Open Reputation Management Systems
-
Upload
abbie-barbir -
Category
Technology
-
view
2.209 -
download
0
description
Transcript of Open Reputation Management Systems
Proposal for Open Reputation Management Systems TC (ORMS)
IIW, December 3-5, 2007, Mountain View
For information on OASIS IDtrust Member Section see: http://www.oasis-idtrust.org/
For more information related to ‘Joining OASIS’ see: http://www.oasis-open.org/join
www.oasis-open.org
Abbie Barbir ([email protected])
Nortel
OASIS IDtrust Steering Committee
OASIS provides a neutral setting where government agencies, companies, research institutes, and individuals work together to advance the use of trusted infrastructures
History PKI Forum migrated to OASIS PKI MS in November 2002 PKI MS transformed into IDtrust MS in 2007 IDtrust expanded its scope to encompass additional
standards based identity and trusted infrastructure technologies, policies, and practices
Steering Committee Abbie Barbir, Nortel June Leung, FundSERV Arshad Noor, StrongAuth John Sabo, CA, Inc. Ann Terwilliger, Visa International
www.oasis-open.org
IDtrust MS Background
Identity and Trusted Infrastructure components Studies and Projects addressing Identity and Trust
models and standards; relevant protocols and standards; trust infrastructures in use; costs, benefits and risk management issues
Identity and Trust Policies and Enforcement Policies; policy mapping and standardization; assurance;
technical validation mechanisms; trust path building and validation
Education and Outreach Documenting trust use cases and business case scenarios,
best practices and adoption reports and papers; organizing conferences and workshops; and establishing Web-based resources
Barriers and Emerging Issues Data privacy issues; interoperability; cross border/
organizational trust; outsourcing; cryptographic issues; application integration; and international issues
IDtrust Strategic Focus Areas
IDTrust Summary Current TCs
Enterprise Key Management Infrastructure TC PKI Adoption TC OASIS Digital Signature Services (DSS) TC XRI TC
Steering Committee developing new work plan for 2007/2008 Many opportunities to get involved We invite you to join OASIS and participate in the IDtrust
MS and/or TCs For more information contact Dee Schur: [email protected]
Open Reputation Management Systems TC (ORMS)
Setting the Stage
Need established during OASIS IDtrust Burton workshop
(http://events.oasis-open.org/home/idtrust/2007 ) at Catalyst
Europe 2007
Validated by talks in Catalyst Europe 2007, Barcelona,
Objectives of this talk
Validation/improvement/feedback on the proposed TC charter
Getting interested parties involved in TC work
Identify co-chairs for the proposed TC
Get Founding Members involved
Need for Reputation Data Framework
Reputation Summary of past behavior of a subject within a specific
context (function of time) Assumes that past behavior is indicative of future behavior good reputation increases the trustworthiness of an entity Reputation Score can be used as a foundation of Trust (within
a context/interaction and testimonials )
Growing in popularity (online/social communities)
Many Flavors for providing feedback/reputation data Centralized systems (eBay) Decentralized systems ( such as P2P file sharing systems)
Some Examples
Can I trust this collaborative space? Is all content correct? Is all content authorized? Is all content appropriate for me? What is the creator’s reputation?
Can I trust this content? Is this content correct? Is this content authorized? Is this content appropriate for me? What is the creator’s reputation?
• Filtering out content that does not meet reputation criteria
through pre-filtering (by moderators) or post-filtering (by
community)• Reputation for content, creators and spaces• Objects come with reputation metadata• Implies an authoring and management system for those metadata• Reputation metadata must be trustworthy, i.e., authenticated
while respecting privacy• Reputation system must be user-centric (i.e., trust decisions are
controlled by user) and must offer choices for transparency (must
not get into the way of using content, leaves it to the user how to
handle trust decisions)
Principles of Reputation
Reputation is one of the factors that trust is based on Reputation is someone else’s story about me Reputation is based on identity Reputation exists in the context of community Reputation is a currency Reputation is narrative (evolves through time) Reputation is based on claims (verified or not),
transactions, ratings, and endorsements Reputation is multi-level Multiple people holding the same opinion increases
the weight of that opinion
Source: Windley et alSource: Windley et al
Reputation Management Framework
1. Build a generic open reputation system that is robust, scalable, IdM and application independent that supports a flexible trust model
2. Data needed for the generation of reputation Cold start problem Supports Multiple computational models Assertions/claims (within a context) Identity linking Portable Data model for users, credentials and
claims
3. Reputation based trust model Trust metrics; Verified claims and facts Direct and indirect transactions; Third party
Reputation Management Framework
4. Aggregation, Discovery and Storage How reputation scores are generated??? Central/distributed Authentication/trust of data and providers
5. Data reputation exchange protocol
6. Overall system security
7. Transparency Users feedback privacy & selective disclosure What transactions a user can see Ability to do Self-Assessment
Example of ORMS Interactions
B about CB about C
andand
C about BC about BUser BUser B
User CUser CInteractionInteraction
FeedbackFeedback
FeedbackFeedback Reputation Reputation Store IStore I Reputation Reputation
ServerServer
ReputationReputation
FeedbackFeedback
FeedbackFeedback
InteractionInteraction
User DUser D
Reputation Reputation Store IIStore II Reputation Reputation
ServerServer
Common Data/Context
Common Schema for Rep Score
Common Protocol
Convertible credentials
B about DB about D
andand
D about BD about B
ReputationReputation
AggregatorAggregator
User EUser E
Inquire about Inquire about
Score of D within aScore of D within a
context ; Access to context ; Access to
Reputation of IIReputation of II
ReputationReputation
Reputation Reputation Store IStore I Reputation Reputation
ServerServer
ReputationReputation
ORMS TC CharterStatement of Purpose/List of Deliverables To develop an Open Reputation Management System (ORMS) that
provides the ability to use common data formats for representing reputation data, and standard definitions of reputation scores.
The system will not define algorithms for computing the scores. It will provide the means for understanding the relevancy of a score within a given transaction. The TC's output will enable the deployment of a distributed reputation systems that can be either centralized or decentralized with the ability for aggregators and intermediaries to be part of the business model. The standard does not tie itself to a specific IDM, but let implementers plug-in their identity-schemes to ORMS.
List of deliverables: Use Cases Requirements document XML Schema for representing ORMS data XML Schema for Reputation Score Assertions/claims (tokens) profiles Protocol(s) for exchanging of reputation data and assertion tokens Security, threats and Risk analysis
ORMS TC Charter
Use Cases and Requirement Gathering
Use cases to gather requirements that ORMS will need to
meet and understand the business and social impact of
such a system including security, privacy, threats and risks
requirements will also be developed. Explore the use of
reputation mechanisms in novel settings.
Document that analyzes performance of existing reputation
mechanisms with respect to the requirements developed in
the previous steps and identify current gaps.
ORMS TC Charter
Develop Framework for Open Reputation Data
Enabling data mining through standard reputation data tagging for content
Development of common data models for expressing reputation data
Development of standard way of exchanging reputation claims among systems
Development of means of aggregating reputation data including delegation of claims generations and assertions
Development of query/response communication protocols for exchanging reputation data in a trusted and secure fashion
This step may develop a new protocol, or extend current ones such as SAML, OpenID etc
ORMS TC Charter
Out of Scope Algorithms that can be used for generating a
reputation score are out of scope of this work. The work will define a standard way to infer what a given score will mean but will not specify how to compute that value.
The work does not exclude methods for asserting equivalence or relationships between scoring systems. A possible output of the TC work might include methods to facilitate the calculation of comparisons between score ratings, or operations that take multiple scores as inputs.
ORMS TC Charter
Proposed Leadership
Co-chairs: Anthony Nadalin, IBM
Co-chairs: XXX, TBD
IPR Mode
TBD, RF or RF/RAND??
Language
English
Start Time
First Meeting: February or March 2008
Next Steps
Feedback on scope and charter is encouraged
We need community Participation and support
Early adopters can be founding members with voting
rights at the first TC meeting
We need co-chairs and industry support
Please send feedback to [email protected] or Dee
Schur [email protected]
Many Thanks for your time
Bckup
Backup
Reputation Technology
Digital Identity
Summary of actual past behavior, by service provider
Real identityBackground check
against external data
Peer reviews
portableportable
specificspecific
Identity Verification, Identity Proofing
= Strong Identity
Trust in specific attribute or future behavior?