Inferensys

Glossary

Trust over IP (ToIP) Foundation

A global consortium defining a complete governance and technical architecture stack for decentralized digital trust using a dual-layer model of governance and technology.
Governance lead reviewing model governance framework on laptop, policy documents visible, executive office setup.
GOVERNANCE STACK

What is Trust over IP (ToIP) Foundation?

The Trust over IP (ToIP) Foundation is a global consortium defining a complete, dual-layer architecture for decentralized digital trust, separating governance frameworks from the underlying technology stack.

The Trust over IP (ToIP) Foundation is a non-profit consortium hosted by the Linux Foundation that defines a comprehensive, dual-layer architecture for establishing decentralized digital trust. Its core innovation is the strict separation of a Governance Stack (human trust, legal frameworks, and business rules) from a Technology Stack (cryptographic protocols, Decentralized Identifiers (DIDs), and Verifiable Credentials (VCs)). This model enables interoperable trust ecosystems where parties can rely on verifiable governance authorities without being locked into a single technical implementation or centralized platform.

The ToIP stack spans four distinct layers: Layer 1 establishes public utilities like decentralized ledgers; Layer 2 enables peer-to-peer DIDComm messaging; Layer 3 handles credential exchange; and Layer 4 governs the application ecosystems. By standardizing the interfaces between these layers, the Foundation enables Self-Sovereign Identity (SSI) at scale, ensuring that digital trust is cryptographically verifiable, jurisdictionally aware, and interoperable across industries such as finance, healthcare, and supply chain.

ARCHITECTURAL FOUNDATIONS

Core Design Principles

The Trust over IP Foundation defines a complete, dual-stack architecture separating governance frameworks from the technical protocols required for decentralized digital trust. These core principles ensure interoperability, security, and human-centric control across any identity ecosystem.

01

Dual-Stack Architecture

ToIP separates digital trust into two distinct, parallel layers: a Governance Stack and a Technology Stack. The Governance Stack defines the human rules, business policies, and legal frameworks that govern a trust ecosystem. The Technology Stack defines the cryptographic protocols, data models, and communication mechanisms that enforce those rules technically. This separation allows a single governance framework to be implemented across multiple underlying technologies, and conversely, a single technology platform to support multiple governance regimes. The two stacks are bound together at the Trust Spanning Protocol layer, which acts as the interface contract between human intent and machine execution.

2
Parallel Stacks
03

Technology Stack Levels

Mirroring the governance hierarchy, the Technology Stack provides the concrete technical specifications at each corresponding level:

  • Level 1: Utility Layer — The decentralized public key infrastructure (DPKI) and verifiable data registries, such as distributed ledgers or the KERI protocol, that anchor cryptographic trust without a central authority.
  • Level 2: Credential Layer — The W3C Verifiable Credential data model and specific signature schemes like BBS+ or AnonCreds that enable tamper-proof, privacy-respecting digital credentials.
  • Level 3: Agent Layer — The software components, such as Digital Identity Wallets and enterprise agents, that manage keys and credentials on behalf of a DID subject, communicating via the DIDComm v2 protocol.
  • Level 4: Application Layer — The user-facing applications and services that consume verifiable credentials to make trust decisions, such as a border control kiosk or a bank's loan origination system.
4
Technology Levels
05

Decentralization by Design

ToIP mandates a shift from centralized, federated identity models to a decentralized by default architecture. This principle is embodied in the use of Decentralized Identifiers (DIDs) which have no dependency on a central registration authority. The architecture supports multiple DID methods, allowing an ecosystem to choose the underlying verifiable data registry that fits its governance model—whether a public blockchain, a permissioned ledger, or a ledger-independent system like KERI. This design eliminates single points of failure, prevents vendor lock-in, and ensures that the identity owner remains at the center of control, aligning directly with the principles of Self-Sovereign Identity (SSI).

100+
Registered DID Methods
06

Privacy and Minimal Disclosure

A core design goal of the ToIP stack is to mathematically enforce data minimization. The architecture natively supports advanced cryptographic techniques that allow a holder to prove a claim without revealing the underlying raw data:

  • Selective Disclosure: A holder can share only the specific attributes required for a transaction, such as proving they are over 18 without revealing their exact birthdate.
  • Zero-Knowledge Proofs (ZKPs): Using signature schemes like BBS+, a holder can derive a proof that a verifier can cryptographically validate without the holder ever revealing the original signed data or a correlatable identifier.
  • Peer-to-Peer Communication: The DIDComm protocol ensures that credential exchanges happen over encrypted, off-ledger channels directly between parties, preventing data brokers or intermediaries from observing the transaction.
TRUST OVER IP

Frequently Asked Questions

Clear answers to the most common questions about the Trust over IP Foundation's architecture, governance model, and role in decentralized digital trust infrastructure.

The Trust over IP (ToIP) Foundation is a global consortium hosted by the Linux Foundation that defines a complete governance and technical architecture stack for decentralized digital trust. It solves the fundamental problem of establishing interoperable trust between parties who may have no direct relationship, moving beyond siloed identity systems to a universal framework where credentials issued by any trusted authority can be verified anywhere. The Foundation addresses the gap between cryptographic trust (proving you control a key) and human trust (proving the key holder is authorized to act in a specific role) by layering governance frameworks on top of technical protocols. Its membership spans governments, enterprises, and non-profits working to ensure that digital trust infrastructure is open, standards-based, and globally interoperable rather than controlled by any single platform or jurisdiction.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.