ToIP 2024 Annual Report

Trust Over IP (ToIP) is a Joint Development Foundation (JDF) project that was founded as a standalone LF project in May 2020 and joined the LF Decentralized Trust (LFDT) umbrella in October 2024.

Since we are an emerging standards project, we do not (as a general rule) manage open source projects. Instead our Working Groups develop specifications, governance models, and guides for decentralized digital trust infrastructure based on an overall architectural model we call the ToIP stack.

For general information about the ToIP stack, we recommend the following foundational documents produced in our first three years:

• The ToIP Model (a visual guide)
• Introduction to ToIP
• Design Principles for the ToIP Stack
• ToIP Technology Architecture Specification

In 2024, this is a list of our active Working Groups (and their acronyms):

1. Governance Stack Working Group (GSWG)
2. Technology Stack Working Group (TSWG)
3. Ecosystem & Governance Working Group (EGWG)
4. KERI Suite Working Group (KSWG)
5. Data Modeling and Representation Working Group (DMRWG)
6. Concepts and Terminology Working Group (CTWG)

For a 2024 status report from each of these WGs, see this Google Slides deck from our final 2024 All-Members meeting focused on Working Group Updates.

Note: this was the last All-Members meeting at which we had our own independent Executive Director, Judith Fleenor. After this meeting, we officially joined LFDT and began working with the LFDT staff.

ToIP Annual Review 2025 Notes from the TAC

TAC Meeting Recording 2025.10.09 -- ToIP Annual report (and Q2 quarterly report) discussion starts at the 10:45 mark.

TAC Reviewers: Diane Mueller (primary), Venkatraman Ramakrishna (secondary)

Assessment Notes from Diane Mueller

Thanks to the ToIP community for preparing and submitting this 2024 Annual Report, and for the additional Working Group updates. I’ve reviewed the materials as a TAC member and wanted to share my assessment of overall project and community health, with links to referenced artifacts.

Strengths:

• Active, diverse community: The All-Members deck notes ~395 organizations and ~180 individual members (slide deck from Oct 16, 2024).

• Deliverables across layers: • ToIP Glossary v1.0 (~400 harmonized terms): https://trustoverip.github.io/ctwg-main-glossary/ • Technology Architecture (Public Review Draft 02): https://trustoverip.github.io/TechArch/ • Trust Spanning Protocol (Implementer’s Draft) and implementation project at OWF Labs: https://github.com/openwallet-foundation-labs/tsp • Trust Registry work (noting refinements referenced in the report; see TSWG pages linked from the TechArch and Glossary above) • Governance role requirements and third-generation diagrams (as referenced in the report; see GSWG pages from the ToIP wiki calendar below) • Ecosystem case study: Bhutan National Digital Identity (NDI): https://trustoverip.org/wp-content/uploads/Case-Study-Bhutan-NDI-National-Digital-Identity-ToIP-Digital-Trust-Ecosystems-V1.0-2024-05-21.ext_.pdf

• Foundational context for newcomers (helpful to TAC reviewers and LFDT community members): • The ToIP Model (visual guide): https://trustoverip.org/toip-model/ • Introduction to ToIP (v2.0, Nov 2021, PDF): https://trustoverip.org/wp-content/uploads/Introduction-to-ToIP-V2.0-2021-11-17.pdf • Design Principles for the ToIP Stack (v1.0): https://trustoverip.org/wp-content/uploads/Design-Principles-for-the-ToIP-Stack-V1.0-2022-11-17.pdf

• Governance maturity under LFDT: migration to LF tooling and election alignment are clear in the deck and on LF/LFX sites: • LFDT umbrella announcement: https://www.linuxfoundation.org/press/linux-foundation-announces-intent-to-form-lf-decentralized-trust • LFX Project Control Center (IDs, calendars): https://lfx.linuxfoundation.org/ • ToIP public meeting calendar (for WG cadences): https://wiki.trustoverip.org/display/HOME/Calendar+of+ToIP+Meetings

Areas to watch

• Implementation signals: Deliverables are moving forward, but quantitative adoption metrics (pilots, deployments, interop results) are not yet visible in the report. Adding even a short “by the numbers” panel (e.g., pilots underway, participating orgs, interop test outcomes) would strengthen future reports.

• Spec maturity: Several outputs remain at Public Review Draft or Implementer’s Draft; clear next steps toward Candidate/Final (with target dates) will help TAC evaluate maturity each quarter.

• Task force hygiene: A few TFs are paused/pivoted/closed; brief one-line outcomes and successor venues (e.g., DIF/W3C/OWF) would make transitions explicit and avoid the perception of fragmentation.

Overall assessment

• Project health: Strong foundational work, steady WG activity, and credible cross-ecosystem alignment. Elevating adoption metrics and spec maturity signals will move this toward bright green.

• Community health: Solid and resilient, with good governance practices and broad participation across multiple WGs (cadence and artifacts are visible via the meeting calendar and public specs linked above).

The TAC should regard ToIP as a strategically important LFDT project that provides the governance and vocabulary backbone for decentralized trust ecosystems across the umbrella.

Notes for Future Project Updates:

Regarding the “Active, diverse community: The All-Members deck notes ~395 organizations and ~180 individual members (slide deck from Oct 16, 2024.” aggregated from https://trustoverip.org/about/members/

When diving into LFX insights on TOIP github activity to compare with the listed TOIP Members for contributor dependency

https://insights.linuxfoundation.org/project/ToIP/contributors?timeRange=past365days\&start=2024-10-03\&end=2025-10-03\&widget=contributor-dependency

3 contributors 52% of all contributions

Could be considered worrisome for a typical LFDT projects

However I believe that what this suggest is not atypical for standards projects as:

1. Core contributor concentration is expected in standardization projects In many standards / protocol groups, a few organizations own much of the implementation burden. The members list is broader than the engineering team.

2. Risk of “bus factor” / knowledge concentration With most code coming from few contributors, turnover or loss of key individuals/teams can affect project continuity.

3. Governance might outweigh coding in influence Some members may exert influence through policy, partnerships, or standards adoption even without contributing code.

4. Opportunity for onboarding & capacity growth Many member organizations may want to contribute but lack ramp-up; there’s room to improve onboarding, mentorship, tools, or incentives to convert members into active devs.

5. Need for attribution hygiene Ensuring GitHub affiliation, recognized contributor roles, and attribution (e.g. via documented “how to get credit”) helps close the perception gap.

Additional Comments from Venkatraman Ramakrishna

Thanks to the ToIP community for preparing their 2025 Annual Report.

I concur with @dmueller2001 's assessment. I believe this project is strategically important to the LFDT as well, and important to the DLT ecosystem as a whole. Participants are very active on LFDT Discord and in the project's working groups, which is a sign of good health.

I recommend keeping ToIP in Incubating status.

A couple of points I wanted to highlight: - I'd appreciate a bit more organization of the repositories within the GitHub organization. A good landing page I believe is essential. From this page, users or potential contributors can branch off to particular repositories for deep dives. Also, having a central location where maintainers' lists and contributors' guidelines are maintained would be good (for everybody's reference). Here, the governance repository may be a suitable location. - There are ways to run standards projects on GitHub (as I've discovered in the past few years as part of an IETF Working Group). This might be more sustainable in the long run and also allows chronological record maintenance of conversations and files over a long term. It'll also make the project more amenable to assessments using LF tools, just like other LFDT projects. So I'd encourage the ToIP maintainers to consider exploring this option. - I just wanted to inquire: if there are any code project spinoffs from the reference specifications produced within ToIP, will they be maintained in LFDT-managed GitHub repositories?