OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

soa-rm-ra message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [soa-rm-ra] Trust and risk


At 10:17 PM -0400 3/19/09, Ken Laskey wrote:
>see just a few responses inline.  Most of your 
>comments will take a little thought to include 
>but are reasonable.  Right now, my Hemingway 
>moment has passed.
>On Mar 19, 2009, at 10:04 PM, Rex Brooks wrote:
>
>>Thanks Ken, Dave,
>>
>>Can we set up a three-way conference in the near future, like maybe
>>tomorrow? Please see my previous post for context.
>>
>>Comments inline
>>
>>At 8:44 PM -0400 3/19/09, Ken Laskey wrote:
>>>Dave Ellis and I batted around some ideas this afternoon and I
>>>believe we have a pretty clear picture.  I've expanded somewhat as
>>>I've tried to capture our discussion.  Read on and see what you
>>>think.
>>>
>>><trust_risk>
>>>
>>>Trust
>>>-------
>>>Trust is a personal perception or conclusion that some entity will
>>>perform actions that will lead to an identifiable set of real world
>>>effects.  Trust can be defined in two contexts: trust as part of
>>>interaction and trust of actions in which the trusting party has no
>>>active part.
>>
>>I'd use assessment instead of conclusion, and I still like "personal
>>assessment or internal perception" but I don't prefer it so much that
>>I'd lose sleep over it. I'd also term the two context types as:
>>"interaction-based experience" context with an example of the
>>trusting party having interacted previously with the trusted party;
>>and,
>>"state-based"  willingness context to trust based on the trusted
>>party's reputation with an example of a trusted service having
>>established a reputation for trustworthiness in the ecosystem.
>>
>>>For trust in the context of interaction, the trusting party is
>>>prepared to perform actions as part of an interaction with some
>>>party, and that other party's actions can be considered a response.
>>>The trusting party expects the response will to lead to real world
>>>effects that are desired but which the trusting party cannot
>>>accomplish by itself.  For example, I submit an order for a book
>>>with an online bookstore and supply my credit card information as
>>>payment.  This implies I trust the bookstore to send me the correct
>>>book and not misuse my credit card.
>>
>>I'd tweak it a bit, with personal experience leading to trusted
>>party's willingness to perform actions as part of an interaction.
>>
>>>For trust without direct interaction, the trusting party is an
>>>observer.  The trusting party again expects some other entity to
>>>perform actions  leading to certain real world effects but those
>>>actions are perceived to be independent of actions on the part of
>>>the trusting party.  The expected real world effects may be
>>>considered desirable, undesirable, or neutral by the trusting party.
>>>For example, I may trust a browser indicating an SSL connection is
>>>sufficiently secure that I would be willing to provide credit card
>>>information for transmittal to another party.
>>
>>I'd tweak it a bit with the expectation of the trusting party being
>>based on the state of the trusted party's reputation in the ecosystem.
>>
>>>Trust is based on evidence available to the trusting party.
>>>Therefore, trust is not binary, i.e. a party is not completely
>>>trusted or untrusted, because there is typically some degree of
>>>uncertainty in the accuracy or completeness of the evidence.  The
>>>evidence may be physical artifacts or a set of information from
>>>which the trusting party can assess the degree of trust.
>>
>>I think what is meant is bi-drectional not binary (purely
>>machine-understandable/processable v. human-readable).
>
>No, I meant binary.  Trust is not yes I do or no 
>I don't.  There is (see below) a balance with 
>risk I need to achieve, possibly a minimum 
>threshold, but trust isn't [0,1].

Cool.

>>
>>
>>>The degree of trust exists as a property of the trusting party with
>>>respect to another party or class of parties.  For example, I may
>>>trust all police officers.  If the trusting party is aware that
>>>actions by numerous other parties are required in order to realize
>>>certain real world effects,  the collection of trust applicable to
>>>each step may be considered a chain of trust.  However, trust is not
>>>transferred from the initial trusting party to others in the chain.
>>
>>Good point, but the example moves out of the scope of the RA. It
>>would be better to say one may trust all reports made by police
>>officers in a service such as a criminal history reporting service
>>and I think that works better to establish the chain of trust.
>>
>>>Rather, the initial trusting party has an overall trust with the
>>>party participating in the initiating interaction, a trust that the
>>>actions performed by all parties throughout the process will lead to
>>>the expected effects.  Each party in the chain has an individual
>>>level of trust with its immediate interacting party, but this may
>>>have little or no impact on the overall level of trust of the
>>>initiating party.
>>>
>>>Risk
>>>------
>>>Risk is a personal perception or conclusion that certain undesirable
>>>real world effects may come into being.  As with trust, risk can
>>>occur in the context of interaction or without actions on the part
>>>of the party perceiving the risk.  The party perceiving risk may
>>>take actions to mitigate the risk.  For example, I assess a high
>>>degree of risk to clicking on an email link where I believe the
>>>email to be spam, and I forgo any possible benefit by not clicking
>>>on the link.  Alternately, I see a risk in having a hard drive fail
>>>and I mitigate the effect of losing files by backing up those I
>>>consider important.
>>
>>Excellent.
>>
>>>As with trust, risk is not transferred along a chain but risk may be
>>>accepted as part of an interaction.  Consider two scenarios.  In the
>>>first, a sender desires to send a family photograph to another
>>>family member who acts as the receiver.  The photograph is sent by
>>>way of a courier service and insured for $200.  While the photograph
>>>is in transit, the sender has the risk the irreplaceable photograph
>>>can be lost.  The courier's risk is the cost of the $200 insurance
>>>and there is no sense of additional risk because of the nature of
>>>the photograph.  There is an acceptance of risk by the courier but
>>>not a transfer from the sender; the sender continues to have the
>>>original risk of loss.
>>>
>>>As a second scenario, consider the same sender and courier but this
>>>time the item being sent is something easily purchased for $200.
>>>Once the courier agrees to insuring the package, the sender is
>>>relieved of all risk except for possibly the inconvenience of the
>>>insurance claim and purchasing the replacement.  The courier has the
>>>identical risk as in the first scenario -- the cost of the $200
>>>insurance.
>>>
>>>Relationship between trust and risk
>>>------------------------------------------------
>>>A party's actions are based on a combination of perceived trust and
>>>perceived risk.  If there is little or no perceived risk, then the
>>>degree of trust may not be relevant in assessing possible actions.
>>>For example, most people consider there to be an acceptable level of
>>>risk to privacy when using search engines, and submit queries
>>>without any sense of trust being considered.
>>>
>>>As perceived risk increases, the issue of trust becomes more of a
>>>consideration.  There are recognized risks in providing or accepting
>>>credit cards as payment, and standard procedures have been put in
>>>place to increase trust by mitigating risk.  For interactions with a
>>>high degree of risk, the trusting party requires stronger or
>>>additional evidence when evaluating the balance between risk and
>>>trust when deciding whether to participate in an interaction.
>>>
>>></trust_risk>
>>>
>>>Now this is a fairly general discussion of trust and risk.  While a
>>>decent lead-in (assuming concurrence after some degree of
>>>modification), what is missing is how this relates to SOA.  Do
>>>activities in a SOA ecosystem merely mirror other activities, and
>>>thus trust and risk are applicable in the same ways?  Or, is there
>>>something special in SOA?  I expect David will tell us there are
>>>special things, and that is what we need to capture next.
>>
>>I suggest a discussion of how evidence of trust and risk effect the
>>trusting party's level of confidence in the eventual outcome in the
>>real world effect, e.g. when perceived risk increases.
>>
>
>This still sounds like regular life, not SOA. 
>What can we specifically say is different or 
>special to SOA?  Maybe somehow tying evidence to 
>description, especially annotations and 
>metrics.
>Something about the likelihood you'll never be face-to-face.
>Something about the unanticipated consumer and the unanticipated use?

Right now, my brain is insisting on its right to 
go into standby mode, so I'll revisit maņana.


>Monitoring to collect evidence that may go 
>beyond metrics, e.g. Frank's "safe"?
>
>>Cheers,
>>Rex
>>
>>>Ken
>>>

Sayonara for tonight,
Rex

>>--
>>Rex Brooks
>>President, CEO
>>Starbourne Communications Design
>>GeoAddress: 1361-A Addison
>>Berkeley, CA 94702
>>Tel: 510-898-0670
>
>-----------------------------------------------------------------------------
>Ken Laskey
>MITRE Corporation, M/S H305      phone: 703-983-7934
>7515 Colshire Drive                         fax:       703-983-1379
>McLean VA 22102-7508


--
Rex Brooks
President, CEO
Starbourne Communications Design
GeoAddress: 1361-A Addison
Berkeley, CA 94702
Tel: 510-898-0670


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]