...
- It was commented that a trust mark is a tangible representation of a certification, which informs about the scope of certification, expiration date, applicable assurance levels, class of approval, organization that operates the service, etc. Kantara has a Registry where the Trust Marks are listed.
- It was added that in Virginia law, the trust mark on an identity credential provides a warranty of compliance with the rules and policies of a particular identity trust framework in asserting identity and identity attributes. So, a trust mark could have legal value beyond mere marketing branding purposes. Kantara confirmed that in its framework the trust mark has legal implications, if the party does not follow the policies, terms and conditions the trust mark is revoked.
- It was commented that the UK government should monitor the use of the trust mark.
- A digital and machine readable version of trust mark is desiredmight be useful, as well as a visible trustmark.
Question 7
- It was pointed out that services are certified not organizations.
- It was clarified that Kantara's model suggests to integrate a service with a certified SP, but it does not oblige it. Moreover, Kantara's CO_SAC (CO#0320 and CO#0330) addresses the interaction with external services and the risk mitigation measure includes contract arrangements to enforce the implementation of the policies and procedures.
...