The ToIP Trust Registry Query Protocol (TRQP) is a standardized protocol designed to enable interoperable querying of trust registries within digital identity ecosystems. This protocol provides a consistent way to access authoritative information about trust relationships and authorizations across different trust communities.
At its core, the TRQP enables participants to query whether specific entities hold particular authorizations within a defined governance framework. It acts as a bridge between governance frameworks and technical implementations, allowing systems to programmatically verify trust relationships.
Key features include:
- Read-only query operations for checking entity status and authorizations
- Support for discovering related trust registries
- Configuration and metadata queries about supported capabilities
- Registry-of-registries functionality to enable transitive trust
- Standardized response formats and error handling
The protocol is intentionally simple to facilitate rapid integration while maintaining security and governance alignment. It focuses solely on retrieving information, with all create/update/delete operations handled by underlying systems of record.
Purpose and Scope:
- Provides a standardized interface for querying trust registry information
- Enables verification of entity authorizations within governance frameworks
- Supports discovery of trust relationships between registries
- Limited to read-only operations to maintain simplicity
Key Technical Specifications:
- Uses REST/HTTP interface with
OpenAPI specification
- Requires HTTPS endpoints for all implementations
- Supports point-in-time historical queries
- Returns standardized status values and timestamps
- Implements standardized error codes and handling
Implementation Requirements:
- Must maintain service at specified HTTPS URI
- Must support entity authorization status queries
- Must return standardized response formats
- Must include required timestamp values
- Must implement specified error handling
Security Considerations:
- All endpoints must use HTTPS
- Implementations may restrict access through authentication
- Response data must be cryptographically verifiable
- Governance frameworks define access control policies
Interoperability Features:
- Standardized query/response formats
- Common status values and error codes
- Support for multiple authorization types
- Registry-of-registries capability
- Service profile support for capability discovery
Current Adoption Status:
- Specification is currently in implementers draft status
- Open for community feedback through 2024-06-03
- Multiple reference implementations in development
- Growing adoption within ToIP Foundation community