The Georgia Tech Research Institute (GTRI) hosted the 7th plenary of the Identity Ecosystem Steering Group (IDESG) Jan. 14-16, 2014 in support of the National Strategy for Trusted Identities in Cyberspace (NSTIC).
During the event, GTRI launched a new website on the Trustmark technology at https://trustmark.gtri.gatech.edu/. A trustmark is a rigorously defined, machine-readable statement of compliance with a specific set of technical or business/policy rules. The use of trustmarks has been pioneered by GTRI and developed with funding from the National Strategy for Trusted Identities in Cyberspace (NSTIC), a White House initiative to work collaboratively with the private sector, advocacy groups and public-sector agencies to create an “identity ecosystem” in which technologies, policies and consensus-based standards support greater choice, trust, security and privacy with online transactions.
IDESG has been established as a new organization led by the private sector in conjunction with, but independent of the federal government.
In October, GTRI was awarded an NSTIC pilot project grant. Under the grant, GTRI will develop and demonstrate a trustmark framework that facilitates cost-effective scaling of interoperable trust across multiple communities of interest within the identity ecosystem and enhances privacy through transparency and third-party validation.
Trustmarks have the potential to enable wide-scale trust and interoperability within the identity ecosystem by helping to foster transparency and widespread operational convergence on the specific requirements for each dimension of interoperability, including communication protocols and profiles, cryptographic algorithms, business-level user attributes for access control and audit purposes and various levels of policy such as privacy policies and practices.
Trustmarks can also reduce the complexity of the identity ecosystem’s trust landscape, and turn what would otherwise be a collection of poorly interconnected “federated identity siloes” into a more cohesive trust environment. In addition, trustmarks can enhance privacy within the identity ecosystem by helping communities of interest define clear, concise and rigorous privacy rules that participating agencies must follow.
“The concept of trustmarks and a trustmark framework mean different things to different stakeholders,” said John Wandelt, principle investigator for the GTRI NSTIC trustmark pilot. “The vision of identity ecosystem where trustmarks can be broadly re-used and trusted across several communities of interest to satisfy interoperability, privacy, security and trust needs will require transparency, collaboration and sufficient engineering rigor to concretely specify.”
The new website will facilitate a common understanding of trustmarks and a trustmark framework. Artifacts resulting from the GTRI pilot project will be posted at this website along with blogs and other related information.
“The objective is to solicit comments from the IDESG, other NSTIC pilots, and the community at large while maintaining the integrity of our pilot schedule,” said Wandelt.
“Trustmarks and Trust Frameworks are a common theme across multiple pilots and discussions in the IDESG,” said Jeremy Grant, Senior Executive for the NSTIC Program Office.
“GTRI’s decision to provide visibility into their trustmark pilot artifacts and findings early on is a great example of the type of collaboration we are encouraging between NSTIC pilots and the IDESG,” said Grant. “It should contribute to accelerating substantive discussion and progress in this important area.”