Re: [soa-rm-ra] comments on 20090408 trust

3.2.3 Trust and Accountability

An important aspect of the relationship between participants in a social structure is the trust that they have in their interactions with each other. Trust arises in situations where one actor interacts with another actor with the objective of getting the latter to perform some task or achieve some goal on behalf[D1] of the former.

Goal Adoption

An actor may adopt a goal as a result of interacting with another actor.

[D2]

A consequence of an actor adopting a goal on behalf of another actor is that the actor becomes accountable to the latter for the successful satisfaction of the goal.

Accountability

An actor is accountable to another actor when the former consents to achieve an identified 938

goal.

[D3]

It is important to note that the goal adopted by one actor as a result of an interaction need not be the same goal as that of the originating actor. In many situations, the adopted goal is not all the same and may even be contrary to the desires of the original actor.

For example, if an actor wishes to use a third party to securely transmit a message to an interaction partner, the actor needs the intermediary to adopt the goal of transmitting the message, potentially without even being aware of the actual goals involved.[D4]

The foundation for successful interaction of this form between actors is their mutual trust in each other – counter-balanced by the risks perceived.

Trust

Trust is an actor’s private perception of the commitment [D5] another actor has to a goal together with an identifiable set of real world effects associated with that goal.

Typically, it is not important to know how the real world effect may be realized, as the specific actions required may be private, but the trusting actor believes that these actions will be sufficient to result in the goal being satisfied.

Trust should not be confused with the simpler, more technical concept, of one participant trusting that their partner in an interaction is who they purport to be. [D6]

Trust Decision[D7] 956

A trust decision is an internal action performed by an actor to make a commitment to perform an action in the future.

When making a choice whether or not to trust an actor many factors may be important – an assessment of the trustworthiness of the parties involved, an assessment of the risks involved and a balance of the merits of making the choice.

Evidence of Trust

Evidence of trust is the set of observable assertions[D8] that a stakeholder may use to measure trust.

Trust is based on evidence available to the trusting actor[D9] . The evidence may be physical artifacts or a set of information from which the trusting actor can assess the degree of trust. The evidence may include a history of previous interaction with the trusting actor or can be based on the public reputation reflecting the experience of others in dealing with the prospective actor.

Reputation 968

A social expression of the perception of trust.[D10]

Trust is not binary, i.e. an actor is neither completely trusted nor untrusted, because there is typically some degree of uncertainty in the accuracy or completeness of the evidence. Trust is based on the confidence the trusting actor has in the accuracy and sufficiency of the gathered evidence.

The degree of trust exists as a property of the trusting actor with respect to another actor or class of actors; the reputation of an actor or class of actors may predispose the trusting actor to a certain extent.

If the trusting actor is aware that actions by numerous other actors are required in order to realize certain real world effects, the collection of trust applicable to each step may be considered a chain of trust.

Chain of Trust

A chain of trust is an extended set of trust relationships between actors in which one actor trusts another by virtue of the fact that there is one or more intermediaries that are, in turn, trusted by the original trusting actor and also trust the target actor.

[D11]

Typically, chains of trust do not extend very far as the issues involved in perceiving the true intentions of actors are complex and inherently opaque.

Risk

Risk is an actor’s private perception that another actor’s actions will impede the first actor’s objectives.[D12]

An actorʼs actions are based on a combination of perceived trust and perceived risk. If there is little or no perceived risk, then the degree of trust may not be relevant in assessing possible actions. For example, most people consider there to be an acceptable level of risk to privacy when using search engines, and submit queries without any sense of trust being considered.

As perceived risk increases, the issue of trust becomes more of a consideration. There are recognized risks in providing or accepting credit cards as payment, and standard procedures have been put in place to increase trust or, at a minimum, bringing trust and risk into balance by mitigating risk. For interactions with a high degree of risk, the trusting actor requires stronger or additional evidence when evaluating the balance between risk and trust when deciding whether to participate in an interaction.

[D1]The Trusting Actor wants the Trusted Actor to do something. It is not necessarily something on behalf of the Trusting Actor but just something the Trusted Actor is prepared to do.

>>>> Actually, while I agree completely that actors do what they want to do, I think that there is no trust involved if there is no connection between the actors over what one is going to do for the other.

[D2]The Trusted Actor does not adopt the goals of the Trusting Actor but rather acts according to its own goals. If the Trusted Actor is engaged in a phishing con, its goals have nothing to do with the Trusting Actor’s goals. In many cases, including legitimate ones, the Trusted Actor already has goals and is merely acting to satisfy these and adopting nothing.

>>>> Again, stipulated that actors do their own thing; which may well be at variance with the intent of the trusting actor. However, trust must be about something that both actors can relate to. Even if the result is to break the trust, there must be something to break!

[D3]This is only true if accountability is part of the agreed to interaction. The perception of accountability is part of reputation.

>>>> There very likely to be limits to accountability. The concept itself refers to the stance that the actors have to each other after agreement. I do not think that accountability should be mixed in with reputation.

[D4]Again, if my business is to transmit messages, I will transmit yours because that is my existing goal. Transmitting your message satisfies my goal.

>>>> Of course, that is what I was trying to communicate

[D5]A sense of the Trusted Actor’s commitment may affect my perception of trust and risk, but my trust is in seeing real world effects I want. The real world effects the Trusted Actor wants is private to them and not directly my interest.

>>>> We are trying to nail down what it means to trust another actor; not whether or not the actor is trustworthy.

[D6]Unnecessary here.

>>>> Perhaps. But I do feel that the IT version of trust is not what we are addressing here.

[D7]This is akin to the Degree of Balance I introduced

>>>> I know. I was trying to codify the important concepts in trusting someone. I feel that the decision is the pivot and the evidence is the lever.

[D8]Real world effects. What is observable per the RM is shared state.

>>>> Shared state is the set of facts that is potentially knowable by the parties involved. State itself is observed by making observations of the world -- a fact in a shared state is measurable or it is of no interest to us.

[D9]This should be formally defined and used consistently.

>>>> Agreed.

[D10]This is too mushy. Prefer defining as an accumulation of observations of real world effects.

>>>> Reputation is inherently social. I am in favour of tightening this up; but do not want to lose the social aspect. Reputation, like trust, is based on evidence but is not the same thing as that evidence.

[D11]Disagree for SOA. I trust the actor with whom I interact. The “chain” is typically private and unknown to me. If the Trusted Actor wants to expose private details, that may affect my perception of trust and risk but any assumption that this is required will violate opacity.

>>>> This was included because of David's concerns. Strongly related to service composition.

[D12]You’ve now introduced objectives! Risk needs to be in terms of undesirable real world effects in order to tie all this together.

soa-rm-ra message