Home

Purpose of the Trustmark Initiative

• TMI serves as the steward for the trustmark infrastructure
  • Its primary role is community instantiation and support, NOT community governance
  • Publishes and manages high-level how-to guidance about the trustmark model
    • TODO: Capture what types of guidance are required
      • E.g., How to become a trustmark community
  • Publishes and lifecycle-manages the spec
  • Publishes and lifecycle-manages the open-source tools
  • Publishes and lifecycle-manages a list of trustmark communities
    • Community name, website address, contact info
• How a trustmark community works…
  • Sign up (register? apply?) with the TMI as a trustmark community
    • Must the community sign an agreement with TMI?
    • If so, what must the agreement say?
    • For example, we probably want to disclaim all liability that may arise from use of TMI. (?)
  • Community must operate is own TBR
  • Community can operate additional services (TPAT, TAT, etc.)
    • Define some basic patterns
  • Is there a cost associated with being a trustmark community?
  • A trustmark community must govern itself in the following ways.
    • Govern the set of approved trustmark providers (assessors), as well as which trustmarks each provider is approved to issue
    • Govern the set of community “members” or “participants”, i.e., govern the process by which an organization can become listed in that community’s TBR
    • Govern the set of approved trust policies that are applicable to the members or participants of their community
  • A trustmark community should have a community-facing website
• Define some standard configurations for a community, e.g.:
  • One TBR, one TPAT, one TAT, where the community does all its assessments
  • One TBR, one TPAT, list of approved assessors with TATs
  • One TBR, one community TPAT, one member TPAT per member
• See also the Trustmark Communities slide deck from July 2023

What is the Trustmark Framework?

TBD