15A/ToIP Interoperability Framework / Judith F.

From IIW

Session 15A

Trust Over IP Interoperability Framework


Session Convener: Drummon Reid, Judith Fleenor, Allan Thomson

Notes-taker(s): Neil Thomson

Tags / links to resources / technology discussed, related to this session:


The ToIP Tech Arch Spec can be found here in PDF and GitHub MD


Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:


Trust over IP’s mandate includes providing interoperability certification testing as part of it’s mandate. The rationale is quite simply that adoption and successfully deployment, and a sense of “just works” is critical to SSI and ToIP’s full stack architecture acceptance by governments, corporations and users.


ToIP is following the lead of organizations like the WIFI-Alliance, which created a cross-organization certification group, organized and financed by Wireless manufacturers and supporting technologies to define full wireless stack certification across a wide variety of use cases, context and device types (access points, office building, airports and per device user access, for the entire wireless ecosystem.


This was done by defining device and software component profiles and use cases which formed the base for the interop test cases. As a result the WIFI Allicance sticker on products was assurance that “it just works” and was seen as successfully promoting early and confident adoption by the entire spectrum of customers.


Another example is the Video Cassette Recorder market (of many years ago). Sony BetaMax and the VHS consortium were the two standards. Sony only attracted a small number of vendors to support BetaMax vs the rest of the industry supporting VHS. Sony had the better product, but VHS won, due to greater adoption by VHS by both the machine suppliers and the supply of recorded material.


ToIP needs to do the same thing to know that SSI "just works". This needs the organizations developing SSI at all levels to become the support for building ToIPs interop certification group, including funding and donation of time and expertise. For supporting organizations, this ensures that they are at the forefront of driving the interop requirements and test cases.


Based on industry experience, ToIP has determined that delivery of full interoperability certification will be 18 to 24 months and needs to begin now. This will avoid the problem the Software Technology and Cyber Security (STCC) industry experienced where they did not initially commit to an interop certification approach and discovered only in early deployment to a customer using equipment from two vendors that each vendor had different interpretations in the implementation details, which was both expensive, lowered credibility and set back acceptance until an interop certification test suite was created.


Questions and Feedback


Does this mean picking winners and losers in the current implementations of, say, verifiable credentials such as anon creds?


  • No, this is about creating a single interpretation of the technical specifications, down to the test case level. This provides unambiguous definition for not only existing VCs, but also for all future VC development, creating a level playing field for all SSI technology development organizations.
  • Certification is also about the entire technology stack of which VCs are only part. The goal is overall SSI system certification, not just SSI components. Note that DIF (the Digital Identity Foundation only wanted to specify, develop and certify components (e.g., secure store) vs. entire SSI systems.


How will interoperability cover different environments and uses of SSI?


  • This will be part of the work of developing the interop suite. While there will be a base set of interopabiltiy requirements, there will also have to be specific environment, device, server, etc. certification suites, plus advanced suites for optional or advanced behavior. It will be up to the ToIP marketplace and ToIP members to define the use/test cases to be included, so participation in building ToIP interoperability certification suite is in the interest of all SSI developers.


  • The alternative is to let the largest vendors dominate the industry through their ability to deliver a wide range of SSI technologies such that they can provide organizations with a complete single vendor solution. This would be analogous to AT&T’s dominance of telecom in the US.


Questions to the room:


  1. Should TOIP develop an interoperability certification framework and delivery it?
    • Answer: All but one person said yes.
      • One dissenting opinion was: why commit now? There may be newer, better, better alternatives to the ToIP stack in the near future.
      • Another pointed to ToIP certifying the existing, most popular Verifiable Credentials (e.g., Anon Creds) the way the operate today as the standards.


  1. Is there some other group or existing organization where this should happen?
    • There were no suggested alternative organizations


Final Comment (from a participant): I have seen demos of some components and full demonstrations the SSI stack here at IIW. It is very hard to understand whether they will be interoperable, particularly in a multi-supplier application or environment (without a vendor neutral interop certification suite)?

Retrieved from "https://iiw.idcommons.net/index.php?title=15A/ToIP_Interoperability_Framework_/_Judith_F.&oldid=24767"