Credential/Identity information governance as per ToIP Layer 3 / Governance Stack
The 3rd layer of the ToIP focuses on the credential/identity governance frameworks needed to implement trust between holders, issuers and verifiers. Trust in this context relates to the specific legitimation of actors based upon digital credentials/identity to fulfil a role or a particular task. Trust is also understood as transitive trust[1]. This means that issuers (i. e. universities) as sources of credentials, holders (i. e. students) as requesters and verifiers (i. e. public libraries) following specific policies to verify authenticity and validity of credentials contribute to establish a relational, directional and contextual reliability basis as committed followers of specific rules and policies.
Credential/identity governance frameworks refer to the rules, policies, standards and practices that coordinate and shape credentials/identity trust in the global cyberspace. Digital credentials/ identity issuing and usage in cyberspace are not restricted by the traditional territorial national institutions, even if national policies play an important role in digital credentials/ identity.
Independently of the national territory, the involved actors should have all the information needed to make decisions based on the verifiable credentials proofs they are presented. Verifiable credentials[2] are issued by organisations (such as universities or governments) or individuals (both understood as issuers) to holders (entities, students registering at a university, for example) enabling them to fulfil a role or a task.
On top of the established transitive trust a governing authority ensures that the credentials are trusted by a large population of verifiers by developing and publishing the governance framework that documents the consensual rules and policies to achieve mutual trust objectives. This means that a governing authority facilitates the scaling of trust of verifiers. In the GEANT context, GEANT, as experienced and globally trusted operating authority in the education and research world would be the most suitable candidate to play this role. In any case, GEANT would not be a lonely governing authority, but one among many, since any set of stakeholders can potentially become a governing authority in the ToIP model.
Transformative aspects
In the current GEANT federated system, trust (reliability based on following specific rules and policies) is mediated between domains using servers. All parties must be integrated with that server. Whoever controls this server must be trusted by all the parties to the interaction.
In contrast, in the ToIP model, information governance frameworks (business, legal, and technical policies and rules under which the credentials/identity operate) rely in a peer-to-peer polycentric trust order - without intermediaries or server integration - that requires transnational cooperation amongst diverse actors such as online service providers, users, governments, international organizations, etc. Every peer conforms trust relationships directly with every other peer and determines its own policies for trusting another peer. The participating actors in ToIP will be much more diverse than in the GEANT federated system. Their interests will also be different to those restricted to education and research in the current GEANT global environment. Confidentiality and Data Privacy protection policies and rules may also differ among the actors in this diversified environment.
At the 3rd ToIP layer a Trust Task Protocol intended to communicate private data supports Confidentiality and Privacy[3]. The number of trust tasks protocols (such as human authentication, exchange of verifiable credentials, etc.) depends on the applications available in the 4th ToIP layer where users get directly “in touch” with the ToIP. The requirements necessary in the ToIP[4] base upon the use of persistent, discoverable, cryptographically verifiable identifiers for all parties and documents governing a digital trust ecosystem.
This aspect leads to another important transformative topic: the knowledge required from the involved actors. For example, the holders are required to manage themselves the verifying credentials which means among other things to know what is a verifiable credential, where are they stored and protected and what are their responsibilities for example regarding updates in the ToIP environment.
Moreover, the locus of governance power also changes in the ToIP model. Decentralized digital identities base upon a mutual verification of both parties in a connection (i. e. universities and researchers). The verifiable data registry is the locus of trust in this digital relation. This registry stores decentralized identifiers (DIDs), public keys and other cryptographic data registered by issuers enabling the identification of legitimate parties to trust. The power over building trust in distributed identities environments very much depend on those who own and rule the verifiable data registries. In the case of the education and research world, the universities and research organisations would play this role with an increasing powerful position.
Opportunities
The use of persistent, discoverable, cryptographically verifiable identifiers for all parties and documents governing a digital trust ecosystem might make it easier to bring together technology and the information governance framework within a digital trust ecosystem. For example:
- A verifiable credential issued by a university within the ecosystem can include a claim asserting the Decentralized Identifiers (DID) of the authoritative governance framework (i. e. from GEANT).
- A verifiable credential could include the DID of one or more trust registries (i. universities) to verify that the DID of the credential issuer is authorized to issue that particular type of credential under GEANT’s governance framework.
Risks
The transformative aspect mentioned above regarding the increasing request of knowledge and information in the ToIP environment may lead to blind acceptance of credentials or ignoring rules and even rejecting usage. Holders for example may feel overwhelmed by the information they need to know for managing their credentials.
Moreover, universities, due to their increasing powerful position in the ToIP environment mentioned above, could request an issuance price for high demanded credentials.
[1] https://trustoverip.org/wp-content/uploads/Introduction-to-ToIP-V2.0-2021-11-17.pdf Accessed 5.01.24.
[2] Based upon W3C data model v1.1, a verifiable credential is a set of tamper-evident claims and metadata that cryptographically prove who issued it. S.: https://www.w3.org/TR/vc-data-model Accessed 4.01.24.
[3] https://trustoverip.org/wp-content/uploads/ToIP-Technical-Architecture-Specification-V1.0-PR1-2022-11-14.pdf (P. 18). Accessed 5.01.24
[4] (primary document that must be assigned a DID and be retrievable via a DID URL, other documents which also need a DID URLs, versioning of DID URLs and documents, identification of all the governing parties, governing as well as administering authorities with DIDs) s.: https://trustoverip.org/wp-content/uploads/ToIP-Governance-Architecture-Specification-V1.0-2022-12-21.pdf Accessed 5.01.24