It appears from various documents related to Stewards, that running a Steward as a VM on AWS is perfectly acceptable. But if all Stewards run as VMs on AWS, can one really talk about a decentralised network? What’s the percentage of Stewards, today, running as VM on AWS or no Azure? I have not seen (or maybe I missed it) this point addressed in the Trust Framework. Could someone comment of point me to the relevant discussion please?
Fabien: This is a much-discussed issue with Sovrin’s Technical Governance Board. There is an official Node Selection Algorithm that helps choose which nodes should be participating in consensus. It takes into account a number of dimensions of diversity, including diversity of hosting environment. You can read more about it here: https://github.com/sovrin-foundation/sovrin-sip/blob/master/text/5001-node-selection-algorithm/README.md
Fabian, to add to Daniel’s point, this has actually been one of the most-discussed aspects of Sovrin infrastructure—so much so that it is addressed by several of the Core Principles of the Sovrin Governance Framework V2.
In the SGF Master Document, see in particular sections 2.8 (Decentralization by Design), especially 2.8.2 (Diffuse Trust):
Sovrin Infrastructure shall not concentrate power in any single Individual, Organization, Jurisdiction, Industry Sector, or other special interest to the detriment of the Network as a whole. Diffuse Trust shall take into account all forms of diversity among Identity Owners.
And section 2.8.6 (No Single Point of Failure):
Sovrin Infrastructure shall be designed and implemented to not have any single point of failure.
Also, Security by Design principle 2.11.1 (System Diversity):
The process and policies for selecting Stewards shall optimize availability and security by maximizing diversity of hosting locations, environments, networks, and systems.
The specific policy Daniel is referring to is section 5 of Sovrin Steward Technical Policies:
5. Node Selection Algorithm
The selection of active Validator Nodes at any point in time MUST be governed by the Node Selection Algorithm as specified by the Sovrin Technical Governance Board (TGB).
Non-technical inputs or policy decisions implemented by the Node Selection Algorithm MUST be approved by the Sovrin Board of Trustees.
At any point in time, the Node Selection Algorithm MUST represent the TGB’s best efforts at designing an algorithm that applies the Core Principles of the Sovrin Governance Framework. Recognizing the inherent tension and tradeoffs between some of the Core Principles, the design of this algorithm should give priority to balancing: (a) the Decentralization by Design principles, in particular the principles of Diffuse Trust and High Availability; (b) the Security by Design principles, in particular the principles of System Diversity and Secure Failure.
A human-readable, understandable, and explainable description of the current design of the algorithm as approved by the TGB MUST be published by the TGB in the official Sovrin Code Repository and made publicly visible via a web page on the Sovrin Foundation website.
I hope this helps—as you can see, the Sovrin Community takes Decentralization by Design very seriously.