+ § ToIP Trust Registry Protocol Specification
+Specification Status: v2.0 Draft
+§ Draft Specification
+§ Source
+The following links will be helpful for editors and reviewers during the DRAFT stage.
+-
+
- Source Code - https://github.com/trustoverip/tswg-trust-registry-protocol +
- Rendered Specification (github.io Pages) - https://trustoverip.github.io/tswg-trust-registry-protocol/ +
§ Editors
+ +§ Contributors
+To comply with the intellectual property rights protections in the charter of the ToIP Foundation (as required by all Joint Development Foundation projects hosted by the Linux Foundation), all contributors in any capacity to this Draft Deliverable MUST be current members of the ToIP Foundation. The following contributors each certify that they meet this requirement:
+-
+
- Antti +
- Andor +
- Jacques Latour, CIRA +
- Christine Martin, Continuum Loop Inc. +
-
+
+
§ Participate
+[[SECTION will be removed before going to Review]]
+Participation is welcome.
+ ++
This document contains a specification for the ToIP Trust Registry Protocol.
+Information about the current status of this document, any errata, and how to provide feedback on it, may be obtained at +https://github.com/trustoverip/tswg-trust-registry-protocol.
+§ Copyright Notice
+This specification is subject to the OWF Contributor License Agreement 1.0 - Copyright available at +https://www.openwebfoundation.org/the-agreements/the-owf-1-0-agreements-granted-claims/owf-contributor-license-agreement-1-0-copyright.
+If source code is included in the specification, that code is subject to the Apache 2.0 license unless otherwise marked. In the case of any conflict or confusion within this specification between the OWF Contributor License and the designated source code license, the terms of the OWF Contributor License shall apply.
+These terms are inherited from the Technical Stack Working Group at the Trust over IP Foundation. Working Group Charter
+§ Terms of Use
+These materials are made available under and are subject to the OWF CLA 1.0 - Copyright & Patent license. Any source code is made available under the Apache 2.0 license.
+THESE MATERIALS ARE PROVIDED “AS IS.” The Trust Over IP Foundation, established as the Joint Development Foundation Projects, LLC, Trust Over IP Foundation Series (“ToIP”), and its members and contributors (each of ToIP, its members and contributors, a “ToIP Party”) expressly disclaim any warranties (express, implied, or otherwise), including implied warranties of merchantability, non-infringement, fitness for a particular purpose, or title, related to the materials. The entire risk as to implementing or otherwise using the materials is assumed by the implementer and user.
+IN NO EVENT WILL ANY ToIP PARTY BE LIABLE TO ANY OTHER PARTY FOR LOST PROFITS OR ANY FORM OF INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER FROM ANY CAUSES OF ACTION OF ANY KIND WITH RESPECT TO THESE MATERIALS, ANY DELIVERABLE OR THE ToIP GOVERNING AGREEMENT, WHETHER BASED ON BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, AND WHETHER OR NOT THE OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+§ Revision History
+[[This section applies after the specification has been released for a public review]].
+The following key revisions have been made to this specification:
+-
+
- DATE (e.g. month)
+
-
+
- Key changes only (reviewer can see github commits for full evolution) +
+
§ Foreword
+ToIP (Trust Over IP Foundation) create a _____
+-
+
- TODO: Preamble along the lines of an ISO Foreword. +
List significant changes (non-normative):
+-
+
- Shift away from a pure Issuer/Holder/Verifier approach to support non-credential use cases. +
- Addition of namespacing concep to begin normalization of trust registries naming conventions. +
- Enrichment of registry-of-registry concept to allow for registries that focus primarily on providing a list of registries. +
§ Introduction
+TODO: create Introduction
+§ Scope
+The Trust Registry Protocol serves to provide a simple interface to the plethora of systems that contain answers that are required to make trust decisions.
+The TRP does not:
+-
+
- create a trust registry - it allows (read-only) access to a system-of-record that has the data needed to generate answers that a trust registry provides. +
- create new information - the Create, Update, and Delete of CRUD are not supported. Systems-of-record perform the full CRUD operations. The protocol provides a simple and consistent way of retrieving information from a system. +
- implement governance - the system-of-record that supports the TRP may have technical ways of doing this, supported by manual operations. Regardless, the TRP has no opinion on how governance is implemented - just that the information retrieved complies with the stated EGF. +
- make decisions - the TRP serves up data that are inputs to trust decisions. +
- assign Roles or Rights, though a consuming system may take information that is received via the TRP and assign these. +
§ Purpose
+The purpose of this ToIP specification is to define a standard interoperable protocol for interacting with a global web of peer trust registries, each of which can answer queries about whether a particular party is trusted and authorized, to perform a particular action in a particular digital trust ecosystem (defined under an EGF), as well as which peer trust registries trust each other.
+§ Motivations
+A core role within Layer 4 of the ToIP stack is a trust registry (previously known as a member directory). This is a network service that enables the governing authority for an ecosystem governance framework (EGF) to specify what governed parties are authorized to perform what actions under the EGF. For example:
+-
+
- Which entities are authorized to take what actions under an EGF.
+
-
+
- e.g. is an entity authorized to “issue” a “driver license”; is an entity authorized to “sign” data. +
+ - What other trust registries are recognized by this particular trust registry. +
As with all layers of the ToIP stack, the purpose of a ToIP specification is to enable the technical interoperability necessary to support transitive trust within and between different trust communities implementing the ToIP stack. In this case, the desired interoperability outcome is a common protocol that works between any number of decentralized peer trust registries operated by independent governing authorities representing multiple legal and business jurisdictions. One specific example of this need is the digital trust ecosystem defined by the Interoperability Working Group for Good Health Pass (GHP).
+A Registry of Registries (RoR), is a form of trust registry that primarily serves information about other trust registries.
+-
+
- What other governing authorities are known to the RoR. +
- Which trust registry are known to be authoritative for particular actions. Examples:
+
-
+
- Which trust registry is known to issue university diplomas for a particular jurisdiction? +
+
-
+
- Which trust registry is known to manage a list of professionals (e.g. CPAs, lawyers, engineers) that have particular signing rights (authorizations)? +
-
+
- Which trust registry are known to operate under a given EGF. +
§ Normative References
+ +TODO: Finish up alignging with spec-up spec linkging
+
-
+
- DID-CORE +
- + Decentralized Identifiers (DIDs) v1.0. + Drummond Reed; Manu Sporny; Markus Sabadello; Dave Longley; Christopher Allen; Jonathan Holt; 2020-09-07. Status: WD. + + +
- RFC3339 +
- + Date and Time on the Internet: Timestamps. + G. Klyne; C. Newman; 2002-07. Status: Proposed Standard. + + +
§ Non-Normative/Informative References
++
-
+
- RFC2119 +
- + Key words for use in RFCs to Indicate Requirement Levels. + S. Bradner; 1997-03. Status: Best Current Practice. + + +
§ Terms & Definitions
+The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “NOT RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described in [RFC2119] when, and only when, they appear in all capitals, as shown here.
+-
+
- assurance levels +
- TODO: +
- +
- Access privileges granted to an entity; conveys an “official” sanction to perform a cryptographic function or other sensitive activity. +
-
+
- source: NIST NIST SP 800-57 Part 2 Rev.1 under Authorization +
-
+
- +
- The primary trust registry plus all secondary trust registries are collectively referred to as the authorized trust registries. +
- action +
- a discrete property (string) that an entity can be authorized for, in the form of a permission response. +
- action namespace +
- A well-known string that is used in an EGF to indicate a discrete authorization. Examples (non-exhaustive): “canada:driver-license”, “eu:trusted-list.authorized-timestamp”, “global:tsm” +
- ecosystem governance framework +
- TODO: replace this ChatGPT definiton: refers to a structured set of principles, rules, and mechanisms that guide and regulate the management and decision-making processes within an ecosystem. Ecosystem governance is typically associated with natural or environmental systems, where various stakeholders, such as governments, communities, businesses, and non-governmental organizations, work together to sustainably manage and protect ecosystems. +
- registered entity +
- An entity that is listed in the system (i.e. the trust registry) that is being queried. +
- permission +
- Authorization to perform some action on a system. +
-
+
- source: NIST +
-
+
- primary trust registry +
- TODO: +
- secondary trust registry +
- TODO: +
- trust list +
- A one-dimensional trust graph in which an authoritative source publishes a list of entities that are trusted in a specific trust context. A trust list can be considered a simplified form of a trust registry. +
- trust registry +
- A registry that serves as an authoritative source for trust graphs or other governed information describing one or more trust communities. A trust registry is typically authorized by a governance framework. See also: trust list +
- VID Type +
- TODO: +
§ Requirements
+§ Registry Queries [RQ-*]
+The following queries relate to receiving answers related to entities and other trust registries.
+-
+
- [RQ-1] The system MUST support query operations for the current status of a registered entity. +
- [RQ-2] The system MUST support querying about —TODO: +
§ Configuration Queries [CQ-*]
+The following queries relate to configuration of systems that will interact with the trust registry.
+-
+
- [CQ-1] MUST provide a list of action namespace that are supported by the responding system. +
- [CQ-2] MUST provide +
- [CQ-2] MUST provide a list of VID Type (i.e. VID Types) that are supported by the responding system. +
- [CQ-3] MUST provide a list of assurance level that are supported by the responding system. + +
§ Metadata Queries [MQ-*]
+-
+
- [MQ-1] MUST provide a list of ecosystem governance frameworks (EGFs) that the system is operating under. This data will be comprised of the following elements:
+
-
+
- [MQ-1-1] MUST provide the VID of the EGF. +
- [MQ-1-2] MAY provide the name of the EGF. +
+
-
+
- [MQ-2] SHOULD provide the legal name and jurisdiction of the governing authority for the trust registry service. +
- [MQ-3] SHOULD provide the legal name and jurisdiction of the administering authority for the trust registry operator (if different from governing authority). +
- [MQ-4] SHOULD provide a textual description of the trust registry mandate. +
§ Governing Authorities [GA-*]
+Governing authorities compliant with this specification:
+-
+
- [GA-1] MUST have exactly one primary trust registry. +
- [GA-2] MAY have one or more secondary trust registries. +
++The primary trust registry plus all secondary trust registries are collectively referred to as the authorized trust registries.
+
-
+
- [GA-3] MUST publish an EGF that meets the requirements of:
+
-
+
- [GA-3-1] This specification. +
- [GA-3-2] The ToIP Governance Architecture Specification. Note that this includes the requirement that the EGF and all governed parties (which includes authorized issuers and authorized verifiers) must be identified with a DID. +
+
TODO: Add normative ref to ToIP Governance Architecture Specification
+-
+
-
+
[GA-4] MUST publish, in the DID document associated with the DID identifying its EGF, a **service property **specifying the service endpoint for its primary trust registry that meets the requirements in the Trust Registry Service Property section. +[GA-5] MUST publish in its EGF a list of any other EGFs governing secondary trust registries. +[GA-6] MUST specify in the EGF any additional requirements for an authorized trust registry. This data will be comprised of the following elements::
+-
+
- [GA-6-1] SHOULD provide Information trust requirements. +
- [GA-6-2] SHOULD provide Technical requirements. +
- [GA-6-3] SHOULD provide Operational requirements. +
- [GA-6-4] MAY provide Legal contracts. +
+ -
+
[GA-7] MUST specify in its EGF (or in any referenced documents) requirements for:
+-
+
- [GA-7-1] MUST provide all authorization values that are used by the trust registry. +
- [GA-7-2] MUST provide all assurance levels, specified with unique names, that are service by the trust registry, and what authorization values they apply to. +
- [GA-7-3] MUST provide a list of all VID Types that are supported by the ecosystem, and serviced by the trust registry. +
- [GA-7-4] SHOULD provide
resources (TODO: TERM IS VAGUE)that are required by systems integrating into the ecosystem that the system serves.
+ - [GA-7-5]
???any metadata required by implementors (e.g. claim name that is mandatory if pointing a credential back to an EGF.) [this is a weak example]???
+ - [GA-7-6]
???a statement about the basis the trust registry claims to be authoritative???
+ - [GA-7-7]
???means by which others are able to verify the asserted authority???
+
+ -
+
[GA-8] SHOULD specify in the EGF the following requirements for an authorized trust registry and any registered party (i.e., issuer, verifier, or peer trust registry):
+-
+
- [GA-8-1] The requirements to become authorized. +
- [GA-8-2] How to request registration. +
- [GA-8-3] The requirements for assignment of each authorization for a registry entry. +
- [GA-8-4] Any access limitations (e.g. unrestricted public access, authentication-limited access). +
- [GA-8-5] How to request access where unrestricted public access is not available. +
+
§ Trust Registry Service Property [TRSP-*]
+The DID document for the DID that identifies an EGF compliant with this specification MUST include a service property that meets the requirements in section 5.4 of [DID-CORE] plus the following additional requirements:
+-
+
- The value of the
typeproperty MUST beTrustRegistry.
+ - The value of the
serviceEndpointproperty MUST be exactly one HTTPS URI.
+
https://github.com/trustoverip/tswg-trust-registry-protocol/issues/5
+-
+
- Should align with DID Profiles +
Registered entities MUST indicate which registries they are part of.
+-
+
- Registered entities MUST indicate the primary trust registry for a particular permission.
+[
TODO:The issuer/verifier needs to state their primary trust registry affiliation (a trust relationship) - is this a new section?]
+
§ Trust Registry Protocol [TRP-*]
+The authoritative technical specifications for the API calls in the ToIP Trust Registry Protocol V1 are specified in Appendix A (OpenAPI YAML file). This section contains a textual description of the requirements.
+Trust registries implementing this protocol:
+-
+
-
+
[TRP-1] MUST maintain the service implementing this protocol at the HTTPS URI specified in the Trust Registry Service Property section.
+
+ -
+
[TRP-2] MUST return responses to queries for the status value of a registry entry that satisfies one or more of the following sets of query parameters:
+
+ -
+
Entity
+
+ -
+
The entity authorization that is being validated.
+
+ -
+
Registry
+-
+
- i. Entity Authorization: entityDID, authorization +
- ii. Recognized Registry: entityDID +
+
-
+
- MUST return responses using the data model specified in the Data Model section. +
- MUST return exactly one of the following status values for a registry entry satisfying the query parameters:
+
-
+
- i.
Not found(http 404)
+ - ii.
Current
+ - iii.
Expired(not renewed after the previous valid registration period)
+ - iv.
Terminated(voluntary termination by the registered party)
+ - v.
Revoked(involuntary termination by the governing authority)
+
+ - i.
- For queries returning a status value other than
Not Found, the response MUST return the following values: +-
+
- i. The parameter values exactly as supplied in the query (so responses can be stateless). +
- ii. The status value. +
- iii. Exactly two datetime values conforming to the following requirements:
+
-
+
- a. The value labels MUST be:
+
-
+
- i.
AuthorizationStartDate
+ - ii.
AuthorizationEndDate
+
+ - i.
- b. The values MUST be formatted to comply with [RFC3339] in the UTC/Z time zone with no offset. +
- c. The
AuthorizationStartDateMUST be the date that the registered party’s authorization began.
+ - d. The
AuthorizationEndDateMUST be either: +-
+
- i.
Nullfor an entry whose status value isCurrentat the time of the query.
+ - ii. A specific date value if the registered party’s status value is
Expired,TerminatedorRevoked.
+
+ - i.
- e. If a registered party has multiple entries (representing an authorization history), the most recent value MUST be returned. +
+ - a. The value labels MUST be:
+
+
§ Anti-Requirements
+[AR-1] SHALL NOT support query operations for the history of a registered entity.
+[AR-2] SHALL NOT include support for a DIDComm interface, only a RESTful (i.e. OpenAPI Specification) interface. When a repeatable trust task specification approach is created, a DIDComm/trust task approach should be considered as a work effort.
+[AR-3]]SHALL NOT support automated rules processing.
+[AR-4] Anyting other than read-only INSERT, UPDATE and DELETE operations. The TRP is a read-only (RETRIEVE in the CRUD sense) protocol.
+§ Annex A: Consolidated Requirements
+For ease of reference, the following table consolidates all normative requirements in this specification. Each requirement is linked to the section in which it appears.
+THE FOLLOWING REQUIREMENTS IN THE TABLE ARE JUST EXAMPLES FOR NOW.
TODO: Finalize table once requirements (earlier).
+| Req # | +Description | +Section | +
|---|---|---|
| + | Governing Authority Requirements | ++ |
| GA-1 | +EGF MUST have exactly one primary trust registry. | +[#governing-authorities-ga-] | +
| GA-2 | +EGF MAY have one or more secondary trust registries. | +[[#governing-authorities-ga-] | +
| A.3 | +MUST publish an EGF that meets the requirements in: | +|
| A.3.1 | +This specification. | +[LINK] | +
| A.3.2 | +The ToIP Governance Architecture Specification. Note that this includes the requirement that the EGF and all governed parties (which includes authorized issuers and authorized verifiers) | +[LINK] | +
§ Annex B: OpenAPI Specification
+The OpenAPI Specification (v3.0.1) is the first “concrete” API specification.
+It is provided as an Open API Specification v3 YAML file.
+ +Redoc Rendering (static HTML) of specification
+§ Annex C - Uses and Data Model Reference
+§ Use of the Trust Registry Protocol.
+The TRP is intended to be used in at least two key ways:
+-
+
- Native Support - systems may directly implement access using the TRP. +
- Bridged - systems may create access “bridges” that provide TRP access to their systems. +
.
§ Object Model
+We provide a high-level object model (NOTE: source of truth is the Swagger as this diagram may be out of date during development)
+