Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Trust over IP Layers as a development model #35

Closed
cjbuchanan opened this issue Jan 21, 2021 · 2 comments
Closed

Trust over IP Layers as a development model #35

cjbuchanan opened this issue Jan 21, 2021 · 2 comments
Labels
Compliance Question

Comments

@cjbuchanan
Copy link

cjbuchanan commented Jan 21, 2021
edited
Loading

The Trust over IP Stack

Just wanted to start a discussion on the Trust over IP Stack. The stack outlines the required components for the trust ecosystem in the context of decentralized identity technologies like DID and VCs and represents a comprehensive view informed by those who have developed the underlying standards and technologies as well as companies that have been developing solutions in this space from its inception.

Here is the stack:
ext-img

As you can see each layer of the stack has both technical and governance components. In my short exposure to VCI, it appears we are primarily focused on Layer 3, and reducing governance requirements is a design goal/necessity. However, you cannot wish away governance. You can encode it or externalize it, but those choices should be made and justified by the project so that implementers are aware of those choices and a coherent implementation remains possible across multiple providers.

I would propose an ecosystem subgroup to help quickly identify and document the relevant questions at each layer for both technical and governance so that we can incorporate that into the project design documents and ensure a coherent effort across all partners.

The Trust over IP Foundation

The Trust over IP Foundation is part of the Linux Foundation and was created to address the need for some sense of orthodoxy in integrating all of the disparate technologies supporting efforts like VCI. Trust over IP is tech agnostic and neither prescribes a specific solution nor seeks to compete with standards or providers, but instead informs and advises solution developers (like VCI) in wading through all the design options. MITRE is a steering committee member for Trust over IP and I am MITRE's representative to the foundation. Feel free to reach out.

Here is some additional information on the Trust over IP Foundation and its purpose:
@jmandel
Copy link
Member

jmandel commented Jan 27, 2021

Capturing notes from phone call:

  • We agreed to add a page to the spec providing a "Trust Over IP Mapping" -- much the way that FHIR provides RIM and v2 mappings for its resources. The idea is if you're familiar with ToIP and speak that language, you can read the mapping as a primer to understand how SMART Health Cards fits into this world view
  • We recognized there's a slight risk that the mappings may get out of sync with reality, so we need to make sure folks who deeply understand both sides of the mapping can review for accuracy.

@cjbuchanan cjbuchanan mentioned this issue Feb 1, 2021
Open
@cjbuchanan
Copy link
Author

Decided.. mapping under issue #59.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Compliance Question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jmandel @cjbuchanan