Trustmark: Difference between revisions
Jump to navigation
Jump to search
Line 20: | Line 20: | ||
#The [[Identifier]] of the site has a signed certificate of membership in the framework that issued the [[Trustmark]]. | #The [[Identifier]] of the site has a signed certificate of membership in the framework that issued the [[Trustmark]]. | ||
#The companies that report on web site safety (Microsoft, Google, Apple, etc.) are informed of the conditions under which the [[Trustmark]] is issued. | #The companies that report on web site safety (Microsoft, Google, Apple, etc.) are informed of the conditions under which the [[Trustmark]] is issued. | ||
#The W3C is encouraged to standardize on the method to validate | #The W3C is encouraged to standardize on the method to validate [[Trustmark]]s and encourages members to mark any misuse of the mark as unsafe. | ||
#Kantara proselytizes not only the adoption of the W3C rules, but actively recruits sites to prominently feature the [[Trustmark]] and its benefits to users. | #Kantara proselytizes not only the adoption of the W3C rules, but actively recruits sites to prominently feature the [[Trustmark]] and its benefits to users. | ||
Revision as of 22:29, 30 October 2018
Full Title
The purpose of a Trustmark is to give the users of a web site sufficient information to make an informed decision about whether the site is trustworthy.
Context
The internet is currently a cesspool of malcontents and criminals that is little different from the wild west of the US in 1870.
The goals of this effort is to enable:
- The user can unambiguously determine the real-world identity of any web site that has any pretense to be trustworthy.
- The user knows the context that the site operates by the federation(s) to which the site has subscribed.
- The user can clearly determine the purpose of the web site, especially in regard to the intent of the site to use their personal information.
- The user can stipulate their own conditions on which they are willing to interoperate with the site.
Problems
- Users do not pay attention to existing Trustmarks.
- Existing Trustmarks are trivial to copy on sites that are not trusted.
Solution
The following are the current characteristics of the new Trustmark:
- The mark is cryptographically bound to an Identifier of the current web site.
- The Identifier of the site has a signed certificate of membership in the framework that issued the Trustmark.
- The companies that report on web site safety (Microsoft, Google, Apple, etc.) are informed of the conditions under which the Trustmark is issued.
- The W3C is encouraged to standardize on the method to validate Trustmarks and encourages members to mark any misuse of the mark as unsafe.
- Kantara proselytizes not only the adoption of the W3C rules, but actively recruits sites to prominently feature the Trustmark and its benefits to users.
References and Coordination
- Much more detail is on the page Trustmark Evolving Design Pattern, which may not be fully up-to-date.
- This page is dedicated to collecting information about Trust in a digital environment.