An ever increasing number of transactions are conducted virtually over the internet. How can you be sure that the person making the transaction is who they say they are? LIGHTest develops a global lightweight trust infrastructure providing parties of electronic transactions with automatic validation of trust based on their individual trust policies through the publication, querying and cross-jurisdiction translation of information relevant in making decisions.
Expected Outcomes
- Creation of a Global Trust Infrastructure at Feasible Effort
LIGHTest addresses this possibly most difficult challenge through reuse of the existing Domain Name System (DNS). In particular, LIGHTest employs the global DNS system as-is. Only marginal additions render it usable as a global trust infrastructure. It does so by following well-established strategies of other kinds of trust management.
- Global Acceptance of the Approach Beyond Europe
LIGHTest addresses this challenge by embedding its technical innovations into an inclusive and collaborative strategy that positions LIGHTest from the start as a global initiative, open to extra-European collaboration.
- Support for Heterogeneous Trust Models, since Homogeneous Models Fail to Scale Globally
LIGHTest supports heterogeneous models of trust by moving the decision point for who is trusted to the verifier’s trust policy. It typically selects and combines few existing large scale trust schemes (such as that of EU qualified signature) and can further personalize it with local black- and white-lists.
- Automatic Handling of Subsidiarity Principle in Trust Schemes
LIGHTest addresses this challenge by using the native and massively proven DNS mechanism to delegate the management of sub-domains to third parties. The mechanism can support an arbitrary depth of the hierarchy and the LIGHTest client libraries render the hierarchical structure of trust schemes transparent to verifiers.
- Access to Trust Schemes based on Human-Readable Names
LIGHTest addresses this challenge by using DNS domain names to identify trust schemes. For example, the European trust scheme of qualified signatures may be named “qualified.TRUST.ec.eu”. Here, qualified is the scheme name, ec.eu the authority responsible for the scheme, and TRUST a standardized constant word used across the trust infrastructure. Using the existing DNS, this name can then be used by software to locate and access the data that is contained in the named trust scheme.
- Use of a Single Trust Root to Replace a Multitude of trust Anchors
LIGHTest addresses this challenge by applying the existing, unique, and globally accepted trust root of the DNS. The standard mechanism of the DNS (with DNSSEC extension) allows to derive trust in trust scheme data from this single trust root and the (domain) name of the trust scheme.
- Integration of Multiple Types of Trust Schemes in a Single Infrastructure
LIGHTest addresses this challenge by using a very generic model of trust scheme and supporting an open number of trust schemes to coexist concurrently.