1 / 48

Challenges of e-Trust for CRIS: Connecting Distributed Systems

Explore the challenges associated with establishing trust in e-services for Current Research Information Systems (CRIS) and connecting different CRIS systems together. Learn about the importance of secure communication, non-functional requirements, and building trust in distributed systems.

catherinewilliams
Télécharger la présentation

Challenges of e-Trust for CRIS: Connecting Distributed Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Semantic Trust: the Challenges of e-Trust for CRIS Brian Matthews Brian Matthews, euroCRIS

  2. CRIS futures • Distributed anonymous access • Connecting different CRISes together, • CRISes becoming part of larger distributed systems – GRIDS,Ambient,Virtual Organisations • Heterogeneous Users, Heterogeneous Data, Heterogeneous Use • Links to data, publications and computational resources Current Research Information Systems Services Brian Matthews, euroCRIS

  3. Example: Virtual Organisations B C A E D • Transient Virtual Organisations. • There are major issues in establishing such Vos. • An engineer within organisation A wants to perform an analysis on a material. By accessing a CRIS portal at site B, she discovers a suitable data set held by a data archive C. The analytical tools are provided at university D within her Virtual Organisation. She initiates the analysis by passing the reference to the data set from B to D, which is then accessed by the analysis tools. D then determines that it does not have enough computational resource available, and determines that a computer is available at different institution E and delegates part of the job there. Finally, D completes the job and return the results to A. D also caches the results of the analysis locally and registers the fact that the precomputed results are available with the portal B and the data provider C. However, the analysis has taken several hours, so the engineer has established a user proxy agent to represent her, collect the results, make payments as appropriate and close down the collaboration. Brian Matthews, euroCRIS

  4. Requirements of e-Services • Functional requirements • Service delivery • Non-functional requirements • The behaviour of the agents involved respect expected norms. • Required Behaviour is outside control of participants. Brian Matthews, euroCRIS

  5. Non-Functional Requirements • On the User: • Respect the integrity of the CRIS, • Do not try to access areas beyond authorisation • Do not act maliciously within the CRIS. • Do not break any restrictions on the use of data. • Respect any future obligations – e.g. payment. • On the CRIS • Provide quality information • Respect the privacy and wishes of the user and depositor. Brian Matthews, euroCRIS

  6. Secure MIME (S/MIME) Open PGP (OpenPGP) XML digital signatures (XMLDSIG) XML encryption (XMLENC) X.509 Public Key Certificates Internet X.509 Public Key Infrastructure (PKI) XML Key Management Services Kerberos ticket issuing systems Security Assertions Markup Language (SAML) Extensible Access Control Markup Language (XACML) Web Services Security (WSS) Platform for Internet Content Selection (PICS) Platform for Privacy Preferences (P3P) Specialised standards Standard security approaches to managing aspects. • Inflexible, do not evolve over time, not context or person sensitive • Reliability criteria poorly covered • Looking for a more flexible model – Analyse TRUST. Brian Matthews, euroCRIS

  7. Across open distributed systems (Web, Grid) Establish relationships with agents with no prior knowledge – uncertain behaviour Allow access to semi-closed resources. Context based decision making What is being done Who they are Experience Context What do people do? Provide a legal framwork to constrain behaviour Consider how they trust others Weigh up risks Devise policies to balance costs and benefits Establish contracts to reduce risk Can machines do this too? Problem Characterisation TRUST +: Belief that Good behaviour do happen (reliability, QoS,) -: Belief that Bad behaviour doesn’t happen (security, fraud, privacy). Brian Matthews, euroCRIS

  8. A Working Definition of Trust Trust is relative to a specific service. Different trust relationships appear in different business contexts The measurement may be absolute (e.g. probability) or relative (e.g. dense order) This period may be in the past (history), the duration of the service (from now and until end of service), future (a scheduled or forecasted critical time slot), or always Trust of a party A to a party B for a service X isthe measurable belief of A in that B behaves dependably for a specified period within a specified context (in relation to service X) Dependability is deliberately understood broadly to include security, safety, reliability, timeliness, maintainability Brian Matthews, euroCRIS

  9. A Working Definition of Distrust Distrust of a party A to a party B for a service X is A’s measurable belief in that B behaves non-dependably for a specified period within a specified context (in relation to service X) • We need distrust in order: • revoke previously agreed trust when entities are trusted, by default, • to capture “being blacklisted’’ for a class of potential business transactions. • etc .. Brian Matthews, euroCRIS

  10. Building Trust into e-Services: Why? e-Services are now central for European business and in daily life Marked expansion in: Electronic services based on the Internet, Web and mobile networks However, there is still major concern about the trustworthiness of e-Services: "While internet penetration is growing rapidly, all the evidence shows that consumer confidence in the e-commerce medium itself and in cross-border transactions remains low. E-commerce, therefore, is an insignificant part of final consumption within the European Union – significantly below 1% of total retail sales." [David Byrne, European Commissioner for Health and Consumer Protection] Brian Matthews, euroCRIS

  11. Building Trust into e-Services: Why? “Despite the presence of effective base technologies, there remains a need for further innovation before trust can be managed efficiently at the service level.” Patricia Hewitt - UK minister for e-commerce For e-services to achieve the same levels of acceptance as their conventional counterparttrust managementhas to become an intrinsic part of e-service provision. Brian Matthews, euroCRIS

  12. Building Trust into e-Services: How? Incorporate trust elements in e-service technology • analyse trust requirements for e-services • model trust in the development of e-services • Take into account risks and legal framework • Develop policies and contracts based on trust • Subject of the next section Thanks to Theo Dimitrakos • integrate trust management in the deployment of e-services • Especially, how do we integrate trust management into established open distributed systems • WWW, Grid • This is the subject of the rest of this talk • Ideas and work in progress Brian Matthews, euroCRIS

  13. A Working Model of Trust Structural Properties of Trust Relationships Trust exists and evolves in time • Trust relationships expire. • The level of trust may change over time John trusted Sally to ride a bike 30 years ago. He does not trust her any more. John trusts Sally to keep his savings more than he trusts Rob Sally Rob TIME 30 years John Trust is a measurable belief • Its measurement is based on evidence, experience and perception. Brian Matthews, euroCRIS

  14. A Working Model of Trust Structural Properties of Trust Relationships Mary trusts Sally to baby-sit but not to drive her car. John trust her tutees to do well in their group project but he does not trust Mary to do well in her part (John thinks Mary does most of the work) Trust is relativised to a service Trust between collectives does not necessarily distribute to trust between their members Brian Matthews, euroCRIS

  15. A Working Model of Trust Structural Properties of Trust Relationships Trust is reflexive - yet trust to oneself is measurable • John trust Bob to be his barber • Bob trusts Nick to be his barber • John does not trust Nick to be his barber • (John has had bad experience with Nick and he is able to chose between Bob and Nick • -- Bob cannot cut his own hair ) • Measuring self-trust facilitates delegation Mary trusts her lawyer to win her case in court more than she trust herself to do so Trust is not necessarily transitive Brian Matthews, euroCRIS

  16. A Working Model of Trust Transference of Trust Roles Trust is (unintentionally) transitively transferred along certain mediating parties. • Guarantoroffers a formal promise or assurance, that all obligations of the parties she guarantees for will be fulfilled in the context of a transaction and will be of a specified quality and durability. • Intermediate intervenes between other parties in a business transaction and mediates so that they establish a business relationship with or without their knowledge. • Adviser offers recommendations about the credibility of another party. Dimitrakos IFIP I3E 2001 Brian Matthews, euroCRIS

  17. A Working Model of Trust Transference of Trust: Guarantors • Trust established through a guarantor is not necessarily (directly) transferable. G G  G & A B B C A C • Indirect ways to transfer trust via hierarchies of guarantors may be feasible. G’ G G  G’;G A B B C A C • All parties involved have to exhibit sufficient trust in each other or in a guarantor in order to be engaged in a business transaction. Brian Matthews, euroCRIS

  18. A Working Model of Trust Transference of Trust: Intermediates Intermediate is a party that intervenes between other parties in a business transaction and mediates so that they establish a business relationship with or without their knowledge. • Transparent: an intermediate who identifies the parties she is mediating between to each other. • Translucent: an intermediate who identifies the existence of the parties she is mediating between to each other but not their identity. • Opaque: an intermediate who hides the existence of the parties she is mediating between from each other. • Proxy: an intermediate who is authorised to act as a substitute of another entity. Brian Matthews, euroCRIS

  19. A Working Model of Trust Transference of Trust: Intermediates • Mary trusts John’s cooking - she likes the meals John prepares for her. • John buys off the self precooked meals but he doesn’t tell Mary. • John sends his products via Royal Mail. • Mary decides to purchase John’s products. She expects the products to be delivered as agreed. • Mary places her trust on the Royal Mail delivery service. Trust is transferred along transparent intermediaries – distrust is not. (Dis)trust is not transferred along an opaque intermediary Brian Matthews, euroCRIS

  20. A Working Model of Trust Transference of Trust: Intermediates • John sends his products via courier. • Mary decides to purchase John’s products. She expects the products to be delivered as agreed. • Mary places her trust on the John’s choice of delivery service. • Mary considers changing health insurance because she does not trust the private hospital she is being referred to. ? Trust is transferred anonymously along translucent intermediaries – distrust is not. (Dis)trust in a subcontractor of a transparent intermediary is transferred to (dis)trust in the intermediary. Brian Matthews, euroCRIS

  21. A Working Model of Trust Transference of Trust: Advisors • Trust in an advisor is transferred to the recommended party - distrust is not. • The more A trusts T the more she relies on her recommendation. • Distrust in a recommended party is transferred to the advisor – trust is not. • A’s distrust in a party B recommended by T for a service X prompts A to question T’s competence as an advisor for X. • Advisors distinguish between recommendations based on “first hand” and “second hand” evidence. In the latter case they ought to identify their sources. • If T1 and T2 pass to A advise by T as their own observations then T gains an unfair advantage in influencing A. Brian Matthews, euroCRIS

  22. A Working Model of Trust Transference of Trust • Trust and distrust are allowed to be transferred in opposite directions • This does not necessarily result in a conflict • Distrust propagates through trust. • Distrust obstructs the propagation of trust. • If A distrusts an intermediary T for a service X then A will ignore T's mediation to the extent of the distrust. Brian Matthews, euroCRIS

  23. Subjective logic (Jøsang) Formal Presentation of Trust Integrates classical logic and a theory of subjective probabilities based on an extension of the Dempster-Shafer theory of evidence . • An opinion is a triple where: • b measures belief, represented as the subjective probability that the proposition is true; • d measures disbelief, represented as the subjective probability that the proposition is false; • u measures uncertainty, represented as the subjective probability that the proposition is either true or false; • b+d+u=1 • A strong correlation between this opinion model and the probability density functions associated with the beta distribution ensures that opinions can be deterministically established if all available evidence can be analysed statistically. Addresses the problems of forming a measurable belief about the truth or falsity of an atomic proposition denoting a state, event or identifying an agent, in the presence of uncertainty. Brian Matthews, euroCRIS

  24. Analyse Trust: Trust Management Behaviour Intentions Inclinations Trust Management aims to maximise trust while minimising risk. It is the total process of identifying, controlling and minimising the impact of deception and failure in trust. It analyses threats and trust inclinations while supporting the formation of dependable intentions and controlling dependable behaviour. RISK Management Trust management subsumes and relies on risk analysis and risk management. What about the deployment? Brian Matthews, euroCRIS

  25. Supporting Trust: Web Services? • Increasingly popular standards-based framework for accessing network applications WSDL, SOAP, WS-Inspection, UDDI etc However for Trust we need to be able to • Specify what actors want to do • Specify in what contexts actions take place • Specify recommendations and trust valuations about resources • Need to share vocabularies and agree common meaning of terms • Capture Experience • Provide reasoning about trust statements • The Semantic Web offers a set of tools which can support the implementation of Trust Brian Matthews, euroCRIS

  26. Semantic Web:Add Meaning to Resources • The Semantic Web adds well-defined meaning to describe the Web (Metadata) Brian Matthews, euroCRIS

  27. Semantic Web: Layered Architecture “The Web of Trust” Brian Matthews, euroCRIS

  28. Web of Trust? Trusted statements through proofs over signed statements and rules. Brian Matthews, euroCRIS

  29. Trust on the Web • Establishing that the interactions between actors on the Web are trustworthy • Security: access control, authentication and authorisation and policies • Reliability and dependability • Quality ratings • Personalisation: Privacy, confidentiality, user preferences, accessibility • IPR • Dynamic virtual organisations over Web Services • Transferring trust from third parties • Establishing service-level agreements which can be relied upon • Establishing trust between agents that have no prior knowledge of each other • prevent the growth of future wide area distributed systems Brian Matthews, euroCRIS

  30. SWAD-Europe Semantic Web Advanced Development in Europe • Purpose is to encourage the use of Semantic Web tools and techniques now: • By an outreach programme • By developing practical demonstrators • By providing tools and standards • Partners: • Univ. of Bristol, W3C-INRIA, CCLRC, HP Labs, Stilo Brian Matthews, euroCRIS

  31. SWAD-Europe: WPs Semantic Portals Accessibility XML + RDF Databases Annotations Thesuari Queries Semantic Blogging SW + WS Visualisation Scaleability Trust Brian Matthews, euroCRIS

  32. What we want to do? • Survey of Web and trust methods • Those already in Semantic Web: PICS, P3P, CC/PP • Other Web trust initiatives: XSig, XEncrypt, XACML, SAML, • Other distributed trust work: e.g. Ponder, trust evaluation. • Usage scenarios of trust on the Web • E-Commerce, access control, … • Framework for Trust within the Semantic Web. • Ontologies for trust statements • Applying trust policies • Develop tools for processing RDF statements against policies. • Relate general trust values across all the applications • A general trust framework for the Semantic Web Brian Matthews, euroCRIS

  33. Towards a Framework for Trust using the Semantic Web B trustee A trusts 0.8 value action begin end X context T2 Y T2 • A representation of trust statements in RDF • E.g. “A has trust in B to do X in context Y in time period (T1, T2) to value 0.8” Brian Matthews, euroCRIS

  34. Towards a Framework for Trust using the Semantic Web C trusteeClass A trusts 0.8 value action begin end X context T2 Y T2 • Or use Classes to represent general rules • E.g. “A has trust in members of Class C to do X in context Y in time period (T1, T2) to value 0.8” • With WebOnt gives the possibility of more complex rules for trust valuations. Brian Matthews, euroCRIS

  35. Propagation of Trust through Semantic Networks • The Semantic Web provides a semantically rich network of resources • Add trust valuations to links (from 1-9) • Calculated the propagation of trust via the rules in the above framework • Link to Citations?? 6 6 9 A 5 7 6 9 8 3 2 6 8 B Golbeck, Hendler and Parsla 2002 Brian Matthews, euroCRIS

  36. Ratings Services • Platform for Internet Content Selection (PICS) - quite an early Recommendation from the W3C (October 96). • Labels, Filters, Rating – a set of categories on a rating system • PICS Rules - Defining a filtering policy Brian Matthews, euroCRIS

  37. PICS and Trust • One of the aims of the RDF effort was to provide a generalised way of doing rating. • Now a proposed RDF format and under reconsideration • PICS is about Third parties providing additional properties about resources • its ideal for trust! • Use RDF/PICS vocabulary to define recommendations. • PICS services become recommendations services • Generalise this method to provide a trust recommendation service <rdf:Description xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:p="http://www.w3.org/TR/WD-pics2.0#" xmlns:gcf="http://www.gcf.org/v2.5#" about=""> <p:by>John Doe</p:by> <p:until>1995.12.31T23:59-0000</p:until> <rdf:Description about="http://w3.org/PICS/Overview.html"> <p:until>"1995.12.31T23:59-0000"</p:until> <gcf:suds>0.5</gcf:suds> <gcf:density>0</gcf:density> <gcf:hue>1</gcf:hue> </rdf:Description> <rdf:Description about="http://w3.org/PICS/Underview.html"> <p:by>Jane Doe</p:by> <gcf:subject>2</gcf:subject> <gcf:density>1</gcf:density> <gcf:hue>1</gcf:hue> </rdf:Description> </rdf:Description> Brian Matthews, euroCRIS

  38. Trust Policies and Statements in RDF Edit_forms Policy FRSPolicy hasPolicy positive subject Liz Employee type jobtitle action target PolicyStatement Project Manager /Finance/FrSWeb/Lookup type Bag type type _1 _2 _3 _4 load display fill submit • Express policy in RDF • Present a trust statement to the Policy in RDF • Proof satisfaction of one to other • Problems: e.g. representing free variables. • RuleML etc Brian Matthews, euroCRIS

  39. Trusted Web Architecture Trust Management System Behaviour risk Intentions Inclinations Rules (RuleML, CWM) Trust reasoning engine RDF Net API RDF Store (Jena) resources TrustBase Policy store PICS Trust enabled web gateway Accessing agent RDF trust Statements Recommending agent Intranet Internet Brian Matthews, euroCRIS

  40. Trust, Ontologies and Proof • Use Web Ontologies work to: • Provide web accessible description of trust properties and policy frameworks • Add domain ontologies to customise to applications – role based trust management • Proof to demonstrate satisfaction of policy • Initial Case study: • Frank Dale: Oxford Brookes Univ. MSc student • RDF formats for Access Control policies and • Added domain ontologies for role based access control. • Using XSLT to prove satisfaction of policies. Brian Matthews, euroCRIS

  41. Ontology enabled role-based access control • Frank Arild Dale’s work (MSc Oxford Brookes) <p:View> <rdf:Description> <p:memberOfClass>OBU</p:memberOfClass> <daml:disjointUnionOf> <rdf:Description> <p:Teaches>course3</p:Teaches> <p:Attends>course3</p:Attends> </rdf:Description> </daml:disjointUnionOf> </rdf:Description> </p:View> Access control statements in RDF Using vocabulary from domain ontology Statements about individuals in domain ontology RDF reasoning tool to determine access <p:Professor rdf:about="frank"> <p:Teaches>course3</p:Teaches> <p:Located>Wheatley</p:Located> <p:worksInField>Computer Science</p:worksInField> </p:Professor> Brian Matthews, euroCRIS

  42. Ontology-based access control Brian Matthews, euroCRIS

  43. So Trust and CRIS • Three aspects of Trust for CRIS • Establish that they are trustworthy services • Good practise for digital curation, formal processes, good quality of service • Show trust in users • Develop policies and contracts to control participation in Virtual Organisations. • Change in trust in users changes over time. • Provide indications of trust in others • Citations and Impact analysis • Quality metrics and ratings services • Analysis of networks of influence Brian Matthews, euroCRIS

  44. Some observations • Trust recommendations would be an extremely valuable commodity. • Part of a company’s commercial property • Would they want to reveal it? • Trust could become a tradable commodity • “trust-rating agencies” (like credit rating agencies • Legal implications? • Would you get sued for down-rating? • Need to provide reasons (“Proof” in Web of Trust) • “Accurate” valuation of Goodwill • Your goodwill asset is everybody else’s trust in you! • Business in collecting such information! Brian Matthews, euroCRIS

  45. Will Trust work? • Will automatic trust management be used as a practical means to enable the use of e-services? • NO: • Too conceptual an approach • Relies on humans • Open to abuse • People won’t trust the trust mechanism • Rely on traditional security measures and “word of mouth” • YES: • There is at least one example where trust works Brian Matthews, euroCRIS

  46. Ebay: a success story for trust …the company philosophy remains pretty much the same: trust in human nature. … Fraud is a concern to the company, concedes Donlay [ebay spokesman]. 'But it is not a massive problem. Of the 195 million items listed for auction last year, less than one hundredth of one percent of the transactions ended in some kind of fraud. We are taking every step we can to protect people and make sure their eBay experience is a good one,' he says. Observer, 2 March 2003 Brian Matthews, euroCRIS

  47. Why does ebay work? • Community Values • eBay is a community where we encourage open and honest communication between all of our members. We believe in the following five basic values. • We believe people are basically good. • We believe everyone has something to contribute. • We believe that an honest, open environment can bring out the best in people. • We recognise and respect everyone as a unique individual. • We encourage you to treat others the way that you want to be treated. • eBay is committed to these values. And we believe that our community members should also honour these values -- whether buying, selling, or chatting. We hope these community values will help you better understand the eBay community. • Trusts its customers • Buyers and sellers accumulate reputation • Trust propagation through trusted sources • Underpinned by a “guarantor of last resort” and punitive sanction We should try to emulate this example Brian Matthews, euroCRIS

  48. Modelling Trust: Final Word The iTRUST European Working Group http://www.bitd.clrc.ac.uk/Activity/iTrust 2nd Int. Conf. on Trust Management, Oxford, UK, 29-31 March 2004 Effective solutions require interdisciplinary approaches which provide a fertile ground for the application of many tools from cognitive sciences, law and economics in addition to computer science. TrustCom FP6 project turn this into reality SWAD-Europe http://www.w3.org/2001/sw/Europe Semantic WebTrust and Security Resource Guide http://www.wiwiss.fu-berlin.de/suhl/bizer/SWTSGuide/ Effective implementations over open architectures require the effective transmission of context and intention, and the Semantic Web is a strong candidate to provide that infrastructure. b.m.matthews@rl.ac.uk Brian Matthews, euroCRIS

More Related