Establishing a trustmark framework
Georgia Tech Research Institute is the non-profit research arm of the Georgia Institute of Technology. The research institute was established nearly 80 years ago and has long partnered with government and industry to solve complex problems through innovation and customer-focused research and education.
The institute’s proposal for the National Strategy for Trusted Identities in Cyberspace (NSTIC) is to develop and demonstrate a trustmark framework that facilitates a cost-effective, scalable, interoperable trust across multiple communities of interest within the identity ecosystem. Privacy and transparency will be enhanced through third-party validation.
“The outcome of this pilot is going to be very important to us,” says John Wandelt, Georgia Tech Research Institute division chief and director of the National Identity Exchange Federation. “After 9/11, it was widely recognized that we needed to do a better job sharing information across the various law enforcement agencies and communities.”
The foundation for the NSTIC pilot comes out of work the institute did in law enforcement. Agencies wanted broader interoperability across the whole law enforcement community, Wandelt says. Plus, law enforcers needed access to other communities of interest like first responders and private industry.
“We realized that whatever we do for law enforcement within our community, there were other drivers outside,” says Wandelt. Drivers such as NSTIC will play a large role in shaping the way forward for online identities.
That’s what led the Georgia Tech Research Institute to propose a model based on trustmarks, the primary focus of its pilot grant. For this project, a trustmark is a rigorously defined, machine-readable statement of compliance with a specific set of technical, business and policy rules.
“The assessment criteria will specify what due diligence is necessary in order for a trustmark provider to issue a trustmark. So this is essential because it improves transparency and consistency,” says Wandelt. “We believe that an ecosystem based on machine-readable trustmarks has a potential of changing how we think about the traditional trust frameworks.”
The institute was awarded $1.7 million for its Trustmark Marketplace initiative in the first year and a similar amount for year two if benchmarks are met.
Under the grant funding, the institute plans to develop a trustmark technical framework, some sample trustmark definitions that address concerns like privacy policies and interoperability communication protocols and some open source tools to seed the marketplace.
“Once we have that completed, we’re going to pilot this in an operational capacity among the National Identity Exchange Federation members,” Wandelt said. “Creating this ecosystem based on trustmarks that can thrive and connect our community among themselves and also lower the barriers to bridge between different communities of interest would be a huge success story – and in our opinion cost savings – so that it’s not required to join multiple federations to conduct the necessary business.”
The idea is to simplify the Identity Ecosystem’s trust landscape. The project seeks to clear the environment, which currently harbors an assortment of federations with their own individual standards. These federations tend not to trust each other and don’t work together.
Wandelt hopes the institute will be able to inform and contribute in a way that inspires broader adoption. “It’s very difficult to draw a dotted line around any region – community of interest – and say that’s an island,” Wandelt said. “At the end of the day, we need to connect the islands.”