Ecosystem Trust Profiles

TL;DR

This paper introduces a method for digital ecosystems to autonomously define and share trust profiles, enabling cross-ecosystem trust and interoperability while preserving sovereignty, with theoretical and practical implications.

Contribution

It presents a novel framework for ecosystem trust profiles, defines trust relations, and addresses the cross-ecosystem trust dilemma with formal proofs and a focus on data space interoperability.

Findings

Trust profiles enable autonomous trust management.

Two definitions of credential equivalence are proposed.

Interoperability correlates with commonality in trust profiles.

Abstract

We define a method how digital ecosystems (including data spaces) may autonomously define and "advertise" credentials they issue or they trust in the form of so-called ecosystem trust profiles. An ecosystem trust profile collects all (verifiable) credentials and issuers sorted by trust scope accepted ("trusted") by a particular ecosystem. We then show how a minimal trust relation between ecosystems may be defined using ecosystem trust frameworks of different ecosystems and explore a few of its properties. A first application of the theory is given for a use case in the manufacturing realm where different international ecosystems need to agree on certain credentials for various scopes of trust such as identity, service compliance, and other conformance standards. We implement this requirement by identifying and discussing two different definitions of credential equivalence for a given trust scope, one requiring additional cross-ecosystem governance or coordination, one not. The second approach demonstrates how to solve the so-called cross-ecosystem trust dilemma, that is, the problem how ecosystems can establish cross-ecosystem trust while, at the same time, allowing them to fully retain their sovereignty. A fragility theorem demonstrates that this sovereignty leads trust to be unstable without any additional coordination or governance mechanisms on top of (and outside to) ecosystem trust profiles. We extend our method to data spaces in particular and propose a novel rigorous definition of cross-data space interoperability. This allows us to prove the proposition that the extent of interoperability between two data spaces is exactly determined by the amount of commonality in their respective ecosystem trust profiles.