Trustmark

From IDESG Wiki
Revision as of 22:29, 30 October 2018 by Tomjones (talk | contribs) (→‎Solution)
Jump to navigation Jump to search

Full Title

The purpose of a Trustmark is to give the users of a web site sufficient information to make an informed decision about whether the site is trustworthy.

Context

The internet is currently a cesspool of malcontents and criminals that is little different from the wild west of the US in 1870.

The goals of this effort is to enable:

  1. The user can unambiguously determine the real-world identity of any web site that has any pretense to be trustworthy.
  2. The user knows the context that the site operates by the federation(s) to which the site has subscribed.
  3. The user can clearly determine the purpose of the web site, especially in regard to the intent of the site to use their personal information.
  4. The user can stipulate their own conditions on which they are willing to interoperate with the site.

Problems

  • Users do not pay attention to existing Trustmarks.
  • Existing Trustmarks are trivial to copy on sites that are not trusted.

Solution

The following are the current characteristics of the new Trustmark:

  1. The mark is cryptographically bound to an Identifier of the current web site.
  2. The Identifier of the site has a signed certificate of membership in the framework that issued the Trustmark.
  3. The companies that report on web site safety (Microsoft, Google, Apple, etc.) are informed of the conditions under which the Trustmark is issued.
  4. The W3C is encouraged to standardize on the method to validate Trustmarks and encourages members to mark any misuse of the mark as unsafe.
  5. Kantara proselytizes not only the adoption of the W3C rules, but actively recruits sites to prominently feature the Trustmark and its benefits to users.

References and Coordination