Trust Over IP — the governance model PDTF follows
PDTF has publicly committed to the Trust Over IP (ToIP) 4-layer governance model. This is the most consequential governance decision in the project — it shapes what we do not need to invent and what we do need to codify.
"PDTF follows the Trust Over IP (ToIP) governance model, mapping proven internet trust patterns to property data."
Source: source/07-website/related-domains/propdata.org.uk/about.html
Why ToIP — and why not DCAM
DCAM (EDM Council's Data Management Capability Assessment Model) assumes a single accountable enterprise governing data inside its walls. That's not OPDA. OPDA is a federated standards body — its "data" is the agreement between many independent organisations on what data means, how to share it verifiably, and who is allowed to issue or rely on what claims.
ToIP was built specifically for that shape: federated trust frameworks. It has an explicit two-stack model at every layer — one technical stack, one governance stack — and PDTF needs both.
The four layers
PDTF · OPDA · DPMSG
Industry rules and standards"]:::l4 L3["Layer 3 — Credential Exchange
OIDC Verified Claims → VCs
How claims are formatted and shared"]:::l3 L2["Layer 2 — Secure Communication
HTTPS · DIDComm
How data is transmitted securely"]:::l2 L1["Layer 1 — Utility / Network
TCP/IP · IETF standards
Foundation infrastructure"]:::l1 L4 --> L3 --> L2 --> L1
What each layer needs as a governance document
| Layer | Tech stack (PDTF) | Governance document we need |
|---|---|---|
| L4 — Application ecosystems | PDTF rules, OPDA membership, DPMSG decisions, accreditation scheme | Ecosystem Governance Framework — purpose, scope, who decides what, change-management process, conformance criteria |
| L3 — Credential exchange | OIDC + Verified Claims → W3C VCs | Credential Trust Framework — which credentials, which issuers can issue what, validity/revocation rules, presentation format |
| L2 — Secure communication | HTTPS, DIDComm | Communication Governance — required TLS profile, DIDComm version, endpoint discovery, security audit cadence |
| L1 — Utility / network | DID methods (key, jwk, web), trust registry | Utility Governance — which DID methods are allowed, trust-registry data structures, key rotation policy |
Orthogonal governance documents
Cutting across all four layers, ToIP-style trust frameworks need a set of cross-cutting governance documents:
Conformance & Certification
How members prove they meet the standard. Open Banking-style scheme.
Change Management Process
How a schema, overlay, or rule changes — proposal → impact assessment → consultation → release. Templates already exist in trust-framework/docs/.
Data Quality Framework
Verified Claims dimensions (completeness, timeliness, authoritativeness). Maps to JSON Schema validation + VC provenance.
Lifecycle & Versioning
Semantic versioning, deprecation policy, NTS-style retirement when underlying regulation is withdrawn.
Risk & Liability Allocation
Who is liable when data is wrong. Tested in the Sandbox phase.
Disputes & Redress
Process for raising and resolving issues between participants.
What OPDA already has (don't reinvent)
The source/03-standards/trust-framework/docs/ directory already contains:
governance.md— initial governance documentplan.md— programme planproposal.md— change-proposal templateproposal-impact-assessment-form.md— impact assessment templatechange-notification-template.md— non-breaking change noticebreaking-change-notification-template.md— breaking change noticecompliance-and-policy-checklist.md— pre-release checklistaccess-specification.md— access specrelease-version-register.md— version logDraft_ Property Data Trust Framework 2 Specification.md— the new spec being readiedDraft_ PDTF Participant DID Auth OAuth 2 Specification.md— the DID auth pattern
The job isn't to write these from scratch. The job is to:
- Re-bucket them under the ToIP four layers so each layer has a clear governance doc.
- Fill the orthogonal gaps (conformance scheme, liability allocation, disputes & redress).
- Map every document to the UK initiative tier it relates to (MHCLG / DSIT / DPMSG / etc.) so government partners can navigate the framework.
The Open Banking parallel
Worth borrowing patterns from. Open Banking's governance has matured through:
- OBL (Open Banking Limited) — the standards body, separate from regulators
- JROC (Joint Regulatory Oversight Committee) — multi-regulator coordination
- Conformance & certification — annual re-certification, technical conformance suites
- Funding model — cost-recovery through participant fees
- Public consultation for any spec change
- Standards version cadence — predictable release intervals
Raidiam — one of the Sandbox delivery partners — built the Brazil and UK Open Banking infrastructure. They bring the operational patterns into OPDA's Sandbox directly.
Proposed governance document set
The structure I'd propose for source/00-deliverables/governance/:
00-deliverables/governance/
├── 00-context-uk-initiative.md (links to this docs site)
├── L1-utility-governance.md ToIP Layer 1
├── L2-secure-communication.md ToIP Layer 2
├── L3-credential-exchange.md ToIP Layer 3
├── L4-ecosystem-governance.md ToIP Layer 4 — biggest doc
├── conformance-and-certification.md cross-cutting
├── change-management.md cross-cutting (consolidates existing templates)
├── data-quality-framework.md cross-cutting
├── lifecycle-and-versioning.md cross-cutting
├── risk-and-liability.md cross-cutting
├── disputes-and-redress.md cross-cutting
└── strategic-alignment.md how this maps to HMLR/DSIT/DIATF/Open BankingEach document follows the same structure: purpose, scope, what's already in place (citing existing OPDA artefacts), gap analysis, proposed operating model, KPIs.