The highly specialized world of digital identity is opening itself to a wider audience.
Announced Tuesday, the Trust over IP (ToIP) Foundation is backed by governments, nonprofits and private-sector firms. Key players include Mastercard, IBM and the Canadian Province of British Columbia.
A vast ecosystem of public bodies and private companies, large and small, are working on establishing decentralized digital trust, using an array of technologies. The ToIP Foundation, which will live within the Linux Foundation, is a move to rein together core issues that matter to all of them, as well as creating appropriate technologies.
Drummond Reed, chief trust officer at digital identity startup Evernym, said the ToIP Foundation is about defining something as fundamental as the transport layers of the internet itself. But in this case, the technology stack is specifically for establishing trust between people and organizations rather than just between machines, as is the case with internet protocol (IP).
“ToIP is able to address problems of establishing and maintaining trust between any two parties of any kind anywhere on the internet,” said Reed.
John Jordan, executive director of British Columbia’s digital transformation arm, coined the term “Trust over IP” – a play on the “Voice over IP” technology that powers modern-day telecommunications.
Jordan, who has been working closely with the Hyperledger blockchain arm of the Linux Foundation, says the story of ToIP “isn’t really a technology story.”
“This is a story about how we help organizations, governments and people make good decisions about using technology to establish and build trustworthy relationships over the internet,” he said in an interview.
Founding Steering members include Accenture, BrightHive, Cloudocracy, Continuum Loop, CULedger, Dhiway, esatus, Evernym, Finicity, Futurewei Technologies, IBM Security, IdRamp, Lumedic, Mastercard, MITRE, the Province of British Columbia and SICPA. Contributing members include DIDx, GLEIF, The Human Colossus Foundation, iRespond, kiva.org, Marist College, Northern Block, R3, Secours.io, TNO and University of Arkansas.
For Jordan, the two core governance concerns of ToIP will be ensuring a privacy-enhancing and peer-to-peer architecture.
“Not client-server,” he said. “P2P is a respectful equal footing for both sides of the equation. As soon as we have an intermediary, our ability to evaluate the overall trust of that relationship is confounded. We also want to see that those interactions can be done in a way that is private.”
While governments like British Columbia can offer a natural cornerstone of trust to issue so-called “verifiable credentials,” the ToIP Foundation includes many trust-issuing starting points across finance, healthcare and education, said Reed.
“There has been a lot of interest regarding COVID-19-related situations, both health and back to work,” he said. “There are also several universities involved, looking at digital credentials in education which is just a huge area; it’s a whole industry.”
Mastercard has been deeply involved in work on digital identity, approaching it with a wide lens, not just on financial services, but also looking toward the delivery of digital health, education and government services.
Mastercard’s approach to digital identity is predicated upon a user-centric, distributed model, said Charles Walton, Mastercard’s senior vice president of digital identity. “Personal information sits with its rightful owner, you. It boils down to: I own my identity and I control my identity data,” he said.
This cannot be accomplished in isolation, Walton added; Mastercard’ s participation within the Trust over IP Foundation builds atop the groundwork currently in place to ensure industry standards.
Mastercard envisions a “collaborative digital ecosystem,” where “trust providers” can be organizations such as a bank, mobile network operator, university, or postal service that has a preexisting, trusted relationship with the user.
“Trust providers connect users to the ID service, enabling them to sign up, use, and manage their digital identity,” said Walton. “For financial institutions, by providing digital identity access with ID, they can extend and build an even deeper relationship in new ways. Also, if ID is embedded into a bank’s mobile application, they become a part of each interaction the user has with their digital identity. Across all areas of life — financial, travel, health, education — the bank’s brand can be a part of it, delivering even greater value and recognition.”
The need for standards was echoed by fellow ToIP member IBM.
“There is no ‘recipe book’ for the exchange of trusted data across multiple vendor solutions,” said Dan Gisolfi, CTO of the decentralized identity arm of IBM Security. “The new Trust over IP Foundation marks an evolutionary step which goes beyond standards, specs and code, with the goal of creating a community-driven playbook for establishing ‘ecosystems of trust.’”