The Linux Foundation Takes on Digital Trust With ToIP Foundation

The Linux Foundation announced it will host the Trust over IP (ToIP) Foundation, an independent project to enable trustworthy exchange and verification of data between any two parties on the internet in a way that does not require third-party verification.

The founding members of the ToIP Foundation include Accenture, BrightHive, Cloudocracy, Continuum Loop, CULedger, Dhiway, esatus, Evernym, Finicity, Futurewei Technologies, IBM Security, IdRamp, kiva.org, Lumedic, Mastercard, MITRE, the Province of British Columbia and SICPA. In total, 29 organizations are participating at the time of launch.

DevOps Connect:DevSecOps @ RSAC 2022

Drummond Reed, chief trust officer at Evernym, said the goal of the effort is not to create new security technologies but rather work with governments and other governing bodies within vertical industries to establish a technical and legal framework for establishing and recognizing sovereign digital identities.

The ToIP Foundation initially will focus on fostering interoperable digital wallets and credentials and promoting the adoption of a Verifiable Credentials standard put forward by the W3C to advance digital trust. Other issues the ToIP Foundation will address include data protection and cryptography.

The ToIP Foundation will host four Working Groups to start. A Technical Stack Working Group and the Governance Stack Working Group will focus on building out and hardening the technical and governance aspects of a ToIP stack. The Utility Foundry Working Group and the Ecosystem Foundry Working Group will collaborate on the development of ToIP utility networks or entire ToIP digital trust ecosystems.

John Jordan, executive director for the BC Digital Trust Service at Province of British Columbia, said the new foundation is addressing issues that thus far have not been addressed by any other standards body.

It remains to be seen how governments around the world will react to a push to formally recognize digital identities. However, organizations today are pouring massive resources into authentication technologies to make up for the fact there are no digital identity standards that can be applied, for example, across a supply chain.

The massive amount of investments being made in digital business transformation initiatives will drive adoption of digital identity standards. Requiring organizations to manage layer upon layer of authentication technologies for each digital business use case will become impractical quickly. The challenge is getting all the global entities that have a vested interest in digital identities to cooperate. Many of those entities are governments that don’t always share the same perspective on things such as the right to privacy.

In the meantime, there are thousands of associations that serve as stewards of de facto standards within various vertical industries. If those bodies begin to adopt the standards put forward by ToIP, then a critical mass of adoption is likely to be achieved.

Regardless of the ultimate outcome, however, cybersecurity professionals should take some comfort from the fact that as digital identity and other related standards start to form, the overall IT environment should become that much more secure. In fact, cybersecurity professionals just might have a vested interest in encouraging their organization to at the very least adopt whatever standards emerge, if not participate in their development outright.

To encourage that participation, the ToIP Foundation will host an all-digital launch event May 7 at noon Eastern/9 a.m. Pacific featuring a panel discussion and interoperability demonstration.

Featured eBook
Managing the AppSec Toolstack

Managing the AppSec Toolstack

The best cybersecurity defense is always applied in layers—if one line of defense fails, the next should be able to thwart an attack, and so on. Now that DevOps teams are taking  more responsibility for application security by embracing DevSecOps processes, that same philosophy applies to security controls. The challenge many organizations are facing now ... Read More
Security Boulevard

Michael Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

mike-vizard has 436 posts and counting.See all posts by mike-vizard