Work Package 1: Trust Management Model
A Trust Model is a tool that helps one visualize and understand the degree of confidence that is intentionally or unintentionally granted to individuals and/or systems, based on the associated risks that are inherent with granting this confidence. The more completely the trust model is defined, the greater awareness one will gain of the threats and vulnerabilities and especially the risks based on those threats and vulnerabilities.
The Trust Model should describe how trusted transactions can be made between different fare areas when an unknown customer uses an unknown smart card.
As an example: Let us assume it is possible for a regular customer of STIB in Brussels to use his MoBiB card for travelling in London. How do his Euros finally end up as British Pounds in the pocket of Transport for London? How can you be sure that the transaction is at all genuine?
How can you be sure that the other IFM Region is not cheating with you by increasing the figures?
Of course, no system is completely fail proof and things can and will go wrong. But what are the weaknesses of the system? What is the so called residual risk that needs to be accepted between IFM areas (who pays for the losses)?
How can transactions be done when the systems are off-line?
One factor that makes this WP very complicated is that IFM Systems should be designed as open systems. The associated 'trust model' is far more complex than the alternative 'deny model' which is rather based on the initial refusal of access. How can you be sure that you are guarding all the doors?
Who can guarantee the authentication processes, confidentiality, and integrity of data transferred? Who has the ability to hold transacting parties accountable? Should this be done centrally and if yes by whom?
There are many questions like this that need to be addressed. In this Forum you can raise your own concerns.
This first working package, lead by ITSO, will determine the minimum of common features - the features that are required from an interoperable point of view - of an European Trust Model and the requirements for an European Secure Application Module (EU-SAM).
