2 minWelcome & Antitrust Policy NoticeJudith Fleenor
3 min Announcements & IntroductionJudith Fleenor
45 minDesign Principle Review
10 minQ&A


  • Recording


  • Presentation (Google Slides)


Judith Fleenor introduced the meeting with the Anti Trust rules governing our ToIP Foundation and then walked the members through the agenda and she shared the updates on our new members. This is a special topics meeting about our Foundational Documents–TrustOverIP Foundation White Paper V2.0 and Design Principles for the ToIP Stack V1.0Judith Fleenor reminded the attendees where the documents reside internally and on our website ( & She introduced the co-writers and co-editors, Wenjing Chu Victor Golubkovand Drummond Reed

Wenjing Chu introduced the agenda to review the introduction to the context, the stack and the format of the 17 design principles and then follow up with a Q&A session. Victor Golubkov kicked off the meeting with an introduction, he mentioned the demographics of the contributors to our design principles stack. He noted the global representation we have within our efforts and the common language across the efforts, globally, from ToIP. He explained that these design principles terms are defined by the terms wiki to reference as needed. Victor Golubkov explained that each principles has a name, a description and a table/explanation on how the principle is related to the stack. The stack was created with two halves and four levels. Drummond Reed provided this link as a reference:

Wenjing Chu shared the design principles that illustrates the wet and dry principles from a governance and technology stacks across all four layers. He started with the Design Principle #1 for maximum utility and adaptability, the best place to put intelligence and processing is at the endpoint of a network and not in the communication subsystems that connect those endpoint; this enables scalability and compatibility. We want to add a trust level to the internet, while following the same principle for the transportation level, enabling evolution overtime. This is where Level 2, peer to peer, comes into play. If connectivity is held up as the highest goal–as it was with the design of the Internet–then every design decision about the ToIP stack will be made in favor of interoperability. Connectivity is it's own reward in Layer 2 because this is where the end to end connectivity happens. Design Principle #3 discusses the shape of the model. It represents an hour glass model and in a layered protocol architecture, the most successful design takes an hourglass share where a single "spanning layer" in the middle connects a family of higher-level application facing protocols with a family of lower-level transport protocols.  Here we add a trust level and an IP spanning layer in the middle. The hourglass model is critical for Layer 2. Design Principle #4 is built to be trusted by all parties, a global network cannot favor any single centralized service or authority, it must allow functionality and authority to be distributed as a widely as possible. The intention is decentralization by design and default. the idea of decentralization is designed intentionally to help ensure reliability to withstand disasters. Design Principle #5 is about Cryptographic Verifiability as part of digital trust, messages and data structures exchanged between parties should be verifiable as authentic using standard cryptographic algorithms and protocols. We need new authenticity and integrity capabilities that can be universally applied to common internet services. This principle needs to be baked into every layer. Principle #6 is about Confidentiality by Design and Default which covers parties communicating over ToIP protocols should expect communications to be secure, private and confidential without any special thought or action required on their part. the principle of confidentiality be design and default means applying BOTH privacy bt design and default and security in all different layers. We need the entire solution in each layer have this principle applied to. Design Principle #7 on the technical side, is Keys at the Edge which is designed to maximize security, privacy, and confidentiality, cryptographic private keys should be stored at the edges of the network, not on the intermediate nodes. e can logically conclude that keys should be kept at the edge, which ensure the user is in control.

 Drummond Reed will speak on the governance principles, starting with #8, Trust in Human and the trust in a psychological relief held by people who individually or collectively need to act on that belief in order to make risk decisions. He shared a proposed model of trust. Layer #9  is Trust is Relational and is between a subject–a person or a group of people–and an object–which can be anything about which the subject needs to make a trust decision. The relational nature of trust matters most in layer two where we form peer to peer connects and layer three the protocols for verifiable credentials. Design Principle #10 is Directional and while many trust relationships are bi-directional, each direction is independent. In other words, is A trusts B, it does not mean B trusts A. Design Principle #11 is about Contextual nature of trust. A trust relationship exists in a specific context, and it should note be assumed outside of that context. In other words, if A trust B in context X, it does not mean A trusts B in context Y. Verifiable credentials are a great way to do this. Principle 12 is about Limits, in the human perception of trust, every trust decision has a trigger point along a continuum that ends at a limit point. The limit point where risk exceeds reward. Principle #13 Trust can be Transitive, if a first party trusts a second party who in turn trusts a third party in the same context, then the first party can have some degree of trust in the third party in that context. We illustrate this with the verifiable trust diagram and the trust triangle diagram that enables scalability and interoperability across many ecosystems. Principle #14 is Trust and Technology has Reciprocal Relationship that illustrates technology an only help humans build trust if humans trust the technology. This feeds a vicious cycle: the less trust we have in the Internet, the harder it is to use it as a tool to build trust–and the worse the problem becomes. Principle #15 is about Ethical Values, the ToIP Stack has a strong ethical dimension. Design is with a commitment to ethical values, principle first. It enables safety, privacy, autonomy and values accessibility, reliability, functionality and economics and is relevant at each layer of the stack. Design Principle #16 design for Simplicity means that the simpler the design of a protocol, the more likely it is to be successful. The last principle is #17 which addresses Constant Change and is the only constant on the Internet is change so we must design for it! In order to prepare for constant change, we need minimal dependencies on the lower layers and they apply at each layer. 

Drummond Reed shared that the best way to provide feedback to the principles is to utilize the slack channel for design principles and second, we can set-up a wiki page for ideas and thoughts, as this is a living document. Steve Magennis offered kudos to the team who put this together and collaborated on this work and effort. 

Judith Fleenor thanked the presenters from today and provided some quick updates regarding the DID Korea Conference next week on Feb. 22 that's a virtual event ( Judith Fleenor also mentioned the Internet Identity Workshop and provided a link and discount information. 

  • No labels