Trustmark Legal Framework
You are viewing an archival website from the original trustmark pilot in 2013-2016. If you are looking for more recent content about the trustmark framework, please visit the Trustmark Initiative website.
The basic Trustmark Framework that we discuss on the Technical Framework page of this site would not be very useful without a viable legal framework within which trustmarks can be issued and used. As noted on that page, there are many parallels between the trustmark framework and the basic PKI model. We leverage those parallels in the Trustmark Legal Framework that we depict in the following diagram and discuss below.
The Trustmark Legal Framework
Under the Trustmark Legal Framework, a TP issues a trustmark to a TR under a Trustmark Recipient Agreement (TRA), which is a standard two-party contract that establishes an explicit legal agreement between the TP and TR. The TRA is lightweight, and it incorporates by reference a longer, more comprehensive Trustmark Policy. The TP and TR both must sign the TRA to execute it.
When a TRP chooses to rely upon a trustmark, the TRP must enter into a separate agreement – a Trustmark Relying Party Agreement (TRPA) – with the TP. The TRPA is also a two-party contract; however, it is not a standard two-party agreement that both parties must sign. Instead, it is a “clickwrap” or “clickthrough” agreement that becomes effective by virtue of the TRP using or relying on a trustmark issued by the TP. The TRPA is also lightweight, and it too incorporates the Trustmark Policy by reference.
Note, as indicated by the diagram above, that the trustmark object contains references to both the Trustmark Policy under which it was issued and the TRPA to which TRPs are subject if they choose to use or rely upon the trustmark. Note also that even though the purpose of a trustmark is to provide a basis for trust between the TR and TRP, the Trustmark Legal Framework does not establish an explicit legal relationship between these two entities. Instead, the framework establishes separate explicit legal relationships between each entity and a third party, the TP.
We piloted this legal framework within NIEF as part of our NSTIC pilot, and we have continued to use this legal framework in subsequent trustmark deployments since the pilot concluded in 2016. To see the actual Trustmark Policy, Trustmark Recipient Agreement template, and Trustmark Relying Party Agreement used by NIEF, please visit this page.