Trust is an illusive notion. I read that once on a dissertation from one of my students. Trust is many things so it’s hard to give a solid definition, apparently. Trust at it’s core had three elements; capability, intent and opportunity. ‘I trust you not to kill me’, Philip Runkel once wrote, hinting at the potential intent of the person we was talking to. I trust you to drive my car (given the fact that you have a drivers license) but I do not trust you to perform brain surgery on me. Trust in humans is therefore generally based on a risk assessment of a person’s intent; given the fact that they have the skill needed for the task and the opportunity to fulfill that task. Having to guess a person’s intent result in a Boolean outcome. Yes I trust you, or no I don’t. If I trust you, I must have enough empirical or associative information to substantiate that claim, if I don’t trust you I do not have this information, or have explicit information that proves malicious intent. Enough said on the trust in humans.

Trust domains in an IT network:

We use a false definition of trust in nearly all trust domains. A trust domain is an isolated part of the network, a secluded place, a sanctuary. Unfortunately we do not use the principles of trust in humans and apply those to the network, no, we trust the humans on this network based on network principles. Perhaps that statement needs a little more elaboration. Based on the control structure of a trust domain we expect users to behave a certain way. In a sense, we trust our own ability to make a distinction between good and bad, based on a set of controls. The more trust we have in the controls, the more trust we have in the domain. Sadly, this control structure has little knowledge or flexibility in relation to a human’s intent.

A friend of mine made a very valid statement during the COSAC conference in Ireland. He stated that every domain is a trust domain, because we can trust it to the level zero. John Sherwood, present during that conference, elaborated a little further: he stated that the trust we have in a domain should be relative to the task it is set out to perform. I.e. I trust this domain to perform task xyz. This obviously makes life a lot easier. Multiple domains with multiple clear tasks can be trusted based on measurable and not on human intent. A network, as contrast to human behavior only has capability and opportunity as trust elements and has no intent.

Clearly the above mentioned is intended as the starting-point of a discussion. Perhaps I’m just blabbering. Please let me know: marco.plas@ the domain your looking at...

-- Marco