[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [soa-rm-ra] Trust and risk
--Apple-Mail-181--642395636 Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit This is looking quite good. However, I think that there are a couple of unnecessary couplings: I do not think that trust is necessarily tied to actions. (I have the same issue with people who believe that obligations are actions). Also, I think it is not necessary to presuppose that the trusting party cannot perform the tasks in question. It is enough that he 'wishes' the other party to perform the task. frank On Mar 19, 2009, at 5:44 PM, Ken Laskey wrote: > Dave Ellis and I batted around some ideas this afternoon and I > believe we have a pretty clear picture. I've expanded somewhat as > I've tried to capture our discussion. Read on and see what you think. > > <trust_risk> > > Trust > ------- > Trust is a personal perception or conclusion that some entity will > perform actions that will lead to an identifiable set of real world > effects. Trust can be defined in two contexts: trust as part of > interaction and trust of actions in which the trusting party has no > active part. > > For trust in the context of interaction, the trusting party is > prepared to perform actions as part of an interaction with some > party, and that other party's actions can be considered a response. > The trusting party expects the response will to lead to real world > effects that are desired but which the trusting party cannot > accomplish by itself. For example, I submit an order for a book > with an online bookstore and supply my credit card information as > payment. This implies I trust the bookstore to send me the correct > book and not misuse my credit card. > > For trust without direct interaction, the trusting party is an > observer. The trusting party again expects some other entity to > perform actions leading to certain real world effects but those > actions are perceived to be independent of actions on the part of > the trusting party. The expected real world effects may be > considered desirable, undesirable, or neutral by the trusting > party. For example, I may trust a browser indicating an SSL > connection is sufficiently secure that I would be willing to provide > credit card information for transmittal to another party. > > Trust is based on evidence available to the trusting party. > Therefore, trust is not binary, i.e. a party is not completely > trusted or untrusted, because there is typically some degree of > uncertainty in the accuracy or completeness of the evidence. The > evidence may be physical artifacts or a set of information from > which the trusting party can assess the degree of trust. > > The degree of trust exists as a property of the trusting party with > respect to another party or class of parties. For example, I may > trust all police officers. If the trusting party is aware that > actions by numerous other parties are required in order to realize > certain real world effects, the collection of trust applicable to > each step may be considered a chain of trust. However, trust is not > transferred from the initial trusting party to others in the chain. > Rather, the initial trusting party has an overall trust with the > party participating in the initiating interaction, a trust that the > actions performed by all parties throughout the process will lead to > the expected effects. Each party in the chain has an individual > level of trust with its immediate interacting party, but this may > have little or no impact on the overall level of trust of the > initiating party. > > Risk > ------ > Risk is a personal perception or conclusion that certain undesirable > real world effects may come into being. As with trust, risk can > occur in the context of interaction or without actions on the part > of the party perceiving the risk. The party perceiving risk may > take actions to mitigate the risk. For example, I assess a high > degree of risk to clicking on an email link where I believe the > email to be spam, and I forgo any possible benefit by not clicking > on the link. Alternately, I see a risk in having a hard drive fail > and I mitigate the effect of losing files by backing up those I > consider important. > > As with trust, risk is not transferred along a chain but risk may be > accepted as part of an interaction. Consider two scenarios. In the > first, a sender desires to send a family photograph to another > family member who acts as the receiver. The photograph is sent by > way of a courier service and insured for $200. While the photograph > is in transit, the sender has the risk the irreplaceable photograph > can be lost. The courier's risk is the cost of the $200 insurance > and there is no sense of additional risk because of the nature of > the photograph. There is an acceptance of risk by the courier but > not a transfer from the sender; the sender continues to have the > original risk of loss. > > As a second scenario, consider the same sender and courier but this > time the item being sent is something easily purchased for $200. > Once the courier agrees to insuring the package, the sender is > relieved of all risk except for possibly the inconvenience of the > insurance claim and purchasing the replacement. The courier has the > identical risk as in the first scenario -- the cost of the $200 > insurance. > > Relationship between trust and risk > ------------------------------------------------ > A party's actions are based on a combination of perceived trust and > perceived risk. If there is little or no perceived risk, then the > degree of trust may not be relevant in assessing possible actions. > For example, most people consider there to be an acceptable level of > risk to privacy when using search engines, and submit queries > without any sense of trust being considered. > > As perceived risk increases, the issue of trust becomes more of a > consideration. There are recognized risks in providing or accepting > credit cards as payment, and standard procedures have been put in > place to increase trust by mitigating risk. For interactions with a > high degree of risk, the trusting party requires stronger or > additional evidence when evaluating the balance between risk and > trust when deciding whether to participate in an interaction. > > </trust_risk> > > Now this is a fairly general discussion of trust and risk. While a > decent lead-in (assuming concurrence after some degree of > modification), what is missing is how this relates to SOA. Do > activities in a SOA ecosystem merely mirror other activities, and > thus trust and risk are applicable in the same ways? Or, is there > something special in SOA? I expect David will tell us there are > special things, and that is what we need to capture next. > > Ken > > ----------------------------------------------------------------------------- > Ken Laskey > MITRE Corporation, M/S H305 phone: 703-983-7934 > 7515 Colshire Drive fax: 703-983-1379 > McLean VA 22102-7508 > > > > > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php --Apple-Mail-181--642395636 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIID2zCCA9cw ggK/oAMCAQICAQEwCwYJKoZIhvcNAQEFMHMxFzAVBgNVBAMMDkZyYW5jaXMgTWNDYWJlMRMwEQYD VQQIDApDYWxpZm9ybmlhMQswCQYDVQQGEwJVUzESMBAGA1UEBwwJQ3VwZXJ0aW5vMSIwIAYJKoZI hvcNAQkBFhNmcmFua21jY2FiZUBtYWMuY29tMB4XDTA4MDYxOTIxMjAwMFoXDTA5MDYxOTIxMjAw MFowczEXMBUGA1UEAwwORnJhbmNpcyBNY0NhYmUxEzARBgNVBAgMCkNhbGlmb3JuaWExCzAJBgNV BAYTAlVTMRIwEAYDVQQHDAlDdXBlcnRpbm8xIjAgBgkqhkiG9w0BCQEWE2ZyYW5rbWNjYWJlQG1h Yy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPQI1Mv2XXii4OgIjYaujcFZYl bTJcOySOPrvGRXmcUSgRuq2h5lLKsPaaaSuEXgTC6yBnbMYWSN4pibJAWTQTfoc5gshQYD/8aXfJ R2BI8V3W/wL82nDQ/3hJeESs0PrgthdTiUSpq0vyJeaICpUdFebucEplI2PGGhLCDc78ouURrJwR M1N7uYt1pXh1hDwG8wEVridHHgS2tWY6gB12xJqog/0F5x6WKg9HNV0nR6qNRho1O8hAwMTjlg4i ckcpoQFW9OY2K/dHUwQa2OM9q9lY5EdDMA3eSR+LdTGeo307vTtgYjTTxgjuTBusHp7POK396Kpi ZrlsPux7xAhpAgMBAAGjeDB2MA4GA1UdDwEB/wQEAwIEsDBEBgNVHSUBAf8EOjA4BggrBgEFBQcD BAYJKoZIhvdjZAQCBgkqhkiG92NkBAMGCiqGSIb3Y2QDAgIGCiqGSIb3Y2QDAgMwHgYDVR0RBBcw FYETZnJhbmttY2NhYmVAbWFjLmNvbTANBgkqhkiG9w0BAQUFAAOCAQEAIUMxbyVUw3Vc8ztywYOE DYzhMpS4134RfePwKEJcCHBQ8dOSuqFudwX8zRCDgEg/04FHEPvUf/4BZl0vp3SjMvWBAJEzXvdL 6xt9JiiL5O/Wf0opHA3YzNLPSD+5uOvn17b6HOgpGl4at/8y10HOUtjoJ8++fdQ/+tcpebEFCkY3 KcY62dKkLWKO+DUGNyeZCwFRlTkw6TFtll5rsqLEWAQ0RTRW2vl8mVbuzS8uJtddbxZdjT6BS//+ 3V7p2NCbYrHpHaGgsEYUZDSbfylHRgj+Hf23dJjI7bujV3DNGhNwaDsuzFZRbMlngb4ZGmv5yv9O UaBb/FALgiBxL57KQjGCAxYwggMSAgEBMHgwczEXMBUGA1UEAwwORnJhbmNpcyBNY0NhYmUxEzAR BgNVBAgMCkNhbGlmb3JuaWExCzAJBgNVBAYTAlVTMRIwEAYDVQQHDAlDdXBlcnRpbm8xIjAgBgkq hkiG9w0BCQEWE2ZyYW5rbWNjYWJlQG1hYy5jb20CAQEwCQYFKw4DAhoFAKCCAXMwGAYJKoZIhvcN AQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDkwMzIwMDA1MjA2WjAjBgkqhkiG9w0B CQQxFgQU8ikDjpM/wUBHMZ2ZTe78bjUdfuUwgYcGCSsGAQQBgjcQBDF6MHgwczEXMBUGA1UEAwwO RnJhbmNpcyBNY0NhYmUxEzARBgNVBAgMCkNhbGlmb3JuaWExCzAJBgNVBAYTAlVTMRIwEAYDVQQH DAlDdXBlcnRpbm8xIjAgBgkqhkiG9w0BCQEWE2ZyYW5rbWNjYWJlQG1hYy5jb20CAQEwgYkGCyqG SIb3DQEJEAILMXqgeDBzMRcwFQYDVQQDDA5GcmFuY2lzIE1jQ2FiZTETMBEGA1UECAwKQ2FsaWZv cm5pYTELMAkGA1UEBhMCVVMxEjAQBgNVBAcMCUN1cGVydGlubzEiMCAGCSqGSIb3DQEJARYTZnJh bmttY2NhYmVAbWFjLmNvbQIBATANBgkqhkiG9w0BAQEFAASCAQCRgjScTSht0bwKclEBgpkR5K3V zmgl5gQ2Z5XPRi5uObDW1FTf9dGNUXXWCKf4Bg77afnjF9NwQJXxiDX6Pnt7YigsIQiejdQtejgU ZLgjAH0YCKDiq/6SEq5iVVCmfvEroVCiIpS1J/gDb7vrKyarB69obKH170ZAyLqBNjStcGRq1TM9 fvLBGPNWOBi1AHz54vCaxHmjxxG1J9PXY/HCpHahPv9aJx9CHJCAq0tKW6xnEkPBEGUTkHw3Y7yh txbe0Y9zWaSN+c7Pyjvo4p7W2vViGIfM4XzsYt3Lh/OYWK4/UQo3kKgFDB5MGDUU22hCi5ElyiOJ SHUp+OVLtkP2AAAAAAAA --Apple-Mail-181--642395636--
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]