Share on facebook
Share on twitter
Share on linkedin

Closing the Digital Trust Gap During COVID-19

Along with the rest of the decentralized identity community, Trinsic celebrated the recent launch of the Trust over IP (ToIP) Foundation. This cross-sector coalition, housed under the Linux Foundation, will help define “a complete architecture for internet-scale digital trust that combines both cryptographic trust at the machine layer and human trust at the business, legal, and social layers.”

 

Although already obvious, COVID-19 and the impact of traditionally in-person activities becoming virtual ones (e.g., schools and doctor visits) have brought increasing attention to the fact that we lack an infrastructure for trust online. The ToIP Foundation’s mission is to fix that.

 

One of the individuals that helped kickstart the idea of the ToIP Foundation is John Jordan, Executive Director of the BC Digital Trust Service. In fact, John is the person that created the phrase “Trust over IP”.

 

We reached out to John to get his unique perspective on the ToIP Foundation and how it can be a resource for those building decentralized identity solutions to mitigate the effects of COVID-19.

It’s great to talk with you. First, can you tell us a little bit about your experience in the decentralized identity space?

John Jordan: Sure, I am the Executive Director of the BC Digital Trust Service, having more than 25 years of experience in both the private and public sectors as a product executive and technology strategist.

 

I am currently leading the Province of British Columbia’s participation in the establishment of a trust layer for the internet. This includes leading teams who have been making significant contributions to the open source Hyperledger Aries and Indy projects since the Fall of 2017. The Province of British Columbia operates OrgBook BC, a key part of the Verifiable Organizations Network which is the world’s first public sector production service using Hyperledger Indy and Aries.

Can you give us a quick introduction to the Trust over IP (ToIP) Foundation? Why was it formed? Where did the term “Trust over IP” come from?

The Trust over IP Foundation mission is provide a robust, common framework that gives people and businesses the confidence that data is coming from a trusted source, allowing them to connect, interact, and innovate at a speed and scale not possible today.

 

I think a key motivation for the establishment of the ToIP Foundation is to facilitate planet-wide digital trust. We have no planetary-scale approach to be certain the data we are using to make decisions is trustworthy. Without this capability, our citizens are at risk as they work, live, and play on the internet. Further, our businesses are frustrated as they struggle to meet regulatory, environmental, social, and governance responsibilities.

 

We coined the term “Trust over IP” for several reasons. The first of which was we realized the work we were doing in the decentralized identity space was able to cover much more than just identity—in fact it was everything you needed to achieve digital trust and verifiable data exchange online.

 

Second, we wanted a term that captured the simple mental model we all have about how we establish trust in the real world today. We use universal ceremonies like handshakes—or at least we did until recently—and we use credentials in our wallets to prove things about ourselves. We just needed a way to move all of that online—just like the “Voice over IP” protocol was a way to take voice communications and do them over a digital network.

 

Finally, we wanted a clear parallel between the Trust over IP stack and the TCP/IP stack—the protocol stack that gave us the internet. TCP/IP gave us a way for any two machines to establish connections and exchange data. But the TCP/IP stack didn’t include a trust layer, and we have been dealing with the consequences of that gap ever since. So now we need a standard protocol stack for establishing trusted relationships and exchanging digital credentials between people and organizations just like we use TCP/IP for connecting our machines.

How will the ToIP Foundation’s work accelerate adoption of decentralized identity?

A primary goal of the ToIP Foundation is to “grow the tent”. We saw that there was a need to create a space where business, policy, and program folks could come together, learn from each other, share insights, and build out a common model which encompassed the human aspects of building trust. This is the governance work the Foundation will carry out. When this work is paired with the good work underway on the technology side of the house, then we have a chance at planet-wide, inclusive forms of digital trust.

How does the ToIP Foundation ‘fit’ with all of the other organizations working in the digital identity space? (e.g., DIF, W3C, Sovrin Foundation, etc.)

I think the answer to this question is really the same as the previous question. The unique value proposition of the ToIP Foundation is the open space that it is creating for folks that may have previously not have felt they had a voice in the more technology-centric communities.

Who should get involved with the ToIP Foundation? Why did the Government of British Columbia choose to be a Founding Member?

I think any person or organization that would like to help shape the future of how we establish trustworthy, enduring digital relationships with their citizens, customers, friends, and family should consider themselves welcome at the ToIP Foundation. If there isn’t work underway in an area you think is important, then please put forward a proposal to establish a Working Group and build an open community around it!

The Province of British Columbia is a leader in delivering digital services to its residents, and we see this as a great fit to continue that tradition. We hope we can build on this tradition of service to British Columbians by paving the way towards privacy respecting and personal choice respecting digital services. We know British Columbians need ways to work, live, and play on the internet that afford them the same kinds of protections they enjoy in their in-person lives.

The effects of COVID-19 have shined a spotlight on our current inability to establish digital trust. Do you think the ToIP Foundation can be a resource for those building decentralized identity solutions to mitigate the effects of COVID-19? How so?

Absolutely. The need to provide services at a distance in all aspects of our lives is currently hampered by the lack of a trust layer for the internet. This public health crisis shows how big this gap is. We hope that by having a coherent framework—the Trust over IP Stack—to frame how we close this trust gap, we will get to a safe and privacy respecting internet sooner.

During the kickoff event for the ToIP Foundation, you showcased a COVID-19 concept prototype which the Trinsic team had the pleasure of working with you on. Could you describe what that prototype showcased?

This was a concept prototype we put together to demonstrate the power of Trust over IP enabled services. The SafeEntryBC prototype is a conceptual model describing a set of tools that might help us explore ways to help citizens and the economy of BC as we transition from our current state to “the new normal”. A successful transition requires that as citizens move around more, they can be as safe as possible. In many places that will mean knowing more about other people with whom they are interacting, particularly service providers that are entering controlled-access facilities.

Out of all the potential concept prototypes you could have shown, why did you choose to show the SafeEntryBC concept? How does that concept exemplify what’s possible with the ToIP stack?

What this concept prototype has been very useful at demonstrating is how a suite of separate services, each independently governed and operated, can empower a person to do their essential services work and give facility operators some assurance they are letting in the right people. This is accomplished by giving the essential service worker verifiable credentials from trusted services which they can then use to gain entry to facilities without any technical integrations. Further, they can do this without having to reveal all kinds of personal information to the facility if that is not needed. We were able to assemble this demonstration including six issuers and several verifiers in a matter of four to five days with two people. Trinsic was able to add an issuer of their own in a very short time frame as well, so we could demonstrate interoperability in several different ways.

 

[end of interview]

Try the SafeEntryBC concept prototype yourself or just learn more about it by visiting this post. Let us know what you think!

Establishing digital trust on the internet is more pertinent than ever. As a Founding Contributor Member of the ToIP Foundation, Trinsic is excited to be a ToIP solution provider. If you are working on a verifiable credentials solution to mitigate the effects of COVID-19, we have made some of our paid plans free to help you get started. Contact us to learn more or start building at https://studio.trinsic.id/.