Purpose of the Trustmark Initiative

  • TMI serves as the steward for the trustmark infrastructure
    • Its primary role is community instantiation and support, NOT community governance
    • Publishes and manages high-level how-to guidance about the trustmark model
      • TODO: Capture what types of guidance are required
        • E.g., How to become a trustmark community
    • Publishes and lifecycle-manages the spec
    • Publishes and lifecycle-manages the open-source tools
    • Publishes and lifecycle-manages a list of trustmark communities
      • Community name, website address, contact info
  • How a trustmark community works…
    • Sign up (register? apply?) with the TMI as a trustmark community
      • Must the community sign an agreement with TMI?
      • If so, what must the agreement say?
      • For example, we probably want to disclaim all liability that may arise from use of TMI. (?)
    • Community must operate is own TBR
    • Community can operate additional services (TPAT, TAT, etc.)
      • Define some basic patterns
    • Is there a cost associated with being a trustmark community?
    • A trustmark community must govern itself in the following ways.
      • Govern the set of approved trustmark providers (assessors), as well as which trustmarks each provider is approved to issue
      • Govern the set of community “members” or “participants”, i.e., govern the process by which an organization can become listed in that community’s TBR
      • Govern the set of approved trust policies that are applicable to the members or participants of their community
    • A trustmark community should have a community-facing website
  • Define some standard configurations for a community, e.g.:
    • One TBR, one TPAT, one TAT, where the community does all its assessments
    • One TBR, one TPAT, list of approved assessors with TATs
    • One TBR, one community TPAT, one member TPAT per member
  • See also the Trustmark Communities slide deck from July 2023

What is the Trustmark Framework?