Ecosystem governance as per ToIP Layer 4 / Governance Stack

The 4th layer of the ToIP focuses on establishment of the policies and rules that will enable operation of entire digital trust ecosystems across all three lower layers for creating market values for end users. The actors of this layers are entities who are operating a credential/identity information system for a particular user domain and/or are responsible/willing to serve that user domain (e.g. education, research, health, automotion etc.)

Trust in this context relates to the specific agreements among the actors to adhere certain requirement and guidelines on operation of entire digital trust ecosystems across all three lower layers. In the ecosystem the members are agreed on a transitive trust, and can appoint an organisation which is operating the necessary technical system for the trust fabric and also can select and organisation which is responsible for auditing the adherence of requirements and an guidelines of ecosystem.

Ecosystem governance frameworks refer to the rules, policies, standards and practices that coordinate and shape ecosystem trust in a particular ecosystem. Ecosystem governance is usually transnational (bi-lateral or multilateral agreements) and very likely international (joining in a particular ecosystem alliance which has an established ecosystem governance which is continuously refined).

The involved actors should have contractual agreement to operate the ecosystem for that particular domain based on the various decisions e.g. appointment from the ecosystem members (bottom-up), decree governing the ecosystem (top-down) because of particular role in the domain of the ecosystem. These agreements are enabling them to fulfil a role or a task for benefit of the particular ecosystem domain using the DID as a technical implementation tool.

The ecosystem governance framework is the non-technical backbone of this new era of digital trust. Every digital credential in a wallet should adhere to a governance framework which is reflecting the business, legal and technical policies and rules under which the particular ecosystem is operated. Therefore the existing ecosystems should be a initiating point for defining the ecosystems governance framework (evolutionary approach), unless ecosystems stakeholders thinks the existing systems should be dropped and replaced with something much better (revolutionary approach).  

One can envisage several ecosystem domains with different governing rules and policies, while using the same technical credential/identity information systems.

Several examples for ecosystem governace:

• standards for international passports governed by the International Civil Aviation Organization (ICAO), which includes documents such as Doc 9303 Machine Readable Travel Documents, the technical standard for machine-readable passports (this example cited in Trustoverip white paper) [1] https://trustoverip.org/wp-content/uploads/Introduction-to-ToIP-V2.0-2021-11-17.pdf
• The Internet Assigned Numbers Authority (IANA) is a standards organization that oversees global IP address allocation, autonomous system number allocation, root zone management in the Domain Name System (DNS), media types, and other Internet Protocol–related symbols and Internet numbers. IANA itself governed by Internet Society with a mission to promote the open development, evolution, and use of the Internet for the benefit of all people throughout the world
• Outside of identitity governance but International System of Units (SI) is good example of ecosystems governance . SI provides the modern form of the metric system and the world's most widely used system of measurement which workinf by defining constants, base units, derived units, prefixes, and realisation of certain units. It is governed by three international organisations General Conference on Weights and Measures (CGPM)  the International Committee for Weights and Measures (CIPM), and the International Bureau of Weights and Measures (BIPM).
• Also outside of identitz governance but all the technical standardisation bodies are also good examples of ecoszstems governance. IETF, IEEE, ETSI, ITU-T are governed by major players of relevant ecosystems, and they are implementing standard based on consensus.   
• eduGAIN, eduroam and REFEDS - extend.

In the GÉANT context, GÉANT selected and accepted as experienced and globally trusted operating authority in the education and research world therefore GÉANT would be the most suitable candidate to play this role in this new environment. In any case, GÉANT would not be the only governing authority, but DID allows several federation to exist various ecosystems. The role of GÉANT in the global R&E sector ecosystem:

• Solutions: Enabler for "Digital mobility" in the greater European area with an ambition to offer federated solutions scaling beyond Europe on a global scale
• Governance: Maintainer of governance processes to govern the "digital mobility" solutions above. It's main instrument of GÉANT is its membership represented in the GA of GÉANT.
• Global liaisons with a grain of "governor of last resort": Liaising with organisations in other world regions with a similar remit than GÉANT, but also taking care for "underserved" regions or helping regions with emerging structures to establish their own governance.

Transformative aspects

The participating actors in ToIP will be much more diverse than in the GÉANT federated system. Their interests will also be different to those restricted to education and research in the current GÉANT global environment. Confidentiality and Data Privacy protection policies and rules may also differ among the actors in this diversified environment.

The most important aspect of ecosystems governance is scaling the trust.

Opportunities

The use of persistent, discoverable, cryptographically verifiable identifiers for all parties and documents governing a digital trust ecosystem might transformative how the users use services in research and educations. This can create opportunity to GEANT and NRENs to develop or contribute to new types of applications. 

• It can be used for built educational and research portfolio much easier.
• Can be used for build legally binding signature schemes for research and educational environment
• Increase level of assurance in various identification scenarios with combining various identification sources via user interactions

eduGAIN can use a better trust fabric. 

Risks

Due to complexity of the system may intimidate users to use wallet-based ecosystems.

Also due to complexity of the ecosystem NRENs and GÉANT might lose their users.

Notes from f2f meeting