Re: [soa-rm-ra] comments on 20090408 trust

[Rex Brooks <rexb@starbourne.com>]

Thanks Frank,

I'm adding my comments inline, after reading 
Ken's comments and yours, rather than as replies 
to your comments at end. Obviously, I'm tilting 
at windmills in a couple of important places.

Cheers,
Rex

At 8:58 PM -0700 4/19/09, Francis McCabe wrote:
>Ken
>  Commenting on doc files is v. painful.
>
>  If we need to hash it, it should be in plain 
>text. This is from a cut and paste of the 
>document (the footnotes have been automatically 
>converted!)
>
>3.2.3 Trust and Accountability
>
>An important aspect of the relationship between 
>participants in a social structure is the trust 
>that they have in their interactions with each 
>other. Trust arises in situations where one 
>actor interacts with another actor with the 
>objective of getting the latter to perform some 
>task or achieve some goal on behalf[D1]  of the 
>former.

I don't think Trust requires the "on behalf" 
clause. Accountability does. I don't think "goal" 
applies, RWE does.

Suggestion: "Trust arises in situations where one 
actor interacts with another actor and the latter 
consents to perform some task to achieve some 
Real World Effect in which the former has an 
expressed interest."

>
>
>Goal Adoption
>
>An actor may adopt a goal as a result of interacting with another actor.
>
>[D2]

There is no need to identify whose goal is 
adopted or why, so I think this is fine. How the 
goals of the parties align is not our concern in 
this definition.

>
>A consequence of an actor adopting a goal on 
>behalf of another actor is that the actor 
>becomes accountable to the latter for the 
>successful satisfaction of the goal.

Suggestion: "When an actor consents to adopt a 
goal on behalf of another actor, the former 
becomes accountable to the latter for the 
successful satisfaction of the goal.

This is different from Trust because "goal" 
applies, not RWE. RWE may be the result or one 
result among others. We need to think this 
through because I think Trust is based on RWE but 
Accountability is based on Goal which may have 
several RWEs or none.

>
>
>
>Accountability
>
>An actor is accountable to another actor when 
>the former consents to achieve an identified 938
>
>goal.
>
>[D3]
>
>It is important to note that the goal adopted by 
>one actor as a result of an interaction need not 
>be the same goal as that of the originating 
>actor. In many situations, the adopted goal is 
>not all the same and may even be contrary to the 
>desires of the original actor.
>
>
>
>For example, if an actor wishes to use a third 
>party to securely transmit a message to an 
>interaction partner, the actor needs the 
>intermediary to adopt the goal of transmitting 
>the message, potentially without even being 
>aware of the actual goals involved.[D4]
>
>
>
>The foundation for successful interaction of 
>this form between actors is their mutual trust 
>in each other - counter-balanced by the risks 
>perceived.
>
>
>
>Trust
>
>Trust is an actor's private perception of the 
>commitment [D5] another actor has to a goal 
>together with an identifiable set of real world 
>effects associated with that goal.

Obviously, I think Trust applies to RWE not goal. 
I don't expect to get this position adopted.

Suggestion: Trust is an actor's private 
perception of the commitment of another actor to 
the Real World Effect(s) specified in a 
transaction or interaction.

>
>
>
>Typically, it is not important to know how the 
>real world effect may be realized, as the 
>specific actions required may be private, but 
>the trusting actor believes that these actions 
>will be sufficient to result in the goal being 
>satisfied.
>
>
>
>Trust should not be confused with the simpler, 
>more technical concept, of one participant 
>trusting that their partner in an interaction is 
>who they purport to be. [D6]
>
>
>
>Trust Decision[D7]  956
>
>A trust decision is an internal action performed 
>by an actor to make a commitment to perform an 
>action in the future.

I like this better than Degree of Balance.

>
>
>When making a choice whether or not to trust an 
>actor many factors may be important - an 
>assessment of the trustworthiness of the parties 
>involved, an assessment of the risks involved 
>and a balance of the merits of making the choice.
>
>
>
>Evidence of Trust
>
>Evidence of trust is the set of observable 
>assertions[D8]  that a stakeholder may use to 
>measure trust.

Suggestion: Evidence of trust is the set of 
testable assertions which can be measured in Real 
World Effects that a stakeholder may use to make 
a Trust Decision.

>
>
>Trust is based on evidence available to the 
>trusting actor[D9] .  The evidence may be 
>physical artifacts or a set of information from 
>which the trusting actor can assess the degree 
>of trust.  The evidence may include a history of 
>previous interaction with the trusting actor or 
>can be based on the public reputation reflecting 
>the experience of others in dealing with the 
>prospective actor.
>

I'd say "Trust may be based..." Would that it 
were so, then we wouldn't have the fiascos we 
regularly endure.

>
>
>Reputation 968
>
>A social expression of the perception of trust.[D10]

I agree with Ken. Needs to be crisper: Accumulation of observable results.

>
>
>Trust is not binary, i.e. an actor is neither 
>completely trusted nor untrusted, because there 
>is typically some degree of uncertainty in the 
>accuracy or completeness of the evidence. Trust 
>is based on the confidence the trusting actor 
>has in the accuracy and sufficiency of the 
>gathered evidence.
>
>
>
>The degree of trust exists as a property of the 
>trusting actor with respect to another actor or 
>class of actors; the reputation of an actor or 
>class of actors may predispose the trusting 
>actor to a certain extent.
>
>
>
>If the trusting actor is aware that actions by 
>numerous other actors are required in order to 
>realize certain real world effects, the 
>collection of trust applicable to each step may 
>be considered a chain of trust.
>
>
>
>Chain of Trust
>
>A chain of trust is an extended set of trust 
>relationships between actors in which one actor 
>trusts another by virtue of the fact that there 
>is one or more intermediaries that are, in turn, 
>trusted by the original trusting actor and also 
>trust the target actor.

Agree with Ken. Needs to be tweaked such that 
opaque intermediary services are included in the 
trust of aggregators.

>
>[D11]
>
>Typically, chains of trust do not extend very 
>far as the issues involved in perceiving the 
>true intentions of actors are complex and 
>inherently opaque.
>
>
>
>Risk
>
>Risk is an actor's private perception that 
>another actor's actions will impede the first 
>actor's objectives.[D12]

Needs work.

Suggestion: Risk is an actor's private perception 
that another actor's actions will result in 
undesirable Real World Effects.

>
>
>An actor°òs actions are based on a combination 
>of perceived trust and perceived risk. If there 
>is little or no perceived risk, then the degree 
>of trust may not be relevant in assessing 
>possible actions.  For example, most people 
>consider there to be an acceptable level of risk 
>to privacy when using search engines, and submit 
>queries without any sense of trust being 
>considered.
>
>
>
>As perceived risk increases, the issue of trust 
>becomes more of a consideration. There are 
>recognized risks in providing or accepting 
>credit cards as payment, and standard procedures 
>have been put in place to increase trust or, at 
>a minimum, bringing trust and risk into balance 
>by mitigating risk. For interactions with a high 
>degree of risk, the trusting actor requires 
>stronger or additional evidence when evaluating 
>the balance between risk and trust when deciding 
>whether to participate in an interaction.
>
>
>
>
>
>  [D1]The Trusting Actor wants the Trusted Actor 
>to do something. It is not necessarily something 
>on behalf of the Trusting Actor but just 
>something the Trusted Actor is prepared to do.
>
>  >>>> Actually, while I agree completely that 
>actors do what they want to do, I think that 
>there is no trust involved if there is no 
>connection between the actors over what one is 
>going to do for the other.
>
>  [D2]The Trusted Actor does not adopt the goals 
>of the Trusting Actor but rather acts according 
>to its own goals.  If the Trusted Actor is 
>engaged in a phishing con, its goals have 
>nothing to do with the Trusting Actor's goals. 
>In many cases, including legitimate ones, the 
>Trusted Actor already has goals and is merely 
>acting to satisfy these and adopting nothing.
>
>  >>>> Again, stipulated that actors do their own 
>thing; which may well be at variance with the 
>intent of the trusting actor. However, trust 
>must be about something that both actors can 
>relate to. Even if the result is to break the 
>trust, there must be something to break!
>
>  [D3]This is only true if accountability is part 
>of the agreed to interaction.  The perception of 
>accountability is part of reputation.
>
>  >>>> There very likely to be limits to 
>accountability. The concept itself refers to the 
>stance that the actors have to each other after 
>agreement. I do not think that accountability 
>should be mixed in with reputation.
>
>  [D4]Again, if my business is to transmit 
>messages, I will transmit yours because that is 
>my existing goal.  Transmitting your message 
>satisfies my goal.
>
>  >>>> Of course, that is what I was trying to communicate
>
>  [D5]A sense of the Trusted Actor's commitment 
>may affect my perception of trust and risk, but 
>my trust is in seeing real world effects I want. 
>The real world effects the Trusted Actor wants 
>is private to them and not directly my interest.
>
>  >>>> We are trying to nail down what it means 
>to trust another actor; not whether or not the 
>actor is trustworthy.
>
>  [D6]Unnecessary here.
>
>   >>>> Perhaps. But I do feel that the IT 
>version of trust is not what we are addressing 
>here.
>
>  [D7]This is akin to the Degree of Balance I introduced
>
>   >>>> I know. I was trying to codify the 
>important concepts in trusting someone. I feel 
>that the decision is the pivot and the evidence 
>is the lever.
>
>  [D8]Real world effects.  What is observable per the RM is shared state.
>
>   >>>> Shared state is the set of facts that is 
>potentially knowable by the parties involved. 
>State itself is observed by making observations 
>of the world -- a fact in a shared state is 
>measurable or it is of no interest to us.
>
>  [D9]This should be formally defined and used consistently.
>
>   >>>> Agreed.
>
>  [D10]This is too mushy.  Prefer defining as an 
>accumulation of observations of real world 
>effects.
>
>   >>>> Reputation is inherently social. I am in 
>favour of tightening this up; but do not want to 
>lose the social aspect. Reputation, like trust, 
>is based on evidence but is not the same thing 
>as that evidence.
>
>  [D11]Disagree for SOA.  I trust the actor with 
>whom I interact.  The "chain" is typically 
>private and unknown to me.  If the Trusted Actor 
>wants to expose private details, that may affect 
>my perception of trust and risk but any 
>assumption that this is required will violate 
>opacity.
>
>  >>>> This was included because of David's 
>concerns. Strongly related to service 
>composition.
>
>  [D12]You've now introduced objectives!  Risk 
>needs to be in terms of undesirable real world 
>effects in order to tie all this together.
>
>  >>>> Sure, no problem. I used it objectives as 
>short hand for desired RWEs. There is risk of 
>not producing desired results, and risk of 
>producing undesired results.
>
>
>
>
>Attachment converted: Macintosh HD:smime 1038.p7s (    /    ) (01653AE5)


--
Rex Brooks
President, CEO
Starbourne Communications Design
GeoAddress: 1361-A Addison
Berkeley, CA 94702
Tel: 510-898-0670