|
|
|
 |
|||||||||||||||||||||||||||||||||
Surveying Market Expectations of Trustworthiness in Third Party Electronic Services Summary of a Report for the UK Department of Trade and Industry Information Security Policy Group, Published 28 April 1997 The study was undertaken for the UK Department of Trade and Industry's Information Security Policy Group to determine the market's perception of the word "trust" in the term "electronic Trusted Third Party Services (TTPSs)". Undertaken principally in the UK, with additional input from BE, the EC, DE, DK and FR, the study involved some thirty-nine interviews in a market survey which examined the questions "What are the elements of a TTPS which influence trust?" and "What processes might help in demonstrating that trust in these elements is justified?". The survey produced extensive insights into the state of the market for TTPSs. A significant finding was that there appeared to be a broad need for greater familiarity with the concepts and potential benefits of TTPSs. The market is still at a low level of maturity. True, there are already some significant TTPSs operating, and experienced individuals in a number of related fields, (as providers and users of these services, consultants, auditors, regulators) but there remains a wide area where improved awareness would be beneficial. It is anticipated that there will be a significant burgeoning of the marketplace over the next five years or so. Because of the relative immaturity of the marketplace it was not possible to answer definitively both of the project's objectives. Nevertheless, the findings of the survey revealed valuable information, lent support to a taxonomic model of TTPSs which is of great use in understanding the nature of TTPSs and the relationships between services and their providers / users, and supported the identification of key trust elements. The technology to achieve the implementation of digital signature and confidentiality functions is only one aspect of the problem - the areas needing attention revolve around how such technology and its operational environment can be assured, what liability provisions exist, and the supporting infrastructure (including the legal framework) which exists. A major issue in the infrastructure domain is the urgent need for steps to be taken to achieve international recognition of these infrastructures and frameworks which facilitate interoperability across national boundaries without imposing constraints upon commercial efficiency. The survey and subsequent analysis identified two principal courses of action which the DTI could follow - one, to put into effect positive licensing régimes for the regulation of TTPSs, the other to let the marketplace decide for itself what measures it needs implemented whilst offering support to the development of awareness and best practices in the domain and specifying the limits and boundaries only. These two choices are not necessarily mutually exclusive. The study's report proposed to the DTI a number of potential actions it could undertake, each supported by provision of a broad action to increase awareness generally. These recommendations were taken into consideration by the DTI as a part of its strategy for supporting UK industry's participation in electronic commerce. SPONSORSHIP & PROJECT TEAM The project was sponsored by the UK Department of Industry, and intended to solicit a European-facing UK perspective on the issue of trust in TTPSs. The project was led by the Zygma Partnership (UK) with Gamma Secure Systems Limited (UK), Needham & Grant (UK), Industrieanlagen-Betriebsgesellschaft mbH (DE) and PSTI-Evaluation (FR). All five companies are highly experienced international information security consultancies or lawyers, with wide experience in matters concerning the development of TTPSs, business risk management, trust, third-party security accreditation and the law. |
||||||||||||||||||||||||||||||||||
|
14 January, 2003 |
|
