Architectural Trust Model
1 |
1
Trust Support
2
Trust Spanning
3
Trust Tasks
4
Applications
Ecosystem
Technology
ToIP Model�Span of Control
Ecosystem Instance�Span of Control
Ecosystems use other standards and frameworks
Endpoint
Endpoint
Relationship
Secure�Elements
Verifiable Data Registries
Trust Registries (aka Trust Lists)
Credential Exchange
Value Exchange
Secure Messaging
Digital Signatures
Wallets & Agents
Ecosystems recognise other Ecosystems
Governance
Governing Parties
Auditors
Certification Bodies
Risk Assessment
Governance Requirements
Define
Governance Frameworks
Governed Parties
Ecosystems select and use ToIP elements
ToIP learns from Ecosystem implementations
Governance Agreements
Run
Residual Risk Assessment
$
People
Organisations
Things
Issuer
Verifier
Holder
learns
uses
uses
recognises
THE TRUST OVER IP STACK MODEL
2 |
Since we are trying to define an architecture for digital trust on the internet, we need technology…
Technology
THE NEED FOR A TECHNOLOGY STACK
3 |
Experience has taught us that for technology to be trustworthy, we need to understand how it is governed
Technology
Governance
TECHNOLOGY NEEDS TO BE GOVERNED
4 |
Elements of the ToIP Model
5 |
Using layers helps to describe how technology systems are built and we can see the need for governing each layer.
4
Applications
1�Trust�Support
2�Trust �Spanning
3�Trust�Tasks
Technology
Governance
TECHNOLOGY STACK LAYERS
6 |
Layer 4 contains system endpoints including devices and “trust diamond” participants. It reaches down the stack to engage in trusted interactions and trust tasks.
4
Applications
1�Trust�Support
2�Trust �Spanning
3�Trust�Tasks
Technology
Governance
4
Applications
Wallets & Agents
People
Organisations
Things
Issuer
Verifier
Holder
LAYER 4 - APPLICATIONS
7 |
Layer 3 focuses on the tasks that support the overall trust objectives of the application.
4
Applications
1�Trust�Support
2�Trust �Spanning
3�Trust�Tasks
Technology
Governance
3
Trust Tasks
Credential Exchange
Value Exchange
Secure Messaging
Digital Signatures
$
LAYER 3 – TRUST TASKS
8 |
Layer 2 is the layer that enables the establishment of a trusted connection between any two peers using a single standard trust spanning protocol. ��Note: This layer is to the ToIP stack what the IP layer is to the TCP/IP stack.�
4
Applications
1�Trust�Support
2�Trust �Spanning
3�Trust�Tasks
Technology
Governance
2
Trust Spanning
Endpoint
Endpoint
Relationship
LAYER 2 – TRUST SPANNING
9 |
Layer 1 contains the foundational elements to support the higher layers, to provide decentralized roots of trust that can span within and across different digital trust ecosystems).�
4
Applications
1�Trust�Support
2�Trust �Spanning
3�Trust�Tasks
Technology
Governance
1
Trust Support
Secure�Elements
Verifiable Data Registries
Trust Registries (aka Trust Lists)
LAYER 1 – TRUST SUPPORT
10 |
Governance and Accreditation
11 |
In this topic, we’ll discuss the elements of governance in the ToIP Model
4
Applications
1�Trust�Support
2�Trust �Spanning
3�Trust�Tasks
Technology
FOCUS ON GOVERNANCE
Governance
Governing Parties
Auditors
Certification Bodies
Risk Assessment
Governance Requirements
Define
Governance Frameworks
Governed Parties
Governance Agreements
Run
Residual Risk Assessment
12 |
GOVERNANCE OPERATION
Governance Requirements
Trust Assurance
Residual Risk Evaluation
Risk Assessment
Controllable risks �are evaluated �for likelihood �and impact
Selected risks are �addressed with �requirements �(MUST statements)
Certification scheme �is developed from requirements with independent evaluations �from qualified auditors
Audit reports are reviewed for framework effectiveness in mitigating risk to an acceptable level
13 |
RELATIONSHIP OF GOVERNANCE DOCUMENTS
Governance Framework
Homepage
Legal Agreements
Informational
Constitutional
Compliance
Legislative
Controlled Documents
Glossary
Governance
Framework
Primary
Document
Trust Assurance Framework
14 |
This is how the governance cycle is reflected in the model. Governance processes are drawn from technology used in stack layers.
4
Applications
1�Trust�Support
2�Trust �Spanning
3�Trust�Tasks
Technology
Define
Run
Governance
GOVERNANCE APPLICATION IN THE MODEL
15 |
Controllable risks are evaluated for likelihood and impact
Risk Assessment Worksheet Template: https://trustoverip.org/permalink/ToIP-Risk-Assessment-Worksheet-Template-V1.0-2021-08-24.xlsx
Risk Assessment Companion Guide: https://trustoverip.org/permalink/ToIP-Risk-Assessment-Companion-Guide-V1.0-2021-08-24.pdf
RISK ASSESSMENT
16 |
Selected risks are addressed with requirements (MUST statements)
Governance Architecture Specification: https://trustoverip.org/permalink/ToIP-Governance-Architecture-Specification-V1.0-2021-12-21.pdf
Governance Metamodel Specification: https://trustoverip.org/permalink/ToIP-Governance-Metamodel-Specification-V1.0-2021-12-21.pdf
Companion Guide: https://trustoverip.org/permalink/ToIP-Governance-Metamodel-Specification-Companion-Guide-V1.0-2021-12-21.pdf
Governance Framework Matrix: https://trustoverip.org/permalink/ToIP-Governance-Framework-Martix-V1.0-2021-10-19.xlsx
Companion Guide: https://trustoverip.org/permalink/ToIP-Governance-Framework-Matrix-Companion-Guide-V1.0-2021-10-19.pdf
GOVERNANCE REQUIREMENTS / GOVERNANCE FRAMEWORKS
17 |
Certification scheme is developed from requirements with independent evaluations from qualified auditors
Trust Assurance and Certification Template:
https://trustoverip.org/permalink/ToIP-Trust-Assurance-Companion-Guide-V1.0-2021-10-19.pdf
Trust Assurance Criteria Template:
https://trustoverip.org/permalink/ToIP-Trust-Criteria-Matrix-Companion-Guide-V1.0-2021-10-19.pdf
TRUST ASSURANCE
18 |
Audit reports are reviewed for conformity to the governance framework in mitigating risk to an acceptable level. Those conforming entities may appear on a Trust Registry. Non-conforming practices are assessed for risk which feeds back into the risk assessment
RESIDUAL RISK ASSESSMENT
19 |
How Ecosystems Use the Model in Practice
20 |
Ecosystem implementations will use ToIP elements and ToIP will learn from how they are used.
4
Applications
1�Trust�Support
2�Trust �Spanning
3�Trust�Tasks
Technology
Governance
Ecosystem
uses
learns
Ecosystems select and use ToIP elements
ToIP learns from Ecosystem implementations
Define
Run
TOIP INFLUENCE ON ECOSYSTEMS
21 |
Ecosystem implementations may make use of other systems in addition to ToIP.
Ecosystems may have relations with other ecosystems
4
Applications
1�Trust�Support
2�Trust �Spanning
3�Trust�Tasks
Technology
Governance
Ecosystem
uses
learns
Ecosystems select and use ToIP elements
ToIP learns from Ecosystem implementations
Define
Run
uses
Ecosystems use other standards and frameworks
recognises
Ecosystems recognise other Ecosystems
MARKETPLACE INFLUENCE ON ECOSYSTEMS
Ecosystems are impacted by claims issued and verified in other ecosystems. This contributes to technology and governance choices.
Ecosystem
Ecosystem uses
ToIP
ToIP learns from
Ecosystem 2
Ecosystem 3
Ecosystem 4
Ecosystem 5
WEB OF TRUST IMPACT ON ECOSYSTEMS
23 |
Ecosystems derive their own technology and governance requirements based on their risks and interactions with other ecosystems and standards.
4
Applications
1�Trust�Support
2�Trust �Spanning
3�Trust�Tasks
Technology
Governance
Ecosystem
uses
learns
Ecosystems select and use ToIP elements
ToIP learns from Ecosystem implementations
Define
Run
uses
Ecosystems use other standards and frameworks
recognises
Ecosystems recognise other Ecosystems
ECOSYSTEM DRIVEN TECHNOLOGY AND GOVERNANCE
24 |