Deep-dive · v0.5 draft · 2026

SLF Deep-Dive · 02 / Governance

The Foundation question.

What a Foundation would operate if one were formed, the five named risks such a path would have to clear, and why deferring it is the current default.

The current planning default is to defer foundation incorporation unless funding circumstances make it necessary. A 501(c)(3) SLF Foundation as a sister entity to Lexenne is one of four legitimate options for stewarding the spec, vocabularies, conformance suite, and trademarks, alongside an SLF project inside an established neutral host (LF Decentralized Trust, OpenWallet Foundation), publication through a W3C Community Group or IETF Internet Draft, and deferring all of it until Patina ships to a paying customer. The four alternatives are surveyed in Section D below.

This page is a study of the standalone-foundation path, what it would operate if taken, the five named risks it would have to clear, and the alternatives it should be compared against. The point is to make the structural decision legible, not to pre-empt it. The dominant realistic outcome of any foundation-led path, per the impartial evaluation, is best described as "alive but niche," well short of a dominant standard. Naming that up front is the point of the page.

Why a Foundation might fit, and what shape it would take

A · Structure

The architectural commitment is mission-lock: the protocol's regulatory and individual-sovereignty semantics must survive commercial pressure from any single implementer. The clearest way to make mission-lock structural rather than aspirational is to separate the entity that owns the spec from any entity that profits from implementing it.

That points to a nonprofit. The 501(c)(3) form has three concrete properties the project needs: (1) tax-exempt fundraising, which is the realistic path to multi-year operational funding; (2) IRS-anchored mission-lock language in the articles and bylaws, harder to unwind than a corporate decision; (3) standing as the trademark holder, which means conformance certification is a legitimate revenue stream tied to a Foundation rather than to any implementer.

The sister-entity choice, rather than a parent-corporation-with-foundation, is more conservative. Lexenne exists today as a commercial company; a Foundation, if formed, would be designed from scratch. Operating them as siblings, both at arm's length, with IP transfer from Lexenne to the Foundation at formation, then a trademark license back to Lexenne for conformant use, would preserve Foundation independence without restructuring the commercial entity. It is the Mozilla pattern in shape, not in aspiration.

That distinction matters, and the rest of this page leans into it.

What a Foundation would operate

B · Five operational assets

The point is not to fence off the spec. The spec is meant to spread; standards bodies adopt good primitives whether or not the originator stays involved. What a steward would actually carry is operational, the work that keeps an open standard usable:

Federated vocabulary registries for gates, scope predicates, and reason codes. A steward would curate a tiny core; domain bodies (healthcare standards organizations, financial-services groups, government identity authorities) steward extensions. The pattern is IANA / MIME / DNS: registrar-of-registries, not curator-of-every-entry. Keeps the maintenance load minimal and prevents the spec from becoming a committee chokepoint.
A conformance suite with paid certification. Executable tests that verify a claimed SLF implementation against the spec and against named composition surfaces. Certification covers enforcement-tier declarations: an implementation must carry an honest T0/T1/T2/T3 tier label in every receipt; a T3 deployment cannot assert T0 prevention guarantees. Procurement teams close on certifications; this is the protocol's primary revenue line in steady state.
Reference implementations and adapters across the major language ecosystems. Apache-2.0 licensed, Foundation-stewarded. The first already exists: slf-core, an Apache-2.0 library whose conformance suite runs green. Adapters into the converging stacks, OID4VP, AP2, AATWG drafts, MCP, Microsoft Entra Agent ID, live here too. Code that runs beats specs that don't.
A cross-protocol composition layer. SLF is designed to ride above whatever set of identity, delegation, and credential-format stacks the broader ecosystem converges on. No single standards body owns the composition surface across bodies. A steward could.
A trust list and rating system. Federated governance for counterparty behavior, vulnerability disclosure, and lens-provider reputation. Nobody else operates one of these across protocols.

Each of these is something standards bodies do not do. They publish documents; they do not run registries, ship code, certify implementations, or maintain trust lists. That is the operational layer a Foundation would occupy. It is also, the impartial evaluation flagged, the same layer that several incumbents already occupy. Section D covers that.

Five named risks

C · What could go wrong

An impartial-evaluation pass on the foundation strategy (dated 2026-05-25) named five risks the proposed path must clear. They are the realistic shape of the failure modes, grounded in how comparable efforts went.

Risk 1 · Mozilla precedent

The Mozilla pattern is a cautionary tale, not aspiration.

"Mozilla Foundation/Corporation is structurally what the docs propose. Mozilla has also been financially dependent on a single counterparty (Google) for ~15 years, lost browser share continuously to <5%, and weathered multiple founder/CEO crises. Citing Mozilla as proof the model works requires selective reading." , SLF Impartial Evaluation v0.1, §2e

Mitigation in the design: bylaws cap any single funder at 30% of revenue; conformance certification is structured to produce non-grant income from year two; board independence requires four independents on a five-person board minimum. Qualifier: Mozilla's structure was correct; Mozilla's outcomes were shaped by commercial pressure exercised within that correct structure. Having the structure is the first half. Surviving sustained pressure from hyperscaler counterparties is the second half, and Mozilla shows the second half is harder than the first.

Risk 2 · Inrupt baseline

"Alive but not dominant" is the realistic outcome.

"Tim Berners-Lee + W3C-level prior art + $30M Series A + 7 years → ~$3.2M ARR, ~29 people, governance handed to Open Data Institute. This is what 'alive but not dominant' looks like for a personal-data protocol. The SLF documents acknowledge this in §15.7, but treat it as a thing the moat-via-infrastructure strategy avoids. Inrupt also tried to make infrastructure the moat. It didn't avoid the outcome." , SLF Impartial Evaluation v0.1, §2e

What "alive but niche" looks like: a Foundation operating with 5–15 staff; serving a vertical (healthcare, financial services, government ID) rather than horizontal consumer adoption; spec published with a DOI and cited in academic and standards literature; one to three reference deployments; conformance revenue of $200K–$500K per year; ongoing dependence on philanthropic grants. This is a mission-aligned success outcome at the personal-fulfillment level. It is not market dominance, and the page deliberately does not pretend it is.

Risk 3 · Crowded foundation landscape

Five established foundations already occupy adjacent layers.

LF Decentralized Trust (Hyperledger + Trust over IP, 100+ founding members, 17 projects). OpenWallet Foundation (Linux Foundation Europe, broad membership). Decentralized Identity Foundation (DIDComm, Presentation Exchange). OpenID Foundation, which is the conformance certifier the SLF strategy intends to be certified by. MyData Global. The operational-infrastructure layer a Foundation would depend on is not unoccupied territory.

The differentiation case: SLF is the only protocol bridging personal-data sovereignty, agent-scoped grants, and substrate-bound regulatory metadata at the person layer. The federated namespace governance pattern avoids the committee-bottleneck problem the incumbents struggle with. What would not defend standalone incorporation: if AATWG absorbs the grant-semantics layer into its own spec; if LFDT or OpenWallet offer "SLF as an LFDT/OWF project" and it costs less and gets there faster; if the differentiation collapses to "yet another W3C work."

Risk 4 · Adoption velocity vs. funder patience

Standards adoption runs 5–10 years; grant cycles run 18–24 months.

The historical comparison is sobering. OAuth 2.0 took three to five years from RFC to enterprise default. WebAuthn took five to six. W3C Verifiable Credentials reached v2.0 in 2025 and are still pre-mandate adoption seven years in. Even successful identity standards take five to ten years. Philanthropic funding cycles average eighteen to twenty-four months.

The bridge: ship commercial reference implementations (Patina with paying customers) inside year one to establish non-grant revenue; identify two to three domain-specific pilots where adoption is 18–24 months rather than five years; secure multi-year grant commitments at formation rather than annually; make conformance-certification a real revenue line by year two to reduce grant dependency. The brutal version: if a Foundation cannot demonstrate paying customers by year two, grant-funding conversations in year three become significantly harder.

Risk 5 · Founder bandwidth

This is the dominant single-point-of-failure risk.

Premortem #7 (founder-bus-factor) is named in the architecture. The Board Leadership Debrief estimates the protocol stewardship load at 5–25 hours per week on top of running Lexenne. That is materially additive, not a substitute for commercial work. The architecture commits to a bandwidth floor; it does not yet commit to which of three resolutions will apply.

The three paths, all unresolved:

Hire a Foundation Executive Director in year one. Requires $120K–$180K in salary plus benefits; requires grants or Lexenne subsidy at formation; transfers primary stewardship to a non-founder by month twelve.
Compress Lexenne work deliberately. Slow commercial product launches to preserve 10–15 hours per week for protocol stewardship. Conflicts with Patina timeline; not personally sustainable across years.
Accept longer timeline. v0.3 reference deployments slip from year two to year three or four; AATWG participation becomes lighter; Foundation forms and stays minimal-staff. Loses regulatory window urgency; competitors ship faster.

The page deliberately does not say "this is being managed." It is the single largest risk in the program, and one of the three resolutions has to be chosen.

Four legitimate alternatives the eval surfaced

D · Options A through E

The proposed direction is Option A: a standalone 501(c)(3). The impartial evaluation explicitly named four alternatives that have not been scored against Option A on credibility speed, grant-funding ease, mission-lock durability, or regulatory-mandate positioning. A 60-day comparison of A through E with board involvement is on the recommended pre-commit list before capital is spent on incorporation.

Option A · proposed

Standalone 501(c)(3) Foundation

Sister-entity to Lexenne. Maximum mission control, maximum trademark hold, the fullest operational role. Also: highest cost, slowest to credibility, most bandwidth-intensive, competes with LFDT and OpenWallet for grant funding.

Option B

SLF as an LFDT project

Submit spec and reference implementation as a project inside LF Decentralized Trust. Benefits from established neutral-host governance, paid staff, member network. Costs: less brand control, trademark terms negotiated with LF, less differentiation from Lexenne's commercial play.

Option C

W3C Community Group / IETF Internet Draft

Publish at the standards body directly; let the standards body host governance. Lowest cost, strongest standards-body legitimacy, zero foundation overhead. Costs: no conformance business, no trademark hold, no operational role.

Option D

OpenWallet Foundation project

Position SLF as the grant-semantics layer above OWF's wallet-engine work. Code-first, immediate ecosystem access, OWF membership network. Same brand-control trade-offs as Option B.

Option E: defer foundation incorporation. Ship Patina with paying customers first; let standards work follow deployments rather than precede them. Reverses the typical order; loses the 2026 AATWG window; strengthens the strategic position by 2027–2028 by arriving at standards bodies with deployed customers rather than ideas.

The page advocates no specific alternative. It notes that the impartial evaluation flagged the comparison as unscored, and that scoring it honestly is one of the gates before capital commits.

Three gates before capital commits

E · Pre-commit checks

The impartial evaluation's closing recommendation was specific. Before $5K–$15K in legal, filing, and trademark costs is spent on Option A, three things should clear:

A 60-day comparison of Options A through E with board involvement and explicit scoring criteria: credibility speed, grant-funding ease, adopter friction, mission-lock durability, regulatory-mandate positioning. The eval found this comparison had not yet been done. Until it has, Option A is the assumed direction, not the chosen one.
Verification of the FIDO standards-engagement path. The competitive-landscape work assumes a warm introduction into the FIDO AATWG. Until that path is confirmed rather than assumed, a foundation timeline should not depend on it. Treat AATWG access as something to validate, not a given.
A binary decision on Patina's commercial deliverability in 2026. The eval's argument: if Patina can ship with a paying customer in 2026, the foundation's strategic calculus changes fundamentally, non-grant revenue, deployed reference implementation, conversation-changing fact for every regulatory and standards conversation. If not, the foundation path becomes substantially more dependent on philanthropic grants and standards-body credibility alone. The decision is binary, and it should be made deliberately rather than discovered after the fact.

What this page does not claim

F · Overclaims to avoid

Mozilla is not the model. Mozilla is structurally what is proposed and operationally a cautionary tale. Citing it as proof the structure works requires selective reading.
Standalone incorporation is not the chosen answer. It is the proposed direction. Four alternatives are unscored. The 60-day comparison is a gate, not a formality.
Strong success is not the planning anchor. It is the upside case. The realistic anchor is "alive but niche," mission-aligned.
Founder bandwidth is not "being managed." It is the single largest unresolved risk. One of three resolutions has to be chosen.
A Foundation would not protect the mission from commercial pressure on its own. Structure is necessary; it is not sufficient. Mozilla's structure didn't prevent fifteen years of single-counterparty financial dependence.
The operational role is not guaranteed. It depends on domain stewards emerging, conformance suites staying current, standards bodies not shipping competitive certification, and incumbent foundations (LFDT, OpenWallet) not absorbing the layer. Each of those is a live variable.

If you are reading this with a governance, philanthropy, or standards-body lens and the framing looks wrong, if a risk is overplayed, an alternative is underplayed, or a mitigation is weaker than presented, that is the feedback the draft needs. The page is designed to surface critique, not deflect it.

← All SPA / SLF deep-dives