This article describes the role that the Sovrin Foundation and associated groups play in governing, operating, and using the Sovrin Network. The Sovrin Network is designed and intended to be decentralized so understanding the key influence points and community groups is important.
In Decentralized Governance in Sovrin, I wrote:
The Sovrin Network is a global public utility for identity that we all own, collectively, just like we all own the Internet.
When I say Sovrin is "public," I mean that it is a public good that anyone can use so long as they adhere to the proper protocols, just like the Internet. Sovrin is created through the cooperation of many people and organizations. Enabling that cooperation requires more than luck. In Coherence and Decentralized Systems, I wrote:
Public spaces require coherence. Coherence in Sovrin springs from the ledger, the protocols, the trust framework, standards, and market incentives.
In that post, I describe how these components combine to create the coherence necessary for Sovrin to thrive. The Sovrin Foundation is the organization we’ve created to accomplish the work necessary to bootstrap the components necessary for coherence and launch a global public utility.
The Vision and Mission of the Sovrin Foundation
The vision for the Sovrin Foundation is “Identity for All”. Thus its mission is to enable access to permanent digital identity for all—both people and organizations—by building, administering, and promoting a decentralized, public, global identity utility. This new type of digital identity, which I call a multi-source identity, is owned and controlled by the individual or organization, and is not accountable to or administered by any particular agency or other intermediary. No one can take away your digital identity on Sovrin.
In order to achieve that mission, the Foundation has several important objectives:
- Ensure everyone, regardless of circumstance, has access to the Sovrin Network and the utility it entails.
- Protect individual privacy and freedom by promoting digital identity infrastructure not beholden to any government, entity, or agency, and without regard to nationality, citizenship, or any other discriminating factor.
- Support the infrastructure of Sovrin by administering the Sovrin Trust Framework, recruiting and assisting Sovrin Stewards in operating the network, and leading the open-source community effort that develops and builds the Sovrin protocol and the code that embodies it.
- Lead thought and action in the advancement and acceptance of self-sovereign identity and the network on which it is built.
To achieve these objectives, the Sovrin Foundation is organized as a non-profit led by a diverse, volunteer Board of Trustees who represent identity owners worldwide. Sovrin is not a membership organization or an industry association, two common forms of non-profit. Rather it is a social welfare organization. We chose that model because it most closely fits with the Foundation’s mission.
Presently, funding for the Sovrin Foundation comes from donations. Ultimately, our goal is that the Foundation be self-sustaining through minimal fees on network transactions.
The Foundation is governed by three complimentary agreements:
Organization of the Sovrin Foundation
The Sovrin Foundation is organized to achieve the objectives outlined above. Like any other organization, the exact structure evolves based on needs and resources, but it generally comprises four kinds of bodies:
- Foundation governance bodies that are formally defined in the Bylaws, Board-approved charters, and Trust Framework.
- Working groups comprised of volunteers who come together to solve specific problems. Some working groups are long-lived and others exist only for a specific period of time.
- Communities formed by specific roles defined by the Sovrin Trust Framework.
- The Sovrin Alliance, a set of people and organizations who have signed up with the Foundation to explicitly offer support for Sovrin.
Overall, we strive for diversity in participation and a balance of power that all voices are heard in support of the principles of Sovrin, particularly the principle of diffuse trust.
Foundation Governance Bodies
Board of Trustees—The Trustees are the approving body for decisions about the Foundation. As the Sovrin Foundation bootstraps itself, the board is self organizing (per the bylaws) but will eventually be chosen through a vote of people aligned with Sovrin’s purposes. The exact process is yet to be determined.
Technical Governance Board—The Technical Governance Board (TGB) is responsible for governing the technical design, architecture, implementation, and operation of the Sovrin Network as a global public utility for self-sovereign identity. The TGB charter has more details on how they accomplish this mission. One of the key tasks of the TGB is to review the technical qualifications of Steward candidates to ensure they meet the requirements and principles in the Sovrin Trust Framework.
Economic Advisory Council—The Economic Advisory Council advises the Board of Trustees on the financial sustainability of Sovrin Network, and specifically on the design and governance of the Sovrin token ecosystem.
Identity for All (I4A) Council—The I4A Council supports the Sovrin Foundation’s mission of inclusive identity by working to extend the benefits of Sovrin to those populations who need an independent digital identity, but who are unlikely to be provided one via a commercial relationship. This includes the estimated 1.1 billion people worldwide—mostly in the Global South—who currently lack a state-based or other widely-recognized identity credential.
Executive Committee—The Executive Committee is empowered by the Board of Trustees to review issues and make preliminary decisions for the board to consider. The Executive Committee functions as a steering committee that can make quick decisions when having the entire board meet would be impractical.
Steward Qualification Committee—The Steward Qualification Committee (SQC) is responsible for reviewing steward applications to ensure that potential stewards are qualified in accordance with the requirements and principles laid out in the Sovrin Trust Framework. They make their recommendations to the Board of Trustees.
Audit and Finance Committee—The Audit and Finance Committee is a subunit of the Board of Trustees that performs critical functions in ensuring the integrity of the financial reporting process, oversees the process for identifying and addressing financial and related risks, and ensure the Foundation has appropriate policies and programs to prevent and detect fraud.
Trust Framework Working Group—The Trust Framework Working Group is a group of volunteers who work along with Sovrin Foundation staff to develop the Sovrin Trust Framework. Currently the largest working group, it consists of four subteams that meet regularly to evolve the set of documents that set forth the purpose, principles, and policies (business, legal, and technical) that serve as the “constitution” of the Sovrin Network.
Agent Working Group—The Agent Working Group is organized in the Hyperledger Indy Project and comprises a group of volunteers who work along with Sovrin Foundation staff to develop the agent protocol and the code necessary to support it. The Agent WG meets regularly and is open to anyone who is interested in helping define the peer-to-peer agents who form the heart of Sovrin Network’s transactional capability.
Other working groups are created from time-to-time as necessary to help define and design Sovrin Network functionality. These working groups may be part of the Sovrin Foundation or part of the Hyperledger Indy project depending on their nature.
Communities Defined by the Sovrin Trust Framework
The Sovrin Trust Framework defines the following specific roles that an individual or organization may play in the Sovrin ecosystem. These roles give rise to communities or constituencies that work with and influence Sovrin and the Foundation. Note that in many cases an individual or organization may play more than one role.
Identity Owners—Every person or organization who uses Sovrin is an identity owner. As a social welfare organization, the Foundation is responsible for upholding the principles of the Trust Framework on behalf of identity owners and ensuring that they have access to the Network for any legitimate use. The Sovrin Trust Framework says identity owners may be held legally accountable for their actions, so identity owners can’t be animals or inanimate objects.
Stewards—The Sovrin ledger is operated by Stewards, trusted organizations within the ecosystem who have agreed to abide by the requirements in the Sovrin Trust Framework and are responsible for operation the nodes that maintain the Sovrin distributed ledger. Stewards also, as a group, accept or reject any changes to the ledger-specific portions of the Sovrin open source code by virtue of that role. They thus provide a counterbalance to the Sovrin architects who maintain the Indy code base.
Trust Anchors—Trust Anchors are identity owners who serve as a starting point in the Sovrin Web of Trust. In the Sovrin Web of Trust Model, there are two types of trust anchors:
- Sovrin Trust Anchors are invited by the Sovrin Foundation or by a Steward. They protect access to the Sovrin Public Ledger for everyone in the Sovrin community. A Sovrin Trust Anchor can invite new Identity Owners to the Sovrin Network.
- Domain Trust Anchors are appointed under a domain-specific trust framework, such as the credit unions that operate under CULedger's MyCUID Trust Framework.
A Sovrin Trust Anchor must meet the Trust Anchor Qualifications and agree to the Trust Anchor Obligations defined in the Sovrin Trust Framework. All Stewards are automatically Sovrin Trust Anchors.
Agencies—Agencies are service providers (commercial, governmental, non-profit, or self-hosted) who host Sovrin cloud agents on behalf of Identity Owners.
Developers—Since the Sovrin Network relies on several open-source code bases, developers are a particularly important community in the Sovrin ecosystem, as I wrote in Decentralized Governance in Sovrin:
Developers from around the world collaborate to design and build the code that makes Sovrin work. Their decisions are governed in the way of most open source projects: rough consensus and running code with pull requests accepted by a core set of developers who manage the code base. Code embodies the rules that make up the Sovrin protocol. Since the protocol is a critical component of Sovrin governance, how decisions are made about the code is a key component of ensuring Sovrin is governed well.
The Sovrin Alliance is an association of people and organizations who are willing to state publicly that they agree with the principles enumerated in the Sovrin Trust Framework. The Alliance is still in the formative stages, but we anticipate that it will have an important role to play in the long term governance of Sovrin.
Alliance Members—Alliance members join because they believe in the principles enumerated in the Trust Framework and are willing to publicly commit to them and support of Sovrin.
Sovrin Alliance Advisory Council—The Sovrin Advisory Council is a group of people and organizations in the Sovrin Alliance who have an interest in Sovrin and are willing to lend their expertise to help the Foundation.
Decentralization and Governance in Sovrin
Sovrin is sometimes accused of being “centralized” because people see the Foundation as a controlling force that might promote collusion. But Sovrin’s governance isn’t in conflict with decentralization; but rather supports it—what we call “Decentralization by Design”. The Trust Framework makes the principles that are important to Sovrin explicit and the open process allows anyone to determine whether or not they’re being followed. This provides accountability that resists collusion.
The Sovrin Network is governed by a collection of organizations and people who make independent decisions based on the principles in the Sovrin Trust Framework. Some of them write code, some operate validator nodes, some develop policy, and many others make decisions about how they’ll use Sovrin. But all of these people work together through the network to achieve something they can’t do alone: self-sovereign identity. Both the Trust Framework and the Indy code run by all Sovrin Stewards are developed using open, public processes that are carefully designed to reflect these activities.
Participation in Sovrin is open to all. Sovrin does not have "identity providers" because they are entirely unnecessary; identity owners are empowered to create their own identifiers and obtain (or self-issue) and carry their own credentials. No one can remove a person from Sovrin or close their account--there isn’t any account to close.
In place of accounts, Sovrin’s design for multi-source identity provides people with choice and flexibility in using their online identity. No one determines which credentials are supported and which aren’t. No one says which credentials must be issued, presented or accepted. Everyone using Sovrin makes these decisions on their own.
In short, no single entity owns or controls Sovrin, not even the Sovrin Foundation. The Sovrin Network is a global public utility that we all own, collectively, just like we all own the Internet. The public and open nature of Sovrin supports an unprecedented level of autonomy, privacy, security, and control by the people and organizations using Sovrin.
Image Credit: Freifunk Mesh from SimonKurka (CC BY-SA 4.0)