Deploying Trust Policies on the Semantic Web

Brian Matthews and Theo Dimitrakos

A Service Vision• Dynamic virtual organisations over Web Services

– Establishing trust between agents that have no prior knowledge of each other

– Transferring trust from third parties– Establishing service-level agreements which can be relied upon

• Could prevent the growth of future wide area distributed systems

• Distributed collaborations– On demand – Dynamic – Goal oriented.

• Within a service vision we need confidence that parties will behave “as advertised”– Security, reliability, confidentiality

• Confidence in the behaviour of parties is formed by a combination of:– Trust– Control measures

Towards a Service Framework• A framework process to support service architecture:

– Publication– Discovery– Establishment– Monitoring– Enforcement– Review

• At all stages in the process, parties need to communicate their needs

– Need to establish a common vocabulary to support the collaboration– Need to communicate constraints– Dependent on the business context– This is likely to be different for each party.

• Problem in establishing the common language.

Semantic Web:A Layered Architecture

Basic Syntax of the Web

Language of triples for describing resources

Formalism for defining and sharing vocabularies

Reasoning over statements about resources

“The Web of Trust”

So can it help?• Can the Semantic Web help us to ease the

development of Service oriented architecture?– “Yes” – Semantic Web Services.

• In particular, can it help support the trust management in such a system?– “Yes”– Some work done already– Need completing and joining up.

• But Why?– Because it is there!– Offers an established way of describing resources and their

properties– Designed to work over distributed resources– Lots of cheap tools and experience available– “The Network Effect”

Service Discovery

• Semantic matching of service descriptions• Establishing relationships between terms• “Sufficiently good” matching• Lots of work in this area

– Semantic web services, OWL-S…

• Expressiveness?• Non-functional requirements (privacy,

reliability, accuracy ...)

Policy Publication

• A vocabulary of rights and obligations• KAoS provides an OWL Ontology• Description logic reasoning• Combine with other ontologies describing the

business structure.• Needs to be integrated with a trust metrics.

Service Negotiation

• Negotiation of terms of use • Develop a SLA or Contract to access the

resource• Again we need to negotiate common

vocabulary – Semantic web has a role here– Use trust valuations– Expressiveness of constraints?

• A relatively open field

Trust Evaluation• The Semantic Web provides a

rich network of resources• Add trust valuations to links • Calculated the propagation of

trust• FOAF is a candidate for adding

trust values to links between people

• Needs a more comprehensive trust model

• Is it realistic?– Requires a birds-eye view– Recommender services – PICS

• Trust community can do better!Golbeck, Hendler and

Parsla 2002

A

B

T(A,B) = f(T(A,j), T(j,B))

Monitoring and review

• We need to keep the operation of the service under review

• Update our trust metrics– Especially as other relationships may be going on

in parallel

• Modify actions appropriately• Work needed here.

Interoperability is key

• Policy and trust statements become part of the information assets of the company.

• Can be combined freely with other data expressed using the Semantic Web – And which are located anywhere.

“Give me all those services with description X provided by any company A who is recommended by any B whose judgement I trust to the level 0.8”

Waiting for the “network effect”

So Work to be Done!

• Bringing together a coherent scheme to support this framework in the Semantic Web

– Provide better modelling of “trust harvesting” in the Semantic Web

– Representation of Policies– Using Trust valuation and monitoring to control

behaviour– Integrating policies with service negotiation– Contract negotiation and representation

SWAD-Europe

Thesuari Queries

Trust

Semantic Portals

SW + WS Semantic Blogging

XML + RDFAccessibility

Scaleability

AnnotationsDatabases

Visualisation

What we are doing?

• Survey of Web and trust methods– Those already in Semantic Web: PICS, P3P, CC/PP– Other Web trust initiatives: XSig, XEncrypt, XACML, SAML, – Other distributed trust work: e.g. Ponder, trust evaluation.

• Usage scenarios of trust on the Web– E-Commerce, access control, …

• Framework for Trust within the Semantic Web.– Ontologies for trust statements– Applying trust policies

• Develop tools for processing RDF statements against policies.

• Relate general trust values across all the applications– A general trust framework for the Semantic Web

Influence the community – e.g. TrustCoM!

Brian Matthews: B.M.Matthews@rl.ac.uk

Theo Dimitrakos: T.Dimitrakos@rl.ac.uk

http://www.w3.orghttp://www.w3c.rl.ac.uk/swad