[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [orms] Comparison of documents
Giles, Thanks very much for this writeup. From my initial readings of both papers, my assessment matched yours, but as the author of one of them, I was particularly interested in your views. It's still early in the TC's assessment of the current art, but right now I think the model you have proposed is the closest I have seen to the general model we'd like to be working from. Best, =Drummond > -----Original Message----- > From: Giles Hogben [mailto:Giles.Hogben@enisa.europa.eu] > Sent: Wednesday, June 25, 2008 2:23 AM > To: orms@lists.oasis-open.org > Subject: [orms] Comparison of documents > > Dear All, > As requested, I took a (quick) look at the Reputation ontology model and > wrote down some thoughts as a comparison with my reputation model (both > docs attached). Unfortunately the call times are rather difficult for > Europeans (Midnight here) so unless this changes, I won't make many > calls, if any, > > Regards, > > Giles > > [1] http://www.iiia.csic.es/~jsabater/Publications/2007-TrustWS.pdf > (attached) > [2] hogben-reputation2.pdf (attached) > > 1. Overlap > ----------- > Entity, Source, Target <==> Pseudonym > Focus <=?=> Assertion > Reputation <==> Aggregate Score > > 2. General points > ------------------ > [1] > -is unnecessarily complex, which restricts its applicability within a > web/electronic context. In particular, [1]: > - includes elements of subjective experience which are impossible to > derive from an electronic context > - precludes more advanced reputation algos because it prescribes how > second and higher order reputation algos should operate (reliability > etc...). > - prescribes aspects of assertions which should not be restricted (e.g. > good/bad, Norm/Standard/Skill) - reputation may not just be about good > or bad and the Norm/Standard/Skill classification seems unnecessary for > our purposes - why not just let reputation cover any assertion. Why > restrict the model like this? > - does not model authentication of the voter/entity. One could say that > this is just yet another assertion but in IAM contexts, it is a very > specialised type of assertion. > > [2] > - is simpler and more closely fits the electronic use-cases we have > (from what I've seen) > - is more closely aligned to SAML and other IAM models (using assertions > and authentication etc...) > > Specific criticisms of [1]: > ---------------------------- > -Strength - the use of reliability of the evaluation as the only > second-order reputation statement possible makes assumptions about the > algorithm used and therefore makes the model a bit restricted. It is > simpler IMO just to have a heap of assertions, some of them referring to > other assertions and let the algo derive reliability. This allows you to > use anything from the time of the assertion to the authentication method > used by the voter as an input to the second-order evaluation. > -Good or bad is just another assertion - why separate it out - this > creates unnecessary complexity and restriction (see above)0. > -It is better to simplify the model and just have assertions rather than > good/bad assertions, reliability assertions etc... and an algo which > mashes them up into an overall evaluation. Esp since algos may be > proprietary. > -Norm/Standard/Skill is also unnecessarily prescriptive. > - WRT "SimpleBelief, a belief that the holding agent acknowledge > as true, and MetaBelief, a belief about others' belief" - again > unnecessarily complex and restrictive - refers to information which is > not available in the data available to algos. > - Image and direct experience are also completely unnecessary in an > electronic context - we don't need to know about people's mental states > - just the assertions they made. This is not how algorithms work. > Algorithms just take a stack of assertions (whatever the mental states > of those who made them) and spit out a score. > > > > > Giles Hogben > Network Security Policy Expert > European Network & Information Security Agency (ENISA) > Tel: +30 2810 391892 > Fax: +30 2810 39000
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]