Structure of the Trustnet

The three pillars of the Trustnet

The Trustnet offers an ecosystem with three central pillars: The Trustnet Framework, the Trustnet Community and the digitization of the existing trust basis. Below you will find out what the individual components stand for and what role they play in the Trustnet.
A pyramid with Trustnet written on it on top of the three pillars: Trustnet Framework, Trustnet Community and Digitalisation of the existing trust foundation

The Structure of the Trustnet

The implementation of the Trustnet requires the growth of an ID ecosystem with issuers, ID holders, acceptance centres, modifiers and ID services as the basis for a large number of application ecosystems. This is a long-term process and a global task for society as a whole. Initially, the Trustnet will be built on three pillars. As a structural aid and set of rules with standards for the secure interaction management of digital identities and digital proofs, the trust framework is intended to stimulate the emergence of this ID ecosystem in which various ID services can coexist. The Trustnet will connect the existing world of centrally managed basic identities including eID and the new SSI world. The idea of this bridge has already been incorporated into the eIDAS amendment. The trust framework should also ensure technical, semantic and organisational interoperability so that credentials can be verified regardless of the type of wallet app and the respective basic technology or data infrastructure used in the trust domain. This idea is not yet sufficiently developed in existing trust frameworks or those currently under development, such as the Canadian PCTF, the US NIST 800-63 or the corresponding EU activities (eIDAS amendment). A new draft based on this work is therefore required for the development of the Trustnet.
Minimum functional requirements for technical solutions of the actors within the Trustnet

Verification functionality

It must be possible to release and automatically check individual secured attributes, even without clear identification being possible

Interoperability

Technical, semantic and organizational/legal interoperability

Representation ability

In addition to wallets for providing simple identification and proof, wallets and verifiable credentials are also needed for mapping personal and legal relationships

Privacy tools

Privacy tools for filtering and binarizing the information content of attributes or for specifying the conditions for the release and use of verifiable information.

ID functionality

The secure automated identification of an actor must be possible if necessary. To this end, means of identification should be available at all levels of trust for every type of actor
Minimum functional requirements for application processes within the trustnet

Participants

Secure and clear proof of the identity characteristics of all actors involved in the process that are sufficient for the respective application.

Traceability

Verifiability of all information exchanged within the process.

Clarity

Clear definition of the process flows, roles, rights, control bodies and regulations including the sanctioning mechanisms within the application ecosystem.

Adaptability

Adaptability of data processing to the applicable legal framework (data rights, data protection law, confidentiality, compliance, etc.).

Redundancy

Optional redundancy, i.e. the possibility of checking the truthfulness or topicality of information if necessary.
The discussion among experts and politicians to date has focussed heavily on the technical aspects of issuing sovereign digital means of identification and other credentials in a wallet. However, it is evident that the above-mentioned functional and process-related requirements can neither be fulfilled by the availability of the eID / PID alone, nor by issuing other verifiable credentials alone. The design of an ID ecosystem requires a structured, holistic view on the one hand and a detailed consideration of the digital application processes over the entire life cycle of the required credentials on the other. The basis for the holistic approach is the Trustnet stack already mentioned and shown in Fig. 1, which is largely based on the Trust Over IP stack developed by the Trust Over IP Foundation1. Given the complexity of the topic, the stack is intended to serve as an orientation aid for structuring the discussion. The technical part of the ID ecosystem is levels 1 and 2 and the organisational part of the ID ecosystem is the ID solutions for all players at level 3. The ID ecosystem thus forms the basis for the application ecosystems at level 4.
A table showing the different levels of trust, based on either technology or governance
Fig. 1: Trustnet stack
The trustnet is created through the interlinking and interaction of many thematically and/or geographically separated digital trust domains under a common trust framework. The trust framework is also intended to stimulate the digitalisation of application-specific governance (sets of rules for existing trust domains and application ecosystems). The trustnet stack makes it clear that for every planned application, not only the technical components to be used must be defined on all four levels shown. Governance must also be regulated and organised at all four levels of the trustnet stack. In addition, the necessary data infrastructures (trust registries) must be defined, implemented and maintained, and sovereignty over the trust framework and its further development must be organised. Governance authorities must be defined or newly established for this purpose. Governance authorities already exist at the level of the trust domains and at the level of the application ecosystems, which make the corresponding rules in the real world and monitor their enforcement. These actors are also the logical choice when it comes to digitalisation. At the trust domain level in Germany, for example, the Federal Ministry of the Interior is the governance authority for the ID card and therefore logically also for the eID. For concert tickets, the respective organiser is the governance authority. At the level of basic digital technologies and at the level of digital relationships there are still no governance authorities because this area is still very young, highly dynamic and not regulated by law. New governance authorities need to be founded or established here. However, international working groups already exist, such as the Decentralised Identity Foundation (DIF), World Wide Web Consortium (W3C), OpenID Foundation, Trust over IP Foundation and Open Wallet Foundation, whose preliminary work on standardisation and interoperability can and should form the basis for the regulatory and certification work of future governance authorities. In addition, the ID ecosystem also needs service structures, i.e. trustworthy players must be found to provide the necessary services (ID services, trust services, certifications, knowledge and technology transfer, etc.) in accordance with the common set of rules. All these tasks require the organisation of a Trustnet Community, guided by a canon of shared values. The formation of this community is one of the objects of the Trustnet initiative. The mission of the Trustnet Community as a central pillar includes the creation, application and dissemination of the Trustnet Framework as a medium-term objective.

Trustnet Community

At the level of basic digital technologies and at the level of digital relationships, however, there are still no governance authorities because this area is still very young, highly dynamic and not regulated by law. New governance authorities must be founded or established here. However, there are already international working groups such as the Decentralized Identity Foundation (DIF), World Wide Web Consortium (W3C), OpenID Foundation, Trust over IP Foundation or Open Wallet Foundation, whose preparatory work on standardization and interoperability can and should become the basis for the regulatory and certification work of future governance authorities. In addition, the ID ecosystem also needs service structures, i.e. trustworthy actors must be found who take on the necessary services (ID services, trust services, certifications, knowledge and technology transfer ...) in accordance with the common set of rules. All of these tasks require the organization of a Trustnet community, guided by a canon of common values. The formation of this community is one of the subjects of the Trustnet initiative. The mission of the Trustnet Community as a central pillar includes the medium-term objective of creating, applying and disseminating the Trustnet Framework.
Digitization of the existing trust basis
Further aspects come into the spotlight when taking a concrete and structured look at applications and associated processes. How can the social welfare office of the city of Munich trust a digital notice of unemployment benefit issued by the labour office of the city of Berlin? Why should a potential employer trust a Master's certificate issued digitally by the Dresden University of Applied Sciences? How can the issuer of these credentials be verified? Answering these questions inevitably leads to the necessary third pillar of the trust network, the digitalisation of the existing trust basis in the real world, i.e. the targeted development of a digital trust cascade (see Fig. 2). This initially involves defining the digital identities of sovereign users who act as trusted issuers as uniformly as possible, including the necessary data infrastructure in the form of trust registers. The same applies to the existing basis of trust in the area of legal entities. Secure ID solutions not only for natural persons, but also for sovereign users such as authorities and offices, for companies and organisations and for smart objects create initial trust in the Trustnet based on existing trust mechanisms in the real world. The SSI mechanisms and verifiable credentials then connect these four stages and form digital chains of trust between the users. By implementing this digital trust cascade using a large number of use cases / business cases, an initial Trustnet can be created that scales across the range of application ecosystems and via nationalisation / internationalisation.
Graphic showing the trust hierarchy of the trustnet, starting with legal institutions and ending with single objects
Fig. 2: The digital trust cascade (pillar 3)
The second part of this digital transformation concerns the digital organisation of existing trust domains in the real world. For example, an existing interest group may need to coordinate with the associated supervisory authority to determine which proofs should be issued and accepted in which digital format (VC scheme) in future and who will take over which service structure within or outside the trust domain. Trusted issuers and verifiers must adapt their processes accordingly from a technical perspective, because the ID ecosystem needs organisational trust anchors in the form of the authority and secure processes of state parties for issuing means of identification (eIDs, company IDs, municipal IDs, etc.) and credentials (register extracts, notifications, etc.), as well as a network of different trust mechanisms between the users that can be identified and authenticated internationally, which are reflected in many different types of secure processes and different technical implementations. Without a large number of verifiers and the technical, organisational and legal integration of digital IDs and credentials into their processes, the issuing of eIDs and VCs is of no use. However, the digital organisation of existing trust domains also requires application-specific, secure data infrastructures at levels 3 and 4 of the Trustnet stack that take the above-mentioned requirements into account. Due to the different regulatory frameworks for administration and business on the one hand and in different countries on the other, it is clear that both public key infrastructures and DLT- and blockchain-based infrastructures have their place in the Trustnet and will serve different trust levels and/or trust domains. The major challenge in establishing the ID ecosystem lies in the cross-border technical and regulatory harmonisation of all these aspects.
© 2023 All rights reserved Innoloft GmbH
Logo