You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »



This page describes the GSWG Trust Assurance Task Force (the "GSWG TA TF"). It was created by Scott Perry.

Objectives

  1. To embed mechanisms that will add to the reliability of actors and processes within the ToIP Governance Stack 
  2. To develop assurance processes of roles operating at all layers of the ToIP Governance Stack
  3. To establish classes (levels) of trust that can be assigned to objects (e.g. credentials) 
  4. To standardize variations of process activity attributable to levels of assurance
  5. To establish sets of criteria for actors in the ToIP ecosystem to assert levels of assurance they convey into the ToIP ecosystem
  6. To create models for certification schemes that can be deployed by ToIP customer ecosystems
  7. To align assurance roles and processes with the ToIP Technical Stack
  8. To align with schemas and semantics being developed in other areas of the ToIP Foundation

Background/Context

Trust is defined as the “firm belief in the reliability, truth, ability, or strength of someone or something”.  Digital trust is built from three main components: Cryptographic Trust; Human Trust and Referential Trust.  Referential Trust is established through a trustworthy entity transferring trust upon a third party. 

For a digital world, trust is an essential.  As shown in ToIP Governance Stack, human trust is heavily relied upon in layer three – Credential Exchange and is refined in the Ecosystem Governance Layer (Layer Four) with the introduction of the following roles creating a referential trust ecosystem: Trust Anchor; Credential Registry, Governance Authority, Auditor and Audit Accreditor. The following diagram depicts how these roles interact

Figure A – Referential Trust Assurance Ecosystem

The ecosystem creates assurance to verifiers, credential holders and relying parties that trust anchors are applying generally accepted trust criteria to their methods and practices by the introduction of accreditation and independent third-party audits that act in their interest.  Relying parties acquires trust from the ecosystem based on the ability of the players to follow through on its commitments and the integrity of its decisions.  Symbols of this trust are stored on publicly accessible credential registry it can be propagated throughout the ecosystem.

As one of a set of "genesis" task forces birthed by the GSWG, this task force will further develop the trust assurance roles and processes and will be used in establishing generally accepted roles, responsibilities and standard processes of actors relying upon ToIP ecosystems

Organizers

  1. Scott Perry, Scott S. Perry CPA PLLC

Membership and Joining

Prior to participating in the meetings please ensure that you are a member of the Trust Over IP Foundation. More detail on this can be found at this link.

To join at the Contributor Member level, there is no charge, and you do not need to join the Linux Foundation.

  • If you wish to join as a Contributor Member only, please see these documents.
  • If your organization is already a member of The Linux Foundation please see these documents

Deliverables

The GSWG TA Task Force intends to create well defined descriptions of roles, responsibilities and process that all actors play in the trust assurance schemes that the ToIP Ecosystems will operate.  The focus will be on governance and operational processes and only touch upon technical processes as needed for its purposes.  This task force will not focus on technical interoperability processes (deferring to the Technical Stack Working Group).  These definitions are critical in the establishment and consistency of applying governance principles for all four ToIP layers. 

Key deliverables will include, but are not limited to:

  1. ToIP Trust Assurance Roles and Responsibilities which defines the players that execute and rely upon key trust assurance process operations in the ToIP ecosystem at all governance layers
  2. ToIP Trust Assurance Process Definitions are a set of defined trust assurance processes occurring at the different ToIP Governance Layers 
  3. ToIP Levels of Assurance defines classes of objects (e.g. credentials) and actors participating in creating, maintaining and using those objects at defined levels of assurance
  4. ToIP Process Trust Criteria defines control objectives and control practices for various ToIP layer processes at varying levels of assurance
  5. ToIP Certification Scheme Primer is a reference guide to Governance Authorities to assist in creating a certification scheme for an ecosystem

Intellectual Property Rights (Copyright, Patent, Source Code)

As a Task Force (TF) of the Governance Stack WG (GSWG), the GSWG TA TF inherits the IPR terms from the GSWG JDF Charter. These include:

Milestones

Key milestones will include, but are not limited to:

  1. Establishment of GSWG Process and Roles Task Force
  2. Definition of generic roles and process by the GSWG P&R TF
  3. Establishment of GSWG Trust Assurance Task Force
  4. Drafting of Trust Assurance Roles and Responsibilities
  5. Drafting of Trust Assurance Process descriptions
  6. Drafting of Levels of Assurance definitions
  7. Drafting of an Initial Set of Trust Criteria for all ToIP layers
  8. Drafting a Certification Scheme Model and Primer

The GSWG TA TF will be formed after an initial set of role and process documents have been created by the GSWG PR TF

The work of the GSWG P&R TF will be complete when a baseline set of deliverables are submitted to the GSWG and the ToIP Steering Group.  It is likely that the Task Force will morph into its own working group at some point of its maturity

Meeting Schedule

To be developed

Mailing List and Communications

This task force uses the following for communications

  • Mailing List: The wide mailing list available to the members of the Governance Stack Working Group
  • Slack: The Slack channel for the Governance Stack Working Group (#governance-stack-wg)



  • No labels