January 2019

Conceptual Framework for Trust Scheme Translation

One of our latest deliverables provides the final design of the Conceptual Framework for Trust Scheme Translation within the LIGHTest architecture. This final stage of the conceptual framework results from the integration of the different trust schemes, and their representation, and the formats for expressing trust translation lists, in order to support reasoning about translation in a compatible way with the publication framework of WP3 and achieve seamless integration.

To have a general view of the concept of a Trust Translation Authority, as the main actor for the translations in LIGHTest, this deliverable presents the design of the model of the TTA, consisting of a DNS server with DNSSEC extension and at least one Trust Translation List Provider, which is operated by the Trusted Scheme Operator and provides a list of the Recognized Trust Scheme Levels for which a bilateral agreement provides a translation to a given Trusted Scheme.

It includes the interplay of Trust Scheme Level Translation and Trust Scheme Publication, as part of the integration of the different components in the framework. The details of the Trust Policy Language (TPL) are provided, explaining how this tool can be used as a way of representing the translations between Trust Scheme Levels not only in the simplest cases but in more complex cases like tuple-based schemes.

The different components of a Trust Translation Authority are explained from a technical and functional point of view, describing the modules that are needed for the construction of a complete framework and how they are performing their different tasks involved in the translation creation. A Trust Translation List Provider as the main component that provides the data required for representing a translation between a Trusted Scheme and a Recognized Scheme.

After presenting all the components, the deliverable explains how these components perform the two main actions of the TTA: the publication and the discovery. The publication as the method to make the translation declaration available using DNS-based mechanism and the discovery process as the way the Trust Translation List is being retrieved from LIGHTest.

Finally, an example of a scenario of a trust translation is presented. This scenario has been chosen in the mobile environment, in order to open the range of possibilities where the LIGHTest infrastructure can be used as a use case.

You can read the full deliverable here