Our vision

The Trustnet Vision

The design goal for the World Wide Web was simple information exchange. The general verifiability of information was not part of the concept. In retrospect, a veritable proliferation of procedures emerged to make actors identifiable and information verifiable, but the resulting multitude of isolated solutions cannot solve the fundamental problem of trust in the digital space. It is time to change the DNA of the World Wide Web. The topic of the community addressed here is the Trustnet - the next evolutionary stage of the Internet. Today's Internet of Information (WWW), which most of us use on a daily basis, already differs from the so-called darknet in terms of the findability/visibility of information. Actors on the darknet create anonymity for themselves, while pseudonymity makes it difficult to identify actors on the WWW. Users' need for trust on the Internet has not yet been adequately met. The Trustnet is therefore intended to create a legally secure digital space through mechanisms for digital trust.
A man sitting in a big room looking up to digital representations of people hovering above him

Our goals

Clear identifiability

Actors from business, administration and society should be clearly identifiable in the course of business processes

Information with value

Information should be verifiable and therefore trustworthy and therefore have value

Legal certainty

Transactions must be able to take place safely and legally

Data sovereignty

Users should have sovereignty over their own data
All of this requires a further development of the Internet in which not only the state, but all service providers, users and stakeholders who require trust in digital interactions must actively participate. We call it Trustnet. The vision of our innovation community is to expand the existing Internet of Information to include this Internet of Values and Originals (Trustnet) - one of the greatest digital challenges of the coming decades.
Definition:
The Trustnet is the universal digital representation of relationships between people, organisations and objects in the real world. It enables trustworthy and legally compliant digital interactions and prevents fakes and fraud. The basis for this is a standardised, scalable trust mechanism for the exchange and verification of digital evidence on any subject matter. This radically simplifies the organisation of and access to open digital ecosystems.
Both privacy and identifiability - weighted depending on the use case - are important requirements in the digital space and are therefore design criteria for the trustnet. Every digital user has the right to provide only as much personal information on the network as they wish. However, trust in someone who conceals their identity is very limited, as pseudonymity and anonymity make it difficult to enforce the law. Trust on the Internet requires transparency and the verifiability of relevant identity attributes. The technological key to this is the combination of the verifiable credentials tool with the principle of self-sovereign identities (SSI). With the SSI principle, any type of verifiable credential can be digitally issued, presented and verified. The resulting universal trust mechanism for exchanging and verifying information is the game changer in the context of the Trustnet, because unlike signed PDF documents, verifiable credentials can be checked with regard to the authenticity of the issuer, recipient and content. They are machine-readable, even with regard to individual attributes, and are also scalable on the Internet thanks to the exchange protocol. Any information that is made available digitally using this method can be automatically checked under various trust issues.
A table comparison between the darknet, the world wide web and the Trustnet
Fig. 1: future expansion of the Internet to include the Trustnet
Differences to the existing World Wide Web
The figure above shows the differences in the implementation of the Darknet, World Wide Web and Trustnet based on the four levels of the Trustnet-Stacks, which is based on the TrustoverIP stack. The basic technology for the assignment of entity and identity in the Trustnet includes cryptographic functions and storage as well as decentralised identifiers (DIDs). To establish digital relationships between users via exclusive communication channels, wallets are used as storage and agents as software for secure communication and role management. These can run as an edge wallet and edge agent on (mobile) end devices or be offered and used as a service in the form of a cloud wallet and cloud agent. At trust domain level, identification, authentication and authorisation in the Trustnet will be standardised in future using verifiable credentials. The verifiability of the authenticity of the issuer, recipient and content of the credentials using a standardised mechanism (SSI principle) is the core element for the development of the trustnet. At the application ecosystem level, the users themselves will determine the rules of the game for digital interactions in future through the control bodies they deploy. A significant technical difference lies in the principle of the exclusive communication channels of the above-mentioned communication system. The figure below shows the principle once for private DIDs and once for the public DID of a sovereign user. The DID as an identifier is comparable to a telephone number. A user can theoretically have any number of DIDs. Exclusive communication channels are created by the fact that a user can be reached by every interaction partner under a different DID (private DID or peer-to-peer DID). However, a public user, for example, can also be accessible to everyone under one DID (public DID). In contrast to the WWW, all these communication channels are not managed by a browser, but by wallet and agent on both sides of the channel. There are various methods for generating and storing DIDs. As long as the assignment of DID to the user can be verified via a DID document in an accessible data infrastructure, it is possible to verify the issuer or recipient of a verifiable credential signed with this DID. If this assignment is not possible in a data infrastructure, the user must use the same DID for all interaction partners that belong to the same trust domain in order to make the issuer or recipient of the associated credential verifiable. If, for example, a user signs a digital SEPA direct debit mandate, the recipient of this credential can only redeem it at the user's bank if the bank can verify the issuer, for which it must either look in its own "telephone directory" or in an online "telephone book".
Graphic showing actors talking to each other using peer-to-peer DIDs.
Graphic showing actors talking to each other using a public DIDs.
Fig. 2: Principle of exclusive communication channels for peer-to-peer DIDs and for a public DID

Footnotes

© 2023 All rights reserved Innoloft GmbH
Logo