RE: [orms] Comparison of documents

["Drummond Reed" <drummond.reed@cordance.net>]

Giles,

Thanks very much for this writeup. From my initial readings of both papers,
my assessment matched yours, but as the author of one of them, I was
particularly interested in your views.

It's still early in the TC's assessment of the current art, but right now I
think the model you have proposed is the closest I have seen to the general
model we'd like to be working from.

Best,

=Drummond 

> -----Original Message-----
> From: Giles Hogben [mailto:Giles.Hogben@enisa.europa.eu]
> Sent: Wednesday, June 25, 2008 2:23 AM
> To: orms@lists.oasis-open.org
> Subject: [orms] Comparison of documents
> 
> Dear All,
> As requested, I took a (quick) look at the Reputation ontology model and
> wrote down some thoughts as a comparison with my reputation model (both
> docs attached). Unfortunately the call times are rather difficult for
> Europeans (Midnight here) so unless this changes, I won't make many
> calls, if any,
> 
> Regards,
> 
> Giles
> 
> [1] http://www.iiia.csic.es/~jsabater/Publications/2007-TrustWS.pdf
> (attached)
> [2] hogben-reputation2.pdf (attached)
> 
> 1. Overlap
> -----------
> Entity, Source, Target <==> Pseudonym
> Focus <=?=> Assertion
> Reputation <==> Aggregate Score
> 
> 2. General points
> ------------------
> [1]
> -is unnecessarily complex, which restricts its applicability within a
> web/electronic context. In particular, [1]:
> - includes elements of subjective experience which are impossible to
> derive from an electronic context
> - precludes more advanced reputation algos because it prescribes how
> second and higher order reputation algos should operate (reliability
> etc...).
> - prescribes aspects of assertions which should not be restricted (e.g.
> good/bad, Norm/Standard/Skill) - reputation may not just be about good
> or bad and the Norm/Standard/Skill classification seems unnecessary for
> our purposes - why not just let reputation cover any assertion. Why
> restrict the model like this?
> - does not model authentication of the voter/entity. One could say that
> this is just yet another assertion but in IAM contexts, it is a very
> specialised type of assertion.
> 
> [2]
> - is simpler and more closely fits the electronic use-cases we have
> (from what I've seen)
> - is more closely aligned to SAML and other IAM models (using assertions
> and authentication etc...)
> 
> Specific criticisms of [1]:
> ----------------------------
> -Strength - the use of reliability of the evaluation as the only
> second-order reputation statement possible makes assumptions about the
> algorithm used and therefore makes the model a bit restricted. It is
> simpler IMO just to have a heap of assertions, some of them referring to
> other assertions and let the algo derive reliability. This allows you to
> use anything from the time of the assertion to the authentication method
> used by the voter as an input to the second-order evaluation.
> -Good or bad is just another assertion - why separate it out - this
> creates unnecessary complexity and restriction (see above)0.
> -It is better to simplify the model and just have assertions rather than
> good/bad assertions, reliability assertions etc... and an algo which
> mashes them up into an overall evaluation. Esp since algos may be
> proprietary.
> -Norm/Standard/Skill is also unnecessarily prescriptive.
> - WRT "SimpleBelief, a belief that the holding agent acknowledge
> as true, and MetaBelief, a belief about others' belief" - again
> unnecessarily complex and restrictive - refers to information which is
> not available in the data available to algos.
> - Image and direct experience are also completely unnecessary in an
> electronic context - we don't need to know about people's mental states
> - just the assertions they made. This is not how algorithms work.
> Algorithms just take a stack of assertions (whatever the mental states
> of those who made them) and spit out a score.
> 
> 
> 
> 
> Giles Hogben
> Network Security Policy Expert
> European Network & Information Security Agency (ENISA)
> Tel: +30 2810 391892
> Fax: +30 2810 39000