Taking the Sovrin Foundation to a Higher Level: Introducing SSI as a Universal Service

August 10, 2020


When it was first founded in September 2016, the mission of the Sovrin Foundation was captured in just three words: “Identity for All”. It was an extremely concise way of articulating the overall vision of “self-sovereign identity”—a category now so widely recognized it is called simply “SSI”.

But because the early efforts of the Sovrin Foundation were focused on the first foundational components needed for SSI—the Sovrin ledger (aka “blockchain”) and the Sovrin Governance Framework—it was easy to overlook that a purpose-built SSI ledger is only one component of SSI infrastructure. As SSI architecture matured, it became clear there are three more layers to the “stack”—and only by providing all four layers can we actually deliver “Identity for All”.

In the first half of this year, two evolutionary steps unfolded (ironically, neither had anything to do with the COVID-19 pandemic):

  1. The Trust over IP Foundation was formed as an independent new non-profit project at the Linux Foundation to fully define and standardize the four-layer ToIP stack.
  2. The Sovrin Foundation elected a new board and broadened its focus to include the Sovrin Ecosystem (ToIP Layer Four) in addition to the Sovrin Ledger (ToIP Layer One).

In this post we will explain what these two developments mean for the future of the Sovrin Foundation and the Sovrin community.

The ToIP Stack

After the launch of the ToIP Foundation in the first week of May, information about the ToIP stack is now plentiful. If this topic is new to you, we recommend the ToIP white paper as an introduction. Here’s the standard picture of the four layers:

The four layers of the Trust over IP stack

For the purposes of this article, the key takeaway is this: each layer requires a governance framework designed to meet the needs of a specific trust community at that layer. For example, a governance framework at Layer One can define what a trust community needs from a public utility network—such as the Sovrin public ledger (or other Hyperledger Indy-based ledgers, or the Ethereum blockchain, or any other verifiable data registry).

As you go up the stack, different types of governance frameworks address different needs at each layer. For example:

The Role of the ToIP Foundation

When the ToIP Foundation was announced, some were surprised to hear that it will not itself produce any governance frameworks—nor will it serve as a governance authority. The reason is that the role of the ToIP Foundation is only to define the standards, models, templates, and best practices necessary to achieve a globally interoperable digital trust infrastructure.

Once these “guardrails and guidelines” are defined, it is up to the market to drive real-world implementations. Specifically, this means:

  1. Governance authorities—of any kind, representing trust communities of any size or complexity—need to use ToIP standards, models, templates, and best practices to define the governance frameworks they need.
  2. Developers, vendors, and integrators need to build, test, and deploy the ToIP technology stack necessary to implement the policies and procedures defined in a ToIP governance framework.
  3. Testing labs, auditors, accreditors, and certification authorities need to provide the interoperability testing, certification, and auditing capabilities needed to meet and maintain the levels of trust assurance specified in a ToIP governance framework.

To use an analogy, the ToIP Foundation is like the National Basketball Association (NBA). It defines the overall rules by which everyone agrees to play professional basketball, but it doesn’t actually field any teams or play any matches. Governance authorities are the “teams” that define their own governance frameworks as the “playbook” for the members of their trust community (the “players”)—as long as they stay within the overall interoperability rules defined by the ToIP stack.¹

The Role of the Sovrin Foundation

From the standpoint of the ToIP stack, the Sovrin Foundation is a governance authority. Following our sports analogy, the Sovrin Foundation’s job is to field an operational “team” to define the governance framework needed by its trust community—the Sovrin community.

Who is the Sovrin community? In the Sovrin Glossary, it is defined as:²

…the set of all Identity Owners cooperating under the Sovrin Governance Framework.

The purpose of the Sovrin Governance Framework is:

…to provide a decentralized global public utility for self-sovereign identity that serves as the foundation for the Sovrin Network—a decentralized global web of trust interconnecting all Identity Owners and the Things they control. 

In short, the Sovrin community is the totality of all people and organizations who want to enjoy the benefits of self-sovereign identity.

The Sovrin Public Utility and the Sovrin Ecosystem

From this perspective, it is clear that “Identity for All” cannot be delivered by the Sovrin ledger alone. Although it is unquestionably a vital component—the Sovrin ledger is the first and largest SSI utility with over 70 Stewards and very close to 100% uptime—it still only addresses the requirements of the Sovrin community at ToIP Layer One.

To truly deliver “Identity for All’ we need to move all the way up the ToIP stack to Layer Four—to define how SSI should operate as an entire digital trust ecosystem.

That term is intentionally very broad, because a digital trust ecosystem can form around any set of requirements from any trust community. In just its first few months, the ToIP Ecosystem Foundry Working Group has already seen proposals for digital trust ecosystem projects in healthcare, education, financial services, travel, and government.

But “Identity for All” is a very special kind of digital trust ecosystem. It is very horizontal— encompassing every individual and organization in the world who wants to live by the principles of self-sovereign identity. It is an ecosystem that will contain many other ecosystems, all of whom want to share a consistent, actionable set of principles and policies for practicing SSI.

So when the second generation Sovrin Board of Trustees was elected on 17 July, their first directive to the Sovrin Governance Framework Working Group (SGFWG) was to begin developing a new governance framework for this specific ecosystem—the Sovrin Ecosystem Governance Framework.

The First Sovrin Doc-a-thon

The starting point for this work was the existing second-generation Sovrin Governance Framework (SGF V2). The product of three-and-a-half years of effort, the SGF V2 represents an amalgam of principles for SSI as a whole (Section 2 of the Master Document) together with 16 Controlled Documents aimed primarily at operational governance of the Sovrin ledger.

To begin the process of separating the current SGF V2 into two new governance frameworks—the Sovrin Utility Governance Framework (SUGF) and Sovrin Ecosystem Governance Framework (SEGF)—the SGFWG held its first “Doc-a-thon” on 29 July. Sixteen people from around the world (India, UK, Belgium, Italy, Germany, the Netherlands, Canada, USA) spent three hours focused on refining the purpose statements for the SEGF. Here is the wording they came up with:

The Sovrin Ecosystem enables Self Sovereign Identity (SSI) as a Universal Service for all.

The Sovrin Ecosystem Governance Framework (SEGF) defines the principles, policies, and accountabilities that govern the Sovrin Ecosystem.

The Sovrin Trust mark is a means of asserting an organization’s compliance with the SEGF.

The Real Meaning of SSI as a Universal Service

The key focal point of discussion at the Doc-a-thon was the term Universal Service. The concept of SSI as a Universal Service was first brought to the SGFWG by Nicky Hickman (former co-chair of the Sovrin Guardianship Task Force, now a Sovrin Trustee). Nicky was deeply familiar with the term from her two decades of work with telcos around the world on digital identity, accessibility, and inclusion. As it says in the opening sentences of the Wikipedia article:

Universal service is an economic, legal and business term used mostly in regulated industries, referring to the practice of providing a baseline level of services to every resident of a country. An example of this concept is found in the US Telecommunications Act of 1996, whose goals are:

The thesis that Nicky brought to the Sovrin Foundation was that, as communications and commerce grows increasingly digital, digital identity is increasingly required to effectively operate and communicate online—so much so that governments and industries everywhere should commit to supporting SSI as a Universal Service for their citizens and customers.

The sixteen participants in the first Sovrin Doc-a-thon unanimously agreed that making SSI as a Universal Service the explicit purpose of the SEGF would give “Identity for All” the real teeth it needed to make a difference in our lives.

Please Join Us at the Second Sovrin Doc-a-thon

In the first Doc-a-thon we spent so much time discussing the purpose statements for the SEGF that we didn’t have much time left to move on to the principles that define what we want SSI to really stand for. While there is general agreement that the twelve Core Principles in Section 2 of the current SGF Master Document are a good start, there was a consensus that we need to visit each principle in much greater depth, asking:

  1. Is it the right principle for the entire Sovrin Ecosystem?
  2. Should the wording be refined/revised/expanded?
  3. Are there other principles we are missing?

We concluded a second Sovrin Doc-a-thon was needed in order to spend another three hours focused on these vital questions. We also agree we’d very much like to widen the contributors to the discussion. So we are extending an invitation to anyone interested in defining the future of SSI as a Universal Service— regardless of whether you are brand new to the Sovrin community or an old hand.

All that is required is a genuine interest in the topic and an ability to join a Zoom meeting (and don’t worry, you don’t have to join for the full three hours if you’re not able, and we will take a break at the midpoint of the meeting to give everyone a breather).

To maximize time zone coverage, the meeting will be held from 07:00-10:00 PT / 14:00-17:00 UTC on Wednesday 26 August. Click here to register at Eventbrite and receive a calendar invite to the meeting.

Also, we strongly recommend the following documents as pre-reading for the event:

  1. Thanks to former Sovrin Trustee Joyce Searls for this sports analogy.
  2. Although the current SGF uses the term “Identity Owner”, based on feedback from Joe Andrieu and others, the SGFWG has decided to deprecate this term since the legal concept of data ownership is highly controversial. The next version of the Sovrin Glossary plans to use the term “Identity Holder” or “Identity Controller”.
« »