KERI
Standards
HealthKERI products and infrastructure adhere to the following standards, which are currently in public review at Trust Over IP (TOIP) and on track to become ISO standards.
| Acronym | Full Name | Link | Authors | Status |
|---|---|---|---|---|
| ACDC | Authentic Chained Data Containers | ACDC Specification | Samuel Smith | ToIP Draft |
| CESR | Composable Event Streaming Representation | CESR Specification | Samuel Smith | ToIP Draft |
| KERI | Key Event Receipt Infrastructure | KERI Specification | Samuel Smith | ToIP Draft |
Trust Over IP (ToIP)
The Trust Over IP (ToIP) Foundation provides a comprehensive framework for establishing verifiable trust in digital interactions. By defining a layered architecture for interoperable trust solutions, ToIP enables diverse organizations—such as healthcare providers, insurers, and technology vendors—to adopt common standards for identity, security, and governance. These standards underpin the specifications (KERI, ACDC, CESR) currently in review at ToIP.Authentic Chained Data Containers (ACDC)
Authentic Chained Data Containers (ACDC) define a portable format for packaging and linking digital credentials in a tamper-evident way. By chaining data objects and binding them cryptographically, ACDC ensures provenance and authenticity. In healthcare, this format can carry verifiable patient data, lab results, or insurance documents across different systems without compromising security or trust.Composable Event Streaming Representation (CESR)
Composable Event Streaming Representation (CESR) provides a flexible, compact structure for streaming cryptographic evidence of events. It’s designed for interoperability with other standards like KERI, enabling real-time verification of data integrity and authenticity.Key Event Receipt Infrastructure (KERI)
Key Event Receipt Infrastructure (KERI) introduces a decentralized key management framework that secures digital identities through cryptographic event logs. Each event (e.g., key rotations or credential issuance) is signed and anchored so that it can be independently verified without reliance on centralized authorities. In healthcare data exchange, KERI ensures that patient records, provider identities, and other sensitive information are bound to cryptographically verifiable identities and their events. KERI relies on Composable Event Streaming Representation (CESR) to provide flexible, interoperable event streams, while Authentic Chained Data Containers (ACDC) enable tamper-evident chaining of digital credentials in KERI ecosystems. Together, these standards establish an end-to-end ecosystem for secure, verifiable data transfer.Fast Track to ISO
The JTC1 Publicly Available Specification (PAS) process provides a way for specifications developed outside ISO/IEC to become JTC1 International Standards. It functions similarly to the ISO Fast Track process but is specific to JTC1 (Information Technology). Below is an overview of how the process works for KERI-related specifications under Trust Over IP (ToIP).Submission Pathway
- PAS Submitter: The Joint Development Foundation (JDF), part of the Linux Foundation, is a recognized ISO/IEC JTC1 PAS submitter.
- Request to Initiate PAS: Any proposal to advance a specification via the PAS process must come from a recognized PAS submitter, in this case the JDF.
Specifications Preparation
- Trust Over IP ISO Template: KERI-related specifications (KERI, ACDC, CESR) destined for ISO are developed using the template linked in the subsection title to ensure proper formatting and structure.
- ToIP Approval: Each specification undergoes ToIP Working Group review and must receive approval from the ToIP Steering Committee before submission.
Ballot and Publication
- DIS (Draft International Standard) Ballot: Once JDF submits a specification to JTC1, the proposal is balloted as a DIS for a 12-week voting period.
- Translation: An additional 8-week period is typically allowed for translation and review.
- Publication: Upon successful ballot and final approval, the KERI-related specification is published as an ISO/IEC standard. By following these steps, the KERI, ACDC, and CESR specifications can move from their current ToIP Draft status to recognized ISO/IEC International Standards, contributing to a more robust and universally accepted framework for secure data exchange.