Last week, at the 8th IDESG Plenary Meeting in Mountain View, CA, GTRI led a Birds-of-a-Feather session on the topic of “Machine-Processable Trustmarks”. During this session, we introduced the session participants to our concepts of a Trustmark, Trustmark Definition (TD), and Trust Interoperability Profile (TIP) at a level of detail somewhat deeper than slide decks and pretty pictures. We highlighted our preliminary requirements documents for trustmarks, TDs, and TIPs, as well as several sample artifacts that we have created during the initial phase of our pilot.. Our overview slide deck from the session is also available for download in PDF format.
During the session, one participant raised a simple but important question: Is “trustmark” the best term to describe what we are creating, or could our use of the term “trustmark” cause undue confusion within the Identity Ecosystem? In light of this question, we did a little research and found the following evidence that we think supports our decision to use this term.
First, page 22 of the NSTIC Strategy Document defines a trustmark as follows.
A trustmark is used to indicate that a product or service provider has met the requirements of the Identity Ecosystem, as determined by an accreditation authority. The trustmark itself, and the way it is presented, will be resistant to tampering and forgery; participants should be able to both visually and electronically validate its authenticity. The trustmark helps individuals and organizations make informed choices about the Identity Ecosystem-related practices of the service providers and identity media they select.
In addition, the website Techopedia contains a dedicated page that defines an E-commerce Trustmark as follows.
E-commerce trustmark is an electronic commerce badge, image or logo displayed on a website to indicate that the website business has been shown to be trustworthy by the issuing organization. A trustmark gives confidence to customers and indicates to them that it is safe to do business with the web site displaying it.
Both of these definitions differ somewhat from our definition of a trustmark. First, in our trustmark framework, trustmarks can be issued to any organizational entity that participates in the Identity Ecosystem, not just relying parties. Second, our framework supports and encourages the use of multiple trustmarks, each covering a different set of trust or interoperability requirements, rather than a single monolithic trustmark. And third, for obvious security reasons, our concept of a trustmark includes cryptographic signatures that make a trustmark harder to forge than a simple image or logo would be. But on the other hand, both the NSTIC Strategy Doc and Techopedia use the term “trustmark” in a manner that is intended to represent a well-scoped measure of trustworthiness as conveyed by a trusted third party. We believe this to be the core defining characteristic of a trustmark, and for this reason, we believe our choice of the term “trustmark” is appropriate to our pilot.
What do you think? Is “trustmark” the right term for what we are doing in our pilot? Contact us at TrustmarkFeedback@gtri.gatech.edu and let us know!