GSWG Trust Assurance Task Force

*** NOTE: THIS TASK FORCE IS PLANNED BUT NOT YET ACTIVE ***

• Objectives
• Background/Context
• Organizers
• Membership and Joining
• Deliverables
• Intellectual Property Rights (Copyright, Patent, Source Code)
• Milestones
• Meeting Schedule
• Mailing List and Communications
• Trust Assurance White Paper

This page describes the GSWG Trust Assurance Task Force (the "GSWG TA TF"). It was originally created by Scott Perry.

Objectives

1. To embed mechanisms that will add to the reliability of actors and processes within the ToIP Governance Stack 
2. To develop assurance processes of roles operating at all layers of the ToIP Governance Stack
3. To establish classes (levels) of trust that can be assigned to objects (e.g. credentials) 
4. To standardize variations of process activity attributable to levels of assurance
5. To establish sets of criteria for actors in the ToIP ecosystem to assert levels of assurance they convey into the ToIP ecosystem
6. To create models for certification schemes that can be deployed by ToIP customer ecosystems
7. To align assurance roles and processes with the ToIP Technical Stack
8. To align with schemas and semantics being developed in other areas of the ToIP Foundation

Background/Context

Trust is defined as the “firm belief in the reliability, truth, ability, or strength of someone or something”.  Digital trust is built from three main components: Cryptographic Trust; Human Trust and Referential Trust.  Referential Trust is established through a trustworthy entity transferring trust upon a third party. 

For a digital world, trust is an essential.  As shown in ToIP Governance Stack, human trust is heavily relied upon in layer three – Credential Exchange and is refined in the Ecosystem Governance Layer (Layer Four) with the introduction of the following roles creating a referential trust ecosystem: Trust Anchor; Credential Registry, Governance Authority, Auditor and Audit Accreditor. The following diagram depicts how these roles interact

Figure A – Referential Trust Assurance Ecosystem

The ecosystem creates assurance to verifiers, credential holders and relying parties that trust anchors are applying generally accepted trust criteria to their methods and practices by the introduction of accreditation and independent third-party audits that act in their interest.  Relying parties acquires trust from the ecosystem based on the ability of the players to follow through on its commitments and the integrity of its decisions.  Symbols of this trust are stored on publicly accessible credential registry it can be propagated throughout the ecosystem.

As one of a set of "genesis" task forces birthed by the GSWG, this task force will further develop the trust assurance roles and processes and will be used in establishing generally accepted roles, responsibilities and standard processes of actors relying upon ToIP ecosystems

Conveners

1. Scott Perry, Scott S. Perry CPA PLLC
   

Membership and Joining

Prior to participating in the meetings please ensure that you are a member of the Trust Over IP Foundation. More detail on this can be found at this link.

This TF is still in the planning stages. To indicate your interest in joining this TF, add your name to this list:

• Scott Perry
• sankarshan

Deliverables

The GSWG TA Task Force intends to create well defined descriptions of roles, responsibilities and process that all actors play in the trust assurance schemes that the ToIP Ecosystems will operate.  The focus will be on governance and operational processes and only touch upon technical processes as needed for its purposes.  This task force will not focus on technical interoperability processes (deferring to the Technical Stack Working Group).  These definitions are critical in the establishment and consistency of applying governance principles for all four ToIP layers. 

Key deliverables will include, but are not limited to:

1. ToIP Trust Assurance Primer provides an overview of Trust Assurance concepts and why it is an important aspect of ToIP governance
2. ToIP Risk Assessment Kit is a guide that Governance Authorities can use to develop a a risk assessment enabling a proper control scheme to be implemented 
3. ToIP Trust Assurance Roles and Responsibilities which defines the players that execute and rely upon key trust assurance process operations in the ToIP ecosystem at all governance layers
4. ToIP Trust Assurance Process Definitions are a set of defined trust assurance processes occurring at the different ToIP Governance Layers 
5. ToIP Levels of Assurance defines classes of objects (e.g. credentials) and actors participating in creating, maintaining and using those objects at defined levels of assurance
6. ToIP Ecosystem Control Objectives and Practices identifies a set of control requirements and suggested control practices of roles in an ecosystem to address risks in an ecosystem and varying levels of assurance
7. ToIP Role Policy and Procedure Templates for significant roles in an ecosystem applying Ecosystem control requirements and applying them at a role level.
8. ToIP Trust Assurance Framework Implementation Guide is a reference guide to Governance Authorities to assist in creating an appropriate risk-based scheme for an ecosystem

Intellectual Property Rights (Copyright, Patent, Source Code)

As a Task Force (TF) of the Governance Stack WG (GSWG), the GSWG TA TF inherits the IPR terms from the GSWG JDF Charter. These include:

• Copyright mode: Creative Commons Attribution 4.0. For the GSWG TA TF, this is probably the only relevant licensing provision.
• Patent mode: W3C Mode (based on the W3C Patent Policy). The GSWG TA TF is not expected to produce any deliverables subject to patent rights.
• Source code: Apache 2.0, available at http://www.apache.org/licenses/LICENSE-2.0.html. The GSWG TA TF is not expected to produce source code.

Milestones

Key milestones will include, but are not limited to:

1. Establishment of GSWG Process and Roles Task Force
2. Definition of generic roles and process by the GSWG P&R TF
3. Establishment of GSWG Trust Assurance Task Force
4. Drafting of Trust Assurance Roles and Responsibilities
5. Drafting of Trust Assurance Process descriptions
6. Drafting of Levels of Assurance definitions
7. Drafting of an Initial Set of Trust Criteria for all ToIP layers
8. Drafting a Certification Scheme Model and Primer

The GSWG TA TF will be formed after an initial set of role and process documents have been created by the GSWG PR TF

The work of the GSWG P&R TF will be complete when a baseline set of deliverables are submitted to the GSWG and the ToIP Steering Group.  It is likely that the Task Force will morph into its own working group at some point of its maturity

Meeting Schedule

To be developed

Mailing List and Communications

This task force uses the following for communications

• Mailing List: Currently this TF will use the mailing list available to the members of the Governance Stack WG. If it reaches sufficient volume, this TF may set up a dedicated mailing list.
• Slack: This TF has its own dedicated Slack channel: #gswg-trust-assurance-tf