Trustmark Framework Implementer Guidance for Organizations
- Identify your information sharing use cases – what are you trying to accomplish operationally?
- Define your trust policies for each use case and publish them in a local
TPAT
(text with tooltip)
Trust Policy Authoring Tool
- Earn the necessary trustmarks and publish them in a
TAT
(text with tooltip)
Trustmark Assessment Tool
- Could be done via self-assessment and self-issuance, or via a 3rd-party trustmark provider
- Need to know which option(s) are acceptable to your partners before you decide what to do
- Deploy federated system endpoints using
SAML
(text with tooltip)
Security Assertion Markup Language
and/or
OIDC
(text with tooltip)
OpenID Connect
- Includes interoperability & conformance testing – may require a 3rd-party trustmark provider
- Register your federated system endpoints in the appropriate
TBR
(text with tooltip)
Trustmark Binding Registry
(s)
- Manage your information sharing partner trust relationships using a
TRPT
(text with tooltip)
Trustmark Relying Party Tool