07/05/2003 Brian Matthews 1 Trust Management and the Semantic Web Brian Matthews
Dec 18, 2015
07/05/2003 Brian Matthews 5
Building Trust into e-Services: Why?
e-Services are now central for European business and in daily life Marked expansion in: Electronic services based on the Internet,
Web and mobile networks
However, there is still major concern about the trustworthiness of e-Services:
"While internet penetration is growing rapidly, all the evidence "While internet penetration is growing rapidly, all the evidence shows that consumer confidence in the e-commerce medium itself shows that consumer confidence in the e-commerce medium itself and in cross-border transactions remains low.and in cross-border transactions remains low.
E-commerce, therefore, is an insignificant part of final E-commerce, therefore, is an insignificant part of final consumption within the European Union – significantly below 1% of consumption within the European Union – significantly below 1% of
total retail sales."total retail sales." [David Byrne, European Commissioner for Health and Consumer Protection]
“Despite the presence of effective base technologies, there remains a need for further innovation before trust can be managed efficientlymanaged efficiently at the service level.” Patricia Hewitt - UK minister for e-commercePatricia Hewitt - UK minister for e-commerce
07/05/2003 Brian Matthews 7
Example 1: e-Services
vendor
Ford
offers
£10000
price
http://www.rustycars.com
buyer
cardnumber
935783468
limit
£20000
guarantees
BankWhich
rates
bargain
value
BrokerUsage
Privacy
07/05/2003 Brian Matthews 8
Example 2: Virtual Organisations
• Transient Virtual organisations.
• Need to be mediated via policies, on the fly SLAs, and Trust valuations– See Trustcom
An engineer within organisation A wants to perform an analysis on a material. By accessing a data portal at site B, she discovers a suitable data set held by a data archive C. The analytical tools are
provided at university D within her Virtual Organisation. She initiates the analysis by passing the reference to the data set from B to D, which is
then accessed by the analysis tools. D then determines that it does not have enough
computational resource available, and determines that a computer is available at different institution E
and delegates part of the job there. Finally, D completes the job and return the results to A. D also
caches the results of the analysis locally and registers the fact that the precomputed results are available with the portal B and the data provider C. However, the analysis has taken several hours, so the engineer has established a user proxy agent to represent her, collect the results, make payments as appropriate and close down the collaboration.
A
E
D
CB
07/05/2003 Brian Matthews 9
Specialised standards
• Secure MIME (S/MIME)• Open PGP (OpenPGP)• XML digital signatures
(XMLDSIG)• XML encryption (XMLENC)• X.509 Public Key
Certificates• Internet X.509 Public Key
Infrastructure (PKIX)• XML Key Management
Services
• Kerberos ticket issuing systems
• Security Assertions Markup Language (SAML)
• Extensible Access Control Markup Language (XACML)
• Web Services Security (WSS)
• Platform for Internet Content Selection (PICS)
• Platform for Privacy Preferences (P3P)
Many existing approaches to managing aspects.
• Inflexible, do not evolve over time, not context or person sensitive
• Reliability criteria poorly covered
• Looking for a common model
07/05/2003 Brian Matthews 10
Problem Characterisation
• Across open distributed systems (Web, Grid)• Establish relationships with agents with no
prior knowledge.• Accessing semi-closed resources.• Context based decision making
– What is being done– Who they are– Experience– Context
• Need to be underpinned by Trust
TRUST
+: Ensure that Good things do happen (reliability, QoS,)
-: Ensure that Bad things don’t happen (security, fraud,
privacy).
07/05/2003 Brian Matthews 11
A Working Definition of Trust A Working Definition of Trust
This period may be in the past (history), the duration of the service (from now and until end of service), future (a scheduled or forecasted critical time slot), or alwaysThis period may be in the past (history), the duration of the service (from now and until end of service), future (a scheduled or forecasted critical time slot), or always
Dependability is deliberately understood broadly to include security, safety, reliability, timeliness, maintainability
Dependability is deliberately understood broadly to include security, safety, reliability, timeliness, maintainability
The measurement may be absolute (e.g. probability) or relative (e.g. dense order)The measurement may be absolute (e.g. probability) or relative (e.g. dense order)
Trust is relative to a specific service. Different trust relationships appear in different business contextsTrust is relative to a specific service. Different trust relationships appear in different business contexts
Trust of a party Trust of a party AA to a party to a party BB for a service for a service XX is is
the measurable belief of the measurable belief of AA in that in that BB behaves behaves dependably for a specified period within a dependably for a specified period within a
specified context (in relation to service specified context (in relation to service XX))
07/05/2003 Brian Matthews 12
A Working Definition of Distrust A Working Definition of Distrust
Distrust of a party A to a party B for a service X is A’s measurable
belief in that B behaves non-dependably for a specified period within
a specified context (in relation to service X)
We need distrust in order: • revoke previously agreed trust when entities are trusted, by default,
• to capture “being blacklisted’’ for a class of potential business
transactions.
• etc ..
07/05/2003 Brian Matthews 13
Building Trust into e-Services: How?
Incorporate trust elements in e-service technologyIncorporate trust elements in e-service technology
analyse trust requirements for e-services model trust in the development of e-services
• subject of the next section of this talk
• Thanks to Theo Dimitrakos
integrate trust management in the deployment of e-services
• Especially, how do we integrate trust management into
established open distributed systems
• WWW, Grid
• This is the subject of the rest of this talk
• Ideas and work in progress
07/05/2003 Brian Matthews 14
A Working Model of Trust A Working Model of Trust Structural Properties of Trust Relationships Structural Properties of Trust Relationships
–Its measurement is based on evidence, experience and perception.
SallySally RobRob
JohnJohn
John trusts Sally to keep his savings John trusts Sally to keep his savings moremore than he trusts Robthan he trusts Rob
Trust is a measurable belief Trust exists and evolves in time–Trust relationships expire. –The level of trust may change over time
John trusted Sally to ride a bike 30 years John trusted Sally to ride a bike 30 years ago. He does not trust her any more.ago. He does not trust her any more.
TIME TIME
30 years
07/05/2003 Brian Matthews 15
Trust is relativised to a service Trust between collectives does not necessarily distribute to trust between their members
John trust her tutees to do well in their John trust her tutees to do well in their group project but he does not trust Mary to group project but he does not trust Mary to do well in her part do well in her part (John thinks Mary does most of the work) (John thinks Mary does most of the work)
Mary trusts Sally to baby-sit but not to Mary trusts Sally to baby-sit but not to drive her car. drive her car.
A Working Model of Trust A Working Model of Trust Structural Properties of Trust Relationships Structural Properties of Trust Relationships
07/05/2003 Brian Matthews 16
A Working Model of Trust A Working Model of Trust Structural Properties of Trust Relationships Structural Properties of Trust Relationships
• Measuring self-trust facilitates delegation Measuring self-trust facilitates delegation
Trust is reflexive - yet trust to oneself is measurable
Trust is not necessarily transitive
Mary trusts her lawyer to win her case in Mary trusts her lawyer to win her case in court more than she trust herself to do so court more than she trust herself to do so
– John trust Bob to be his barber John trust Bob to be his barber – Bob trusts Nick to be his barberBob trusts Nick to be his barber– John does not trust Nick to be his barberJohn does not trust Nick to be his barber
(John has had bad experience with Nick and he (John has had bad experience with Nick and he is able to chose between Bob and Nick is able to chose between Bob and Nick
-- Bob cannot cut his own hair )-- Bob cannot cut his own hair )
07/05/2003 Brian Matthews 17
A Working Model of Trust A Working Model of Trust Transference of Trust Transference of Trust
• Guarantor offers a formal promise or assurance, that all obligations of the parties she guarantees for will be fulfilled in the context of a transaction and will be of a specified quality and durability.
• Intermediate intervenes between other parties in a business transaction and mediates so that they establish a business relationship with or without their knowledge.
• Adviser offers recommendations about the credibility of another party.
Trust is (unintentionally) transitively transferred along certain mediating parties.
Dimitrakos IFIP I3E 2001
07/05/2003 Brian Matthews 18
A Working Model of Trust A Working Model of Trust Transference of Trust: Transference of Trust: Guarantors
• All parties involved have to exhibit sufficient trust in each other or in a guarantor in order to be engaged in a business transaction.
• Trust established through a guarantor is not necessarily (directly) transferable.
A B
G
B C
G
A C
G
• Indirect ways to transfer trust via hierarchies of guarantors may be feasible.
A B
G
B C
G
A C
G’;G
G’
07/05/2003 Brian Matthews 19
A Working Model of Trust A Working Model of Trust Transference of Trust: Transference of Trust: Intermediates
Intermediate is a party that intervenes between other parties in a business transaction and mediates so that they establish a business relationship with or without their knowledge.
– Transparent: an intermediate who identifies the parties she is mediating between to each other.
– Translucent: an intermediate who identifies the existence of the parties she is mediating between to each other but not their identity.
– Opaque: an intermediate who hides the existence of the parties she is mediating between from each other.
–Proxy: an intermediate who is authorised to act as a substitute of another entity.
07/05/2003 Brian Matthews 20
A Working Model of Trust A Working Model of Trust Transference of Trust: Transference of Trust: Intermediates
(Dis)trust is not transferred along an opaque intermediary
• Mary trusts John’s cooking - she likes the Mary trusts John’s cooking - she likes the
meals John prepares for her. meals John prepares for her.
• John buys off the self precooked meals John buys off the self precooked meals but he doesn’t tell Mary. but he doesn’t tell Mary.
Trust is transferred along transparent intermediaries
– distrust is not.• John sends his products via Royal Mail.John sends his products via Royal Mail.
• Mary decides to purchase John’s Mary decides to purchase John’s products. She expects the products to be products. She expects the products to be delivered as agreed. delivered as agreed.
• Mary places her trust on the Royal Mail Mary places her trust on the Royal Mail delivery service.delivery service.
07/05/2003 Brian Matthews 21
A Working Model of Trust A Working Model of Trust Transference of Trust: Transference of Trust: Intermediates
(Dis)trust in a subcontractor of a transparent intermediary is transferred to (dis)trust in the intermediary.
Trust is transferred anonymously along translucent intermediaries
– distrust is not.
• Mary considers changing health Mary considers changing health
insurance because she does not trust the insurance because she does not trust the
private hospital she is being referred to. private hospital she is being referred to.
• John sends his products via courier.John sends his products via courier.
• Mary decides to purchase John’s Mary decides to purchase John’s products. She expects the products to be products. She expects the products to be delivered as agreed. delivered as agreed.
• Mary places her trust on the John’s Mary places her trust on the John’s choice of delivery service.choice of delivery service.
07/05/2003 Brian Matthews 22
A Working Model of Trust A Working Model of Trust Transference of Trust: Transference of Trust: Advisors
• Trust in an advisor is transferred to the recommended party - distrust is not. – The more A trusts T the more she relies on her recommendation.
• Distrust in a recommended party is transferred to the advisor – trust is not. – A’s distrust in a party B recommended by T for a service X prompts A to question T’s competence as an advisor for X.
• Advisors distinguish between recommendations based on “first hand” and
“second hand” evidence. In the latter case they ought to identify their sources. – If T1 and T2 pass to A advise by T as their own observations then T gains an unfair
advantage in influencing A.
07/05/2003 Brian Matthews 23
A Working Model of Trust A Working Model of Trust Transference of Trust Transference of Trust
The opposite initial values affect each other and the final decision depends on the resulting balance between trust and distrust in each party, and the tendencies of the trustor. This would not have been possible, had trust been viewed as a binary operator, because transitivity of trust would have lead to inconsistency
Trust and distrust are allowed to be transferred in opposite directions
This does not necessarily result in a conflict
Distrust propagates through trust.
Distrust obstructs the propagation of trust. If A distrusts an intermediary T for a service X then A will ignore T's mediation to the extent of the distrust.
07/05/2003 Brian Matthews 24
Formal Presentation of Trust
Subjective logic (Jøsang)
Addresses the problems of forming a measurable belief about the truth or falsity of an atomic proposition denoting a state, event or identifying an agent, in the presence of uncertainty.
Addresses the problems of forming a measurable belief about the truth or falsity of an atomic proposition denoting a state, event or identifying an agent, in the presence of uncertainty.
Integrates classical logic and a theory of subjective probabilities based on an extension of the Dempster-Shafer theory of evidence . Integrates classical logic and a theory of subjective probabilities based on an extension of the Dempster-Shafer theory of evidence .
An opinion is a triple where:An opinion is a triple where: b measures belief, represented as the subjective probability that the proposition b measures belief, represented as the subjective probability that the proposition is true;is true; d measures disbelief, represented as the subjective probability that the d measures disbelief, represented as the subjective probability that the proposition is false; proposition is false; u measures uncertainty, represented as the subjective probability that the u measures uncertainty, represented as the subjective probability that the proposition is either true or false;proposition is either true or false; b+d+u=1b+d+u=1
A strong correlation between this opinion model and the probability density functions A strong correlation between this opinion model and the probability density functions associated with the beta distribution ensures that opinions can be deterministically associated with the beta distribution ensures that opinions can be deterministically established if all available evidence can be analysed statistically.established if all available evidence can be analysed statistically.
An opinion is a triple where:An opinion is a triple where: b measures belief, represented as the subjective probability that the proposition b measures belief, represented as the subjective probability that the proposition is true;is true; d measures disbelief, represented as the subjective probability that the d measures disbelief, represented as the subjective probability that the proposition is false; proposition is false; u measures uncertainty, represented as the subjective probability that the u measures uncertainty, represented as the subjective probability that the proposition is either true or false;proposition is either true or false; b+d+u=1b+d+u=1
A strong correlation between this opinion model and the probability density functions A strong correlation between this opinion model and the probability density functions associated with the beta distribution ensures that opinions can be deterministically associated with the beta distribution ensures that opinions can be deterministically established if all available evidence can be analysed statistically.established if all available evidence can be analysed statistically.
07/05/2003 Brian Matthews 25
Formal Presentation of Trust
Subjective logic (Jøsang)
Conjunction Conjunction forms an opinion about the conjunction of two propositions that refer to distinct judgements by the same agent.
Disjunction Disjunction forms an opinion about the disjunction of two propositions that refer to distinct judgements by the same agent.
Negation The negation of an opinion about a proposition being true amounts to the opinion about the same proposition being false. Discounting (Recommendation) The discounting operator combines agent A’s opinion about agent B’s advice with agent B’s opinion about a proposition expressed as an advice from agent B to agent A.
Consensus The consensus operator combines the opinions of two agents A and B about the same proposition in a fair and equal way, resulting in the opinion of an imaginary agent A+B.
Daskalopulu, Dimitrakos, Maibaum 2001Daskalopulu, Dimitrakos, Maibaum 2001
07/05/2003 Brian Matthews 26
Analyse Trust: Trust ManagementAnalyse Trust: Trust Management
It is the total process of identifying, controlling and minimising the impact of deception and failure in trust.
It analyses threats and trust inclinations while supporting the formation of dependable intentions and controlling dependable behaviour.
Trust management subsumes and relies on risk analysis and risk management.
BehaviourBehaviour
IntentionsIntentions
InclinationsInclinations
Trust Management aims to maximise trust while minimising risk.Trust Management aims to maximise trust while minimising risk.
07/05/2003 Brian Matthews 27
Analyse Trust: Overview
Intentions Intentions capture the extent to which a party is willing to depend on other parties (including themselves) within a specified context and in relation to a specific service.
Intentions Intentions capture the extent to which a party is willing to depend on other parties (including themselves) within a specified context and in relation to a specific service.
InclinationsInclinations refer to the tendencies of an agent towards a particular aspect, state, character or action.
InclinationsInclinations refer to the tendencies of an agent towards a particular aspect, state, character or action.
BehaviourBehaviour captures the extent to which a party behaves dependably including the act and effects of trusting. It implies acceptance or treatment of risks and their impact
BehaviourBehaviour captures the extent to which a party behaves dependably including the act and effects of trusting. It implies acceptance or treatment of risks and their impact
ManagementManagement:
controls the
conception,
evaluation,and
endorsement
of trusting
intentions
ManagementManagement:
controls the
conception,
evaluation,and
endorsement
of trusting
intentions
Dependable Dependable
BehaviourBehaviourDependable Dependable
BehaviourBehaviour
Dependable Dependable
IntentionsIntentions Dependable Dependable
IntentionsIntentions
Trust Trust
InclinationsInclinationsTrust Trust
InclinationsInclinations
Dimitrakos IFIP I3E 2001 Dimitrakos & Bicarregui ICECR-4, 2001
07/05/2003 Brian Matthews 30
A Working Model of Trust: Highlights
• Analysis– Assess Dependability– Assess Risk– Measure Divergence from
prescribed behaviour– Assess recommendations
• Analysis– Assess Dependability– Assess Risk– Measure Divergence from
prescribed behaviour– Assess recommendations
• Modelling – Intentional modelling
– Policy specification
– Business Process Modelling
– System Modelling
• Modelling – Intentional modelling
– Policy specification
– Business Process Modelling
– System Modelling
• Logic– Belief Formation
– Subjective Reasoning
– Legal & Deontic Reasoning
– Conflict Resolution
• Logic– Belief Formation
– Subjective Reasoning
– Legal & Deontic Reasoning
– Conflict Resolution
• Management– Policy Oriented Management
– Contract Management
– Risk Management
• Management– Policy Oriented Management
– Contract Management
– Risk Management
TRUSTMODEL
What about the deployment?
07/05/2003 Brian Matthews 31
Supporting Trust: Web Services?
• Increasingly popular standards-based framework for accessing network applicationsWSDL, SOAP, WS-Inspection, UDDI etc
However for Trust we need to be able to – Specify what actors want to do
– Specify in what contexts actions take place
– Specify recommendations and trust valuations about resources
– Need to share vocabularies and agree common meaning of terms
– Capture Experience
– Provide reasoning about trust statements
• The Semantic Web offers a set of tools which can support the implementation of Trust
07/05/2003 Brian Matthews 35
Web of Trust?
Trusted statements through proofs over signed statements and rules.
- This is not really what I mean by trusted!
07/05/2003 Brian Matthews 42
• Establishing that the interactions between actors on the Web are trustworthy– Security: access control, authentication and authorisation and policies– Reliability and dependability– Quality ratings– Personalisation: Privacy, confidentiality, user preferences, accessibility – IPR
• Dynamic virtual organisations over Web Services– Transferring trust from third parties– Establishing service-level agreements which can be relied upon
• Establishing trust between agents that have no prior knowledge of each other – prevent the growth of future wide area distributed systems
Trust on the Web
07/05/2003 Brian Matthews 43
SWAD-Europe
Semantic Web Advanced Development in Europe
• Purpose is to encourage the use of Semantic Web tools and techniques now:– By an outreach programme– By developing practical demonstrators– By providing tools and standards
• Partners:– Univ. of Bristol, W3C-INRIA, CCLRC, HP Labs,
Stilo
07/05/2003 Brian Matthews 44
SWAD-Europe: WPs
Thesuari Queries
Trust
Semantic Portals
SW + WS Semantic Blogging
XML + RDFAccessibility
Scaleability
AnnotationsDatabases
Visualisation
07/05/2003 Brian Matthews 45
What we want to do?
• Survey of Web and trust methods– Those already in Semantic Web: PICS, P3P, CC/PP– Other Web trust initiatives: XSig, XEncrypt, XACML, SAML, – Other distributed trust work: e.g. Ponder, trust evaluation.
• Usage scenarios of trust on the Web– E-Commerce, access control, …
• Framework for Trust within the Semantic Web.– Ontologies for trust statements– Applying trust policies
• Develop tools for processing RDF statements against policies.
• Relate general trust values across all the applications– A general trust framework for the Semantic Web
07/05/2003 Brian Matthews 46
Towards a Framework for Trust using the Semantic Web
• A representation of trust statements in RDF
• E.g. “A has trust in B to do X in context Y in time period (T1, T2) to value 0.8”
A
T2
X
0.8
B
T2
trusts
trustee
value
action
Y
contextendbegin
07/05/2003 Brian Matthews 47
Towards a Framework for Trust using the Semantic Web
• Or use Classes to represent general rules• E.g. “A has trust in members of Class C to do X in context Y
in time period (T1, T2) to value 0.8”
• With WebOnt gives the possibility of more complex rules for trust valuations.
A
T2
X
0.8
C
T2
trusts
trusteeClass
value
action
Y
contextendbegin
07/05/2003 Brian Matthews 48
Propagation of Trust through Semantic Networks
• The Semantic Web provides a semantically rich network of resources
• Add trust valuations to links (from 1-9)
• Calculated the propagation of trust via the rules in the above framework
• FOAF is a candidate for adding trust values to links between people
Golbeck, Hendler and Parsla 2002
A
B
n
jij
n
jjsijij
jsijijjs
is
t
ttift
ttiftt
t
0
0 2 )(
)*(
6
8
9
2
8
9
3
6
6
76
5
07/05/2003 Brian Matthews 49
• Platform for Internet Content Selection (PICS) - quite an early Recommendation from the W3C (October 96).
• Labels, Filters, Rating – a set of categories on a rating system• PICS Rules - Defining a filtering policy
Ratings Services
07/05/2003 Brian Matthews 50
PICS and Trust
• One of the aims of the RDF effort was to provide a generalised way of doing rating. – Now a proposed RDF format and
under reconsideration
• PICS is about Third parties providing additional properties about resources – its ideal for trust! – Use RDF/PICS vocabulary to define
recommendations.– PICS services become
recommendations services
• Generalise this method to provide a trust recommendation service
<rdf:Description xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:p="http://www.w3.org/TR/WD-pics2.0#" xmlns:gcf="http://www.gcf.org/v2.5#" about=""> <p:by>John Doe</p:by> <p:until>1995.12.31T23:59-0000</p:until> <rdf:Description about="http://w3.org/PICS/Overview.html"> <p:until>"1995.12.31T23:59-0000"</p:until> <gcf:suds>0.5</gcf:suds> <gcf:density>0</gcf:density> <gcf:hue>1</gcf:hue> </rdf:Description> <rdf:Description about="http://w3.org/PICS/Underview.html"> <p:by>Jane Doe</p:by> <gcf:subject>2</gcf:subject> <gcf:density>1</gcf:density> <gcf:hue>1</gcf:hue> </rdf:Description> </rdf:Description>
07/05/2003 Brian Matthews 51
Trust Policies and Statements in RDF
• Express policy in RDF
• Present a trust statement to the Policy in RDF
• Proof satisfaction of one to other
• Problems: e.g. representing free variables.
• RuleML etc
Edit_forms
hasPolicy
FRSPolicy
Policytype
positivesubject Liz
typeEmployee
Project Manager
jobtitletarget
type
PolicyStatement
/Finance/FrSWeb/Lookup
action
Bag
_1load
_2displa
y_3
fill
_4submi
t
type
07/05/2003 Brian Matthews 52
Trusted Web Architecture
Trust enabled web gateway
resources
Policy store
TrustBase
Trust reasoning
engine
Accessing agent
Recommending agent
RDF trust Statements
BehaviourBehaviour
IntentionsIntentions
InclinationsInclinations
riskrisk
Trust ManagementSystem
Intranet Internet
RDF Store(Jena)
PICS
RDF Net API
Rules(RuleML, CWM)
07/05/2003 Brian Matthews 53
Trust, Ontologies and Proof
• Use Web Ontologies work to: – Provide web accessible description of trust
properties and policy frameworks– Add domain ontologies to customise to
applications – role based trust management– Proof to demonstrate satisfaction of policy
• Initial Case study:– Frank Dale: Oxford Brookes Univ. MSc student – RDF formats for Access Control policies and – Added domain ontologies for role based access
control.– Using XSLT to prove satisfaction of policies.
07/05/2003 Brian Matthews 54
Ontology enabled role-based access control
• Frank Arild Dale’s work (MSc Oxford Brookes)
<p:View> <rdf:Description> <p:memberOfClass>OBU</p:memberOfClass> <daml:disjointUnionOf> <rdf:Description> <p:Teaches>course3</p:Teaches> <p:Attends>course3</p:Attends> </rdf:Description> </daml:disjointUnionOf> </rdf:Description></p:View>
Access control statements in RDF
Using vocabulary from domain ontology
<p:Professor rdf:about="frank"> <p:Teaches>course3</p:Teaches> <p:Located>Wheatley</p:Located> <p:worksInField>Computer Science</p:worksInField></p:Professor>
Statements about individuals in domain ontology
RDF reasoning tool to determine access
07/05/2003 Brian Matthews 56
So to do?
• Establish the vocabulary of Trust in the Semantic Web– Through the trust propagation framework– Rethink PICS
• Implement the architecture!• Trials!
– E-commerce– Virtual Organisations
• How trust affects those associated techs– Security, privacy, QoS etc
• Policy and Contract management
07/05/2003 Brian Matthews 58
Some observations
• Trust valuations on the Web would be an extremely valuable commodity.– Part of a company’s commercial property– Would they want to reveal it?
• Trust on the Web could become a tradable commodity– “trust-rating agencies” (like credit rating agencies
• Legal implications?– Would you get sued for down-rating?– Need to provide reasons (“Proof” in Web of Trust)
• “Accurate” valuation of Goodwill– Your goodwill asset is everybody else’s trust in you!– Business in collecting such information!
07/05/2003 Brian Matthews 59
Will Trust work?
• Will automatic trust management be used as a practical means to enable the use of e-services?
• NO: – Too conceptual an approach– Relies on humans– Open to abuse– People won’t trust the trust mechanism– Rely on traditional security measures and “word of
mouth”
• YES: – There is at least one example where trust works
07/05/2003 Brian Matthews 60
Ebay: a success story for trust
…the company philosophy remains pretty much the same: trust in human nature.
…
Fraud is a concern to the company, concedes Donlay [ebay spokesman]. 'But it is not a massive problem. Of the 195 million items listed for auction last year, less than one hundredth of one percent of the transactions ended in some kind of fraud. We are taking every step we can to protect people and make sure their eBay experience is a good one,' he says.
Observer, 2 March 2003
07/05/2003 Brian Matthews 61
Why does ebay work?
• Trusts its customers• Buyers and sellers
accumulate reputation
• Trust propagation through trusted sources
• Underpinned by a “guarantor of last resort” and punitive sanction
Community Values eBay is a community where we encourage open and honest communication between all of our members. We believe in the following five basic values.
• We believe people are basically good. • We believe everyone has something to contribute. • We believe that an honest, open environment can bring out the best in people. • We recognise and respect everyone as a unique individual. • We encourage you to treat others the way that you want to be treated.
eBay is committed to these values. And we believe that our community members should also honour these values -- whether buying, selling, or chatting. We hope these community values will help you better understand the eBay community.
We should try to emulate this example across the Web.
07/05/2003 Brian Matthews 63
Modelling Trust: Final Word
Effective solutions require interdisciplinary approaches which provide a fertile ground for the application of many tools from cognitive sciences, law and economics in addition to computer science.
Effective solutions require interdisciplinary approaches which provide a fertile ground for the application of many tools from cognitive sciences, law and economics in addition to computer science.
Effective implementations over open architectures require the effective transmission of context and intention, and the Semantic Web is a strong candidate to provide that infrastructure.
Effective implementations over open architectures require the effective transmission of context and intention, and the Semantic Web is a strong candidate to provide that infrastructure.
The iTRUST European Working Group
http://www.bitd.clrc.ac.uk/Activity/iTrust
1st Int. Conf. on Trust Management, Crete, Greece, 28-30 May 2003.
http://www.ebusinesscity.org/
2nd Int. Conf. on Trust Management, Oxford, UK, 29-31 March 2004
SWAD-Europe
http://www.w3.org/2001/sw/Europe
Semantic WebTrust and Security Resource Guide
http://www.wiwiss.fu-berlin.de/suhl/bizer/SWTSGuide/