Re: [soa-rm-ra] potential text for trust in RA

["Mike Poulin" <mpoulin@usa.com>]

Hi Frank,

I agree with all statements here but have just two notes:

 

1) in the phrase ' The  evidence may be physical artifacts or a set of information from which   the trusting actor can assess the degree of trust ', I think it may be helpful to the reader to add: '...actor can assess the degree of trust and risk '

2) In the following paragraphs, I think that given example does not illustrate the statement. The intermediary's goal/purpose (without any interactions) is 'Transmitting the message' by definition; there is no new goal adoption, it always was in place (with the intermediary). 

 

Here is my example for you: Participant 1 interacts with Participant 2 by sending a message; the message content is such the Participant 2 has to violate its own restrictions. When Participant 2 adopts the goal of Participant 1 and acts correspondingly, associated control reports the violation and disallows the RWE. This is a typical case in security.

 

Scenario: an end-user/intruder engages an application to retrieve the data from the database that the user may not see. If security is not properly constructed and the data gets retieved from the database first and only then blocked from the user, the data still may be intercepted by the intruder who already altered the application but still could not get into the database.

 

'

It is important to note that the goal adopted by one actor as a result  of an interaction need not be the same goal as that of the originating  actor. In many situations, the adopted goal is not all 

the same and  may even be contrary to the desires of the original actor.

For example, if an actor wishes to use a third party to securely  transmit a message to an interaction partner, the actor needs the  intermediary to adopt the goal of transmitting the message,  

potentially without even being aware of the actual goals involved.'

- Michael

 

 

 

 

 

 

 

 

 

----- Original Message -----
From: "Francis McCabe" <FRANKMCCABE@MAC.COM>
To: "soa-rm-ra@lists.oasis-open.org RA"
Subject: [soa-rm-ra] potential text for trust in RA
Date: Wed, 25 Mar 2009 08:48:21 -0700



1.1.1 Trust and Accountability
An important aspect of the relationship between participants in a
social structure is the trust that they have in their interactions
with each other. Trust arises in situations where one actor
interacts with another actor with the objective of getting the
latter to perform some task or achieve some goal on behalf of the
former.

Goal Adoption

An actor may adopt a goal as a result of interacting with another actor.

A consequence of an actor adopting a goal on behalf of another
actor is that the actor becomes accountable to the latter for the
successful satisfaction of the goal.

Accountability

An actor is accountable to another actor when the former agrees to
achieve a goal adopted from the latter.

It is important to note that the goal adopted by one actor as a
result of an interaction need not be the same goal as that of the
originating actor. In many situations, the adopted goal is not all
the same and may even be contrary to the desires of the original
actor.

For example, if an actor wishes to use a third party to securely
transmit a message to an interaction partner, the actor needs the
intermediary to adopt the goal of transmitting the message,
potentially without even being aware of the actual goals involved.

The foundation for successful interaction of this form between
actors is their mutual trust in each other – counter-balanced by
the risks perceived.

Trust

Trust is an actor’s private perception of the commitment another
actor has to a goal together with an identifiable set of real
world effects associated with that goal.

Typically, it is not important to know how the real world effect
may be realized, as the specific actions required may be private,
but the trusting actor believes that these actions will be
sufficient to result in the goal being satisfied.

Trust should not be confused with the simpler, more technical
concept, of one participant trusting that their partner in an
interaction is who they purport to be.

Evidence of Trust

Evidence of trust is the set of observable assertions that a
stakeholder may use to measure trust.

Trust is based on evidence available to the trusting actor. The
evidence may be physical artifacts or a set of information from
which the trusting actor can assess the degree of trust. The
evidence may include a history of previous interaction with the
trusting actor or can be based on the public reputation reflecting
the experience of others in dealing with the prospective actor.

Reputation

A social expression of the perception of trust.

Trust is not binary, i.e. an actor is neither completely trusted
nor untrusted, because there is typically some degree of
uncertainty in the accuracy or completeness of the evidence. Trust
is based on the confidence the trusting actor has in the accuracy
and sufficiency of the gathered evidence.

The degree of trust exists as a property of the trusting actor with
respect to another actor or class of actors; the reputation of an
actor or class of actors may predispose the trusting actor to a
certain extent.

If the trusting actor is aware that actions by numerous other
actors are required in order to realize certain real world
effects, the collection of trust applicable to each step may be
considered a chain of trust.

Chain of trust

A chain of trust is an extended set of trust relationships between
actors in which one actor trusts another by virtue of the fact that
there is one or more intermediaries that are, in turn, trusted by
the original trusting actor and also trust the target actor.

Typically, chains of trust do not extend very far as the issues
involved in perceiving the true intentions of actors are complex
and inherently opaque.

Risk

Risk is an actor’s private perception that another actor’s actions
will not lead to results that help achieve the first actor’s
objectives.
<< smime.p7s >>

--

Be Yourself @ mail.com!
Choose From 200+ Email Addresses
Get a Free Account at www.mail.com!