Trustmark
Full Title
The purpose of a Trustmark is to give the users of a web site sufficient information to make an informed decision about whether the site is trustworthy.
Context
The internet is currently a cesspool of malcontents and criminals that is little different from the wild west of the US in 1870.
The goals of this effort is to enable:
- The user can unambiguously determine the real-world identity of any web site that has any pretense to be trustworthy.
- The user knows the context that the site operates by the federation(s) to which the site has subscribed.
- The user can clearly determine the purpose of the web site, especially in regard to the intent of the site to use their personal information.
- The user can stipulate their own conditions on which they are willing to interoperate with the site.
Problems
- Users do not pay attention to existing Trustmarks.
- Existing Trustmarks are trivial to copy on sites that are not trusted.
- Web site URLs can be spoofed as a result of the many alphabets that are now supported on the web.
Solution
The following are the current characteristics of the new Trustmark:
- The mark is cryptographically bound to an Identifier of the current web site which is linked, but not the same as, its URL.
- The Identifier of the site has a signed certificate of membership in the framework that issued the Trustmark.
- The companies that report on web site safety (Microsoft, Google, Apple, etc.) are informed of the conditions under which the Trustmark is issued.
- The W3C is encouraged to standardize on the method to validate Trustmarks and encourages members to mark any misuse of the mark as unsafe.
- Kantara proselytizes not only the adoption of the W3C rules, but actively recruits sites to prominently feature the Trustmark and its benefits to users.
References and Coordination
- Much more detail is on the page Trustmark Evolving Design Pattern, which may not be fully up-to-date.
- This page is dedicated to collecting information about Trust in a digital environment.