The basic Trustmark Framework that we discuss on the Technical Framework page of this site would not be very useful without a viable legal framework within which trustmarks can be issued and used. As noted on that page, there are many parallels between the trustmark framework and the basic PKI model. We leverage those parallels in the Trustmark Legal Framework that we depict in the following diagram and discuss below.
The Trustmark Legal Framework
Under our Trustmark Legal Framework, a TP issues a trustmark to a TR under a Trustmark Recipient Agreement (TRA), which is a standard two-party contract that establishes an explicit legal agreement between the TP and TR. The TRA is lightweight, and it incorporates by reference a longer, more comprehensive Trustmark Policy. The TP and TR both must sign the TRA to execute it.
When a TRP chooses to rely upon a trustmark, the TRP must enter into a separate agreement – a Trustmark Relying Party Agreement (TRPA) – with the TP. The TRPA is also a two-party contract; however, it is not a standard two-party agreement that both parties must sign. Instead, it is a “clickwrap” or “clickthrough” agreement that becomes effective by virtue of the TRP using or relying on a trustmark issued by the TP. The TRPA is also lightweight, and it too incorporates the Trustmark Policy by reference.
Note, as indicated by the diagram above, that the trustmark object contains references to both the Trustmark Policy under which it was issued and the TRPA to which TRPs are subject if they choose to use or rely upon the trustmark. Note also that even though the purpose of a trustmark is to provide a basis for trust between the TR and TRP, the Trustmark Legal Framework does not establish an explicit legal relationship between these two entities. Instead, the framework establishes separate explicit legal relationships between each entity and a third party, the TP.
We are piloting this legal framework within NIEF as part of our NSTIC pilot. To see samples of an actual Trustmark Policy, Trustmark Recipient Agreement template, and Trustmark Relying Party Agreement, please visit this page.