New open source standards are coming that can help technologies such as edge computing and IoT achieve greater security.
On May 5, 2020, the Linux Foundation plans to announce they will be hosting the Trust over IP Foundation (ToIP), which is a project with one goal—enable the trustworthy exchange and verification of data between any two parties on the internet.
This is long overdue.
Effectively, what the ToIP Foundation will do is provide a common standard to ensure data is coming from a trusted source. This standard is being developed with global pan-industry support. Founding members include Cloudocracy, Continuum Loop, CULedger, esatus, Evernym, The Human Colossus Foundation, IBM Security, IdRamp, kiva.org, Lumedic, Mastercard, MITRE, Province of British Columbia, and SICPA. Contributing members include DIDx, GLEIF, iRespond, Marist College, Northern Block, R3, Secours.io, TNO, and the University of Arkansas.
SEE: How smart tech is transforming the transportation industry (TechRepublic Premium)
Why is such a standard necessary?
Technology has evolved to such a state that the transmission of data comes in many forms and from many sources. No longer is user data only transmitted via the traditional network connection—from client-to-server, or client-to-client. The new world order includes IoT, hybrid clouds, artificial intelligence, and edge computing. The complications inherent in these technologies makes it even more crucial that universal security and privacy protocols are developed and put into place.
Given that technology already faces a seemingly insurmountable security hurdle, the idea of a universal standard will be a welcome change for both the industries driving these technologies and the consumers whose data is being used and monetized. At the moment, consumer confidence in data transmission security is at an all-time low. This trend will continue, until drastic change happens.
Dan Gisolfi, CTO Decentralized Identity, IBM Security, understands how important these new protocols are. "In today's digital economy, businesses and consumers need a way to be certain that data being exchanged has been sent by the rightful owner and that it will be accepted as truth by the intended recipient. Many privacy focused innovations are now being developed to solve this challenge, but there is no 'recipe book' for the exchange of trusted data across multiple vendor solutions. The new Trust over IP Foundation marks an evolutionary step which goes beyond standards, specs, and code, with the goal of creating a community-driven playbook for establishing 'ecosystems of trust.' IBM believes that the next wave of innovation in identity access management will be for credential issuers and verifiers to partake in these ecosystems, where trusted relationships are built upon cryptographic proofs."
How will this new protocol work?
Although there isn't too much information on the nuts and bolts of the new universal standards, it has been reported that the ToIP Foundation will use digital identity models that make use of digital wallets and credentials, as well as the W3C Verifiable Credentials standard to address the challenges facing the issue. By working with these technologies, the ToIP foundation will enable consumers, businesses, and governments to better manage risk, improve digital trust, and protect all forms of online identity.
To this, Jim Zemlin, executive director at the Linux Foundation said, "The ToIP Foundation has the promise to provide the digital trust layer that was missing in the original design of the internet and to trigger a new era of human possibility. The combination of open standards and protocols, pan-industry collaboration and our neutral governance structure will support this new category of digital identity and verifiable data exchange."
Open standard is key
The devices that transmit such data currently exist without a standard. Because a vast majority of those devices transmitting these data packets are powered by open source solutions, it only makes sense that any standard to be developed for such technology would be open.
Why? That's a fairly simple question to answer. First off, the technologies that will be using these protocols are almost all founded on open source software. Should those protocols be closed, developers would have a hard time implementing them. The second reason is such protocols need to be available for global vetting. With thousands (or hundreds of thousands) of developers pouring over the code, those protocols will wind up more robust and secure.
Finally, making these protocols open source guarantees that no single entity can control how the protocols are developed or used. This should go a long way to prevent any one large company, with a vested interest in a singular bottom line, from preventing smaller companies from using the protocols with their software.
The ToIP foundation will initially host four Working Groups:
Technical Working Stack Group
Governance Stack Working Group
Utility Foundry Working Group
Ecosystem Foundry Working Group
The Technical Working Stack Group and the Governance Stack Working Group are charged with building out and hardening the tech and governing side of the stack, while the Utility Foundry Working Group and Ecosystem Foundry Working Group will serve as communities of practice for any project looking to collaborate with any part of the ToIP ecosystem.
The ToIP Foundation will host a digital launch event at 9AM PT on May 7, 2020. This event will feature a panel discussion, interoperability demonstration, and a Q&A. To register for the event, visit the official Zoom registration page. A second event will be held for the APAC region.
How to become a cybersecurity pro: A cheat sheet (TechRepublic)
Mastermind con man behind Catch Me If You Can talks cybersecurity (TechRepublic download)
Windows 10 security: A guide for business leaders (TechRepublic Premium)
Linux, Android, and More Open Source Tech: More must-read coverage (TechRepublic on Flipboard)