… It provides the legal structure for the foundation… You can join for free, sign the member agreement…
Timothy: In the literature about the history of verifiable claims, I’ve just posted about the history that predates the IIW of 2020, so people can evaluate ToIP as a trustworthy infrastructure…. Rule of law… How is the provenance of what you are bringing together… Integrity?
Judith: I don’t think we’ve had a chance to read those links yet…
Phil: You’re right, Timothy, whatever tech you lay out someone will say “I did it before you”.... That’s the space we’re in… Tim Lee Barnes has been held up in court… all the time… The number of people who think they invented the internet, you would not believe. There are patents on the most numskull stuff you would not believe…. What any SDO has to navigate… Judith is right to highlight… Usually you have a separate IPR agreement for each WG… But when you join you are subject to some rules… It’s designed so that at the end the standard is the best possible - either IP-free, or specific terms you want. People outside the group have no control of that.
… That’s not saying anything about GS1…
I’m in https://www.visitportdouglasdaintree.com/ Australia ;)
Drummond Reed To Everyone
There’s going to be a session on the Future of Governance today that will cover the Cheqd governance framework
Jeff O To Everyone
Opportunity to Assist: The Human Experience Workshop @ ToIP
Judith Fleenor (Trust Over IP) To Everyone
Drummond Reed To Everyone
You need to be here Phil!!
Heather Vescent To Everyone
Hah! Same! There are too many groups.
Phil Archer (GS1 Global) To Everyone
?? I've only heard respect, heather
Heather Vescent To Everyone
Judith, IDK, maybe we can have you also present at the CCG sometime.
Me To Everyone
Phil Archer (GS1 Global) To Everyone
One of my old links: Sep 2014 https://docs.google.com/drawings/d/1oUsSlPEh8erOdkQJCLzFHBaqp7AYOJCqDw82YrCg9f4/edit
Some of Manu’s Old Credentials Docs Links
OCT 2016 IIW (IIW 23)