EC DGXIII/0.7 ETSII Project SEDUCER (23186)


Click here to down load our Trust Framework, here for our report on recommended actions (128K bytes) and here for our final study report.


The SEDUCER project has established and validated a Trust Framework Model (TFM), supported by a universal structured method (the Trust Assurance Specification - TAS) for describing the measures put in place to establish trustworthiness and a User Guide to support application of the Model and generation of the TAS.

As a framework, SEDUCER has to be applicable to as many types of ‘Trusted Services’ and in as many contexts as possible. A consequence of this is that it provides alternative means for delivering trust, and thus may be used to demonstrate equivalence between approaches and to determine an appropriate mix of methods. For example, a balance between ITSEC/CC evaluation, BS 7799 assessment, insurance and membership of a professional body, such as the Trust Services Association (now legally established in the UK). The benefits of this approach can be summarised in that it is flexible, addressing all aspects of a service. It is predicated on open standards, wise enough to realise that new standards and assurance techniques will be developed. It provides a common basis for comparing trust, together with a supporting methodology and, where appropriate the missing links (the ‘glue’ as we call it) to fit together diverse standards, originally conceived as stand-alone specifications. We believe the ability to achieve the integration of intrinsically disparate standards is one of SEDUCER’s major strengths.

SEDUCER’s results have been validated by a group of experts with wide experience in differing sectors. In the large their response has been significantly in favour of the outcome of our efforts, which seem to fit well with practices being adopted in both the supply and consumer sides of the Trust Services marketplace.

To support its technical outputs the project has made a number of recommendations which adopt a strategy of placing firmly into the public domain the TFM and its related components, proposing parallel measures aimed at both de facto and de jure standardisation, and supporting actions which the EC DGXIII could implement under its Fifth Framework Programme.

Finally, the project has actually been used by (at least) one of its validators to cross-check their approach to their developing Trust Services, as a result of which their approach was revised and enhanced. Also, the TFM is being applied in a current assignment by one of the consortium partners, and hence we are sure that what we have produced fits well with the approach being taken by commercial providers of trust Services, and fulfils its objectives.


This study has set out to fill a gap apparent in previous ETS studies, namely attempting to define what trust is, and moreover, how it could be quantified, measured and in particular, demonstrated. The work undertaken within SEDUCER takes into account the findings of a previous report prepared by the same consortium under an assignment from the British Government’s Department of Trade and Industry (the "Market Expectations Study). This study took the form of a European-wide market survey. It asked the questions "What is it about a Trusted Service that a User needs to be able to trust?", and if those ‘elements’ can be identified, "How could the trust be gauged?"

SEDUCER has built upon the findings of this study, from other work undertaken within the Commission’s INFOSEC programme, and elsewhere, and has taken them significantly forward.

Demonstration of trustworthiness is one of the most important aspects for the wide acceptance of any service provided by a Trust Service Provider. While the functional requirements of the different types of Trust Services are generally well understood, no complete framework has yet been established which can be used by Trust Service Providers to demonstrate the level of trust or confidence needed by their customers or business partners. Furthermore, trust in technical components is all too often confused with quality assurance and development assurance techniques. Aspects of physical, personnel and procedural security are frequently overlooked, as are the security needs of provider organisations' clients. It is clear that the way trust is provided, as well as the level of trust needed, is dependent on the type of service as well as the value of the assets influenced by the service. Consequently, considering all these factors and requirements, it was unlikely that a single scheme for the provision of trust would satisfy the needs of all types of use and provision of Trust Services, and a flexible approach had to be defined.