This is the home page of the ToIP Governance Architecture Specification, a draft deliverable of the ToIP Governance Stack Working Group (GSWG). When this specification becomes a ToIP Approved Deliverable, it will be published as a PDF in the Tools and Specifications section of the ToIP website.
To comply with the intellectual property rights protections in the charter of the ToIP Foundation (as required by all Joint Development Foundation projects hosted the Linux Foundation), all contributors to this draft deliverable MUST be current members of the ToIP Foundation. The following contributors each certify that they meet this requirement:
The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.
All terms appearing in bold on this page are listed in either the ToIP Core Glossary (based on the ToIP Core terms wiki) or the ToIP Governance Glossary (based on the GSWG terms wiki.) For more information see the Terms Wiki page of the Concepts and Terminology Working Group.
The purpose of this ToIP specification is to specify the standard requirements that apply to all ToIP-compatible governance frameworks (GFs) regardless of their layer in the ToIP stack.
The technical counterpart to this specification is the ToIP Technology Architecture Specification. |
The overall purpose of the ToIP governance stack is to enable users of the ToIP technology stack to make trust decisions (especially those requiring transitive trust) based on GFs that include both human-auditable requirements and machine-testable requirements. While GFs are expected to be specialized for all four layers of the ToIP stack, certain interoperability requirements apply to all ToIP-compliant GFs regardless of layer. The goal of this specification is to specify those interoperability requirements in one place.
The GSWG has developed a single metamodel for GF documents called the ToIP governance metamodel. Because it brings together all requirements for the structure and content of ToIP-compliant GFs in one place, it is defined in a separate specification. All ToIP-compliant GFs MUST conform to the requirements of the ToIP Governance Metamodel Specification.
To support transitive trust across trust boundaries, ToIP-compliant GFs and their components and authorities need to be identified by persistent, verifiable globally-unique identifiers.
versionId
parameter value MUST be assigned for every version of the identified document.resource
parameter with a value of true
MUST return the identified document directly.versionId
parameter value, it MUST return the current version of the identified documentversionId
parameter value, it MUST return the identified version of the identified document.versionId
parameter value for a version that does not exist, it MUST return a "Resource Not Found" error.To support the verifiability needed for transitive trust, the following verification requirements apply to ToIP-compliant GFs:
To support the transparency needed for transitive trust, a publicly-available ToIP-compliant GF:
alsoKnownAs
property whose value is the publicly-accessible URL.To support the interoperability needed for transitive trust, a publicly-available ToIP-compliant GF: