Tomato or Tomahto? When it comes to food, It’s a distinction without a difference.
But when it comes to software, the distinction between an “open specification” and an “open source project” is critically important to understand.
Furthermore, when it comes to enhanced data security and privacy policies, it is critically important to understand the difference between Trusted Data Format (TDF) and OpenTDF.
Simply stated, TDF is an open specification for a format/protocol for zero trust data sharing which was invented a decade ago by our co-founder Will Ackerly during his time at the National Security Agency (NSA). Conversely, OpenTDF is an open source project that was unveiled in June and includes a real-world reference implementation of that specification, and demonstrates with sample code a wide range of capabilities that software developers can utilize to enhance data security and privacy.
At Virtru, our mission is to make it easier for the world to share data confidently without sacrificing security, privacy, or ownership. In support of this mission, we are constantly seeking ways to share our knowledge and experience with the global developer community. That’s why we invented the TDF specification. And it’s why we created the OpenTDF project.
Let’s begin by defining TDF. The Trusted Data Format is an open specification for a generic wrapper that protects your content regardless of the type of data – from emails, to spreadsheets, to files. How does TDF protect the data? It allows data owners to define an access policy with one or more attributes and bind that access policy to the data with encryption. This access policy allows the data owner to assign access controls onto each individual data object, like who can access it, what they can do with it, and for how long. It’s essentially putting your data on a leash.
TDF is the foundational open standard that Virtru uses to build tools and services that make encryption and zero trust data controls attainable and easy.
When we say TDF is an “open standard,” that means anyone can view the specification, implement it, and benefit from it.
The challenge for developers is that TDF in its original public capacity is essentially a barebones blueprint, but without an example implementation. If you’re looking to build a house, a blueprint is a great start – but you’ll need tools, materials, and manpower to actually construct it.
If Trusted Data Format is considered “the blueprint” as an open standard, then OpenTDF is your bricks, mortar, and trowel. It’s the source code, stored and made available on GitHub, that gives any company or developer a foundation to build TDF into their infrastructure or applications.
At its core, OpenTDF is meant to empower the developer community with the source code that can let you implement:
With these tenets of data encryption and access controls readily available, developers can build these vital elements of Zero Trust Data Control (ZTDC) into any application in any industry where it’s needed.
OpenTDF is a call to the developer community – and to amplify the call, Virtru created an example application to display just how powerful OpenTDF can be.
SecureCycle is a passion project built entirely on OpenTDF, and is a demonstration of the imaginative and versatile nature of open source technology.
The overturning of Roe v. Wade catapulted the data-sharing practices of many health apps into question, but OpenTDF enabled a team to build a menstrual tracking app on the foundation of personal data ownership. Whereas many period tracking apps have treated security as an afterthought or even worse, try to monetize your data by sharing it without your consent, this sample app places the user of the app in total control over their most sensitive data.
Many period tracking apps only secure data on the device by relying on encryption services provided by modern mobile operating systems. But what about when you need to sync that data across devices? And what about when you need to share that data with your primary care physician or another healthcare professional in order to improve the quality of your care? The answer until SecureCycle has been that any data you place in the app is really no longer ‘your’ data - it is now owned by the application provider and potentially many other parties. As we’ve seen with recent legal cases, this lack of data ownership can have profound real-life legal consequences for the users of these period tracking applications.
With an app like SecureCycle, people with periods can have their data encrypted the moment it’s added to the application with a policy that locks that data to the data owner. This end-to-end encryption enables the user to be confident that their data will remain theirs, even once they sync it to the cloud and even if they share it with a family member or a healthcare professional. In every instance, the have visibility and control over their most sensitive data. No one will be able to decrypt their data except for the data owner, or anyone they explicitly grant access to.
Watch Senior Product Manager Cassandra Bailey explain how OpenTDF plays a role in the functionality of SecureCycle.
Since SecureCycle is built off of open-source code, there are no secrets about how the user’s data is being protected. In fact, it instills more trust in the exact practices being used to handle and protect data.
Secure Cycle highlights the growing call for data security in every aspect of digital life in every industry. But health data isn’t the only data worth protecting. There are thousands of industries and infinite scenarios where sensitive data is left exposed and vulnerable. But today, with OpenTDF, anyone can build zero trust data controls where it’s needed most.
With that in mind, what could you build with OpenTDF?
Contact us to learn more about our partnership opportunities.