[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Trust and risk
Dave Ellis and I batted around some ideas this afternoon and I believe we have a pretty clear picture. I've expanded somewhat as I've tried to capture our discussion. Read on and see what you think. <trust_risk> Trust ------- Trust is a personal perception or conclusion that some entity will perform actions that will lead to an identifiable set of real world effects. Trust can be defined in two contexts: trust as part of interaction and trust of actions in which the trusting party has no active part. For trust in the context of interaction, the trusting party is prepared to perform actions as part of an interaction with some party, and that other party's actions can be considered a response. The trusting party expects the response will to lead to real world effects that are desired but which the trusting party cannot accomplish by itself. For example, I submit an order for a book with an online bookstore and supply my credit card information as payment. This implies I trust the bookstore to send me the correct book and not misuse my credit card. For trust without direct interaction, the trusting party is an observer. The trusting party again expects some other entity to perform actions leading to certain real world effects but those actions are perceived to be independent of actions on the part of the trusting party. The expected real world effects may be considered desirable, undesirable, or neutral by the trusting party. For example, I may trust a browser indicating an SSL connection is sufficiently secure that I would be willing to provide credit card information for transmittal to another party. Trust is based on evidence available to the trusting party. Therefore, trust is not binary, i.e. a party is not completely trusted or untrusted, because there is typically some degree of uncertainty in the accuracy or completeness of the evidence. The evidence may be physical artifacts or a set of information from which the trusting party can assess the degree of trust. The degree of trust exists as a property of the trusting party with respect to another party or class of parties. For example, I may trust all police officers. If the trusting party is aware that actions by numerous other parties are required in order to realize certain real world effects, the collection of trust applicable to each step may be considered a chain of trust. However, trust is not transferred from the initial trusting party to others in the chain. Rather, the initial trusting party has an overall trust with the party participating in the initiating interaction, a trust that the actions performed by all parties throughout the process will lead to the expected effects. Each party in the chain has an individual level of trust with its immediate interacting party, but this may have little or no impact on the overall level of trust of the initiating party. Risk ------ Risk is a personal perception or conclusion that certain undesirable real world effects may come into being. As with trust, risk can occur in the context of interaction or without actions on the part of the party perceiving the risk. The party perceiving risk may take actions to mitigate the risk. For example, I assess a high degree of risk to clicking on an email link where I believe the email to be spam, and I forgo any possible benefit by not clicking on the link. Alternately, I see a risk in having a hard drive fail and I mitigate the effect of losing files by backing up those I consider important. As with trust, risk is not transferred along a chain but risk may be accepted as part of an interaction. Consider two scenarios. In the first, a sender desires to send a family photograph to another family member who acts as the receiver. The photograph is sent by way of a courier service and insured for $200. While the photograph is in transit, the sender has the risk the irreplaceable photograph can be lost. The courier's risk is the cost of the $200 insurance and there is no sense of additional risk because of the nature of the photograph. There is an acceptance of risk by the courier but not a transfer from the sender; the sender continues to have the original risk of loss. As a second scenario, consider the same sender and courier but this time the item being sent is something easily purchased for $200. Once the courier agrees to insuring the package, the sender is relieved of all risk except for possibly the inconvenience of the insurance claim and purchasing the replacement. The courier has the identical risk as in the first scenario -- the cost of the $200 insurance. Relationship between trust and risk ------------------------------------------------ A party's actions are based on a combination of perceived trust and perceived risk. If there is little or no perceived risk, then the degree of trust may not be relevant in assessing possible actions. For example, most people consider there to be an acceptable level of risk to privacy when using search engines, and submit queries without any sense of trust being considered. As perceived risk increases, the issue of trust becomes more of a consideration. There are recognized risks in providing or accepting credit cards as payment, and standard procedures have been put in place to increase trust by mitigating risk. For interactions with a high degree of risk, the trusting party requires stronger or additional evidence when evaluating the balance between risk and trust when deciding whether to participate in an interaction. </trust_risk> Now this is a fairly general discussion of trust and risk. While a decent lead-in (assuming concurrence after some degree of modification), what is missing is how this relates to SOA. Do activities in a SOA ecosystem merely mirror other activities, and thus trust and risk are applicable in the same ways? Or, is there something special in SOA? I expect David will tell us there are special things, and that is what we need to capture next. Ken ----------------------------------------------------------------------------- Ken Laskey MITRE Corporation, M/S H305 phone: 703-983-7934 7515 Colshire Drive fax: 703-983-1379 McLean VA 22102-7508
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]