January Workplan for the Sovrin Provisional Trust Framework


#1

The Sovrin Foundation is preparing to advance the Sovrin ledger from the sandbox stage to the first production stage, called the Sovrin Provisional Network, by the first week of February. This name signifies that all transactions will now be real and permanent, but the network is still at an early growth stage and will need stress testing, performance testing, and peer security review before it moves into the next stage of general availability (GA).

The Sovrin Technical Governance Board (TGB) is preparing to have the provisional ledger go-live code ready by the end of the month. So the job of the Sovrin Trust Framework Working Group is to have the necessary Sovrin Trust Framework legal docs ready for approval by the Sovrin Foundation Board of Trustees by their monthly meeting on January 25th.

Sovrin Foundation counsel Scott Blackmer (@sblackmer) and I put have together this Google doc as a single place to reference the three legal documents (also being drafted as public Google docs that are open to comment) and our workplan to finish them:

  1. The Sovrin Provisional Trust Framework (PTF)
  2. The Sovrin Identity Owner Agreement (IOA)—Appendix A to the PTF
  3. The Sovrin Founding Steward Agreement (FSA)—Appendix B to the PTF

Completing these documents will be the main focus of the Sovrin Trust Framework Working Group during the month of January. If you would like to participate in this Working Group, we have weekly webmeetings at 1PM Pacific Time on Tuesdays. Feel free to send me an email at first name drummond dot last name reed at the domain evernym.com if you would like to be added to the meeting invite.


#2

I do hope it was appropriate to take notes directly in those docs - if not, please feel free to jetison my comments.

I like the approach, but there’s a lot of meat that needs fattening - what level of input would you like from the community and how can we make these documents exemplars of the new legal/mechanical frontier?

My personal interest is to see the idea of “Identity Jurisdiction” developed in more detail.

I see this as a very thorny area - Stewards and Identity Owners seem bound to a “legal jurisdiction or nation state” (as well as other conditions) - but consider the difference between “the global identity” and “the internal maintenance of < PURPOSE > within < STF-JURISDICTION >” where STF-JURISDICTION is whatever is a “legal jurisdiction or nation state” and PURPOSE is something like Medicine, Logisitics (Shipping), Finance, Law Enforcement, etc.

I would imagine that the STF is at one end of the spectrum - being maximally open and tolerant, while “Law Enforcement in Singapore” might be a bit more precise and less forgiving - not to mention “Tax Identity”, which is intrinsically biased to “over-step”. I’m not certain a 1-size-fits-all model works here, but I do suspect that a “basic template, with recursive structure” would do the trick / and would accommodate decentralized authority.

the STF needs to be a system of rules that makes sense “from whatever viewpoint” - like defining an algebra or a topological group or elliptic curve or some other such fancy-dan, pangalatic-gargleblasting mathematical idea. I think that could be accomplished by building in some basic linking between instances - a “legal API” for connecting STF_< id1 > to STF_< id2 >, and when ID1=SovrinActual, it gives you “the view from the source” so to speak.


#3

Eric, I only have a moment right now but, as I mentioned on the Trust Framework Working Group webmeeting today, the Sovrin Trust Framework is ANYTHING but “one size fits all”. In fact I’d say it’s the opposite. It’s a framework for self-sovereign identity in which any two identity owners can connect and reach agreement about what they are going to share using what identity/persona in what legal context/jurisdiction for what reason.

So think of the STF as the broadest circle you can cast—sort of like the legal equivalent of Internet as a whole—and the particular connections any identity owner creates using the STF to be like the particular connections you create using TCP/IP.

And a plug-in trust framework, such as one for a particular country or industry, would be like a subnet inside the Internet.

Does that analogy make sense?


#4

I would characterize Sovrin as a technical trust framework that would be used to complement an institutional or pan-jurisdictional trust framework. Both are needed.


#5

I agree with Tim—the Sovrin Trust Framework does aim primarly at establishing “technical trust”, which then supports any other trust framework for human or business trust.


#6

One of my driving interests in the PTF (and STF) is as a blueprint for “recursive application under relaxation”.

The *TF defines roles and structure at a global scale. Certainly, if we can do this, we can “relax” provisions, roles, and terms and provide alternate structures which are more appropriate to less global, more constrained environments.

In the sense of the “internet of identity” we want a self-similar structure up and down the axis of scale… zoom in a bit and you see a “Sovrin infrastructure” that you can map in and out of jurisdictional domains. We all win to the extent that the ‘IPV4’ of trust frameworks can be mapped in this manner.

I look at the *TF - not as an end in itself, but as an end in itself ‘under variable substitution’ (which is why I niggle so endlessly)

As Drummond points out - technical trust is paramount, without alignment between the legal and technical trust frameworks there is little point in the legal noise. The only other attempt I know of that tries to align both legal and technical frameworks is the ‘license battle’ of source code - look how messy that got, and that did not have matters of intrinsic humanitarian interest directly at stake - not in the way that I view my digital identity as relevant to me, as a person, staring at my sun, on my planet, regardless of any other political jurisdiction.

I agree w/ Tim - pan-jurisdictional is indeed critical. As is nested jurisdiction.

I think that the *TF are pretty close to what we need here - both as a framework suitable for a global jurisdiction, but also as a framework that is recursively applicable under key variable replacement - so long as key enclaves like “Trust Anchor” or “Identity Owner” are refined, and not eclipsed, I think we have a freedom-trust-and-integrity preserving framework here.

If you can think of any attack avenues here, please do reveal them - ideas laid in the days of early cement will last the longest - we owe the future all our efforts of diligence.


#7

Well put, Eric. I think of the Trust Framework that way too. You’ve heard me use the simplistic “Lego baseboard” analogy, but there are many ways I see the primitives of Sovrin identity—both the tech and the legal framework—being reused at whatever scale needs them.