OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

soa-rm-ra message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [soa-rm-ra] comments on 20090408 trust

see inline.  Responding to both Rex and Frank in an inconsistently indented email was even more of a pain :-)


On Apr 20, 2009, at 11:22 AM, Rex Brooks wrote:

Thanks Frank,

I'm adding my comments inline, after reading
Ken's comments and yours, rather than as replies
to your comments at end. Obviously, I'm tilting
at windmills in a couple of important places.


At 8:58 PM -0700 4/19/09, Francis McCabe wrote:
Commenting on doc files is v. painful.

If we need to hash it, it should be in plain
text. This is from a cut and paste of the
document (the footnotes have been automatically

3.2.3 Trust and Accountability

An important aspect of the relationship between
participants in a social structure is the trust
that they have in their interactions with each
other. Trust arises in situations where one
actor interacts with another actor with the
objective of getting the latter to perform some
task or achieve some goal on behalf[D1]  of the

I don't think Trust requires the "on behalf"
clause. Accountability does. I don't think "goal"
applies, RWE does.

Suggestion: "Trust arises in situations where one
actor interacts with another actor and the latter
consents to perform some task to achieve some
Real World Effect in which the former has an
expressed interest."

Alternate suggestion:  Trust arises in situations where the Trusting Actor can assess that a Trusted Actor will perform tasks necessary to realize desired real world effects.

Goal Adoption

An actor may adopt a goal as a result of interacting with another actor.


There is no need to identify whose goal is
adopted or why, so I think this is fine. How the
goals of the parties align is not our concern in
this definition.

Each actor has goals and I think that is sufficient without bringing in the concept of adopting goals.  The term "adopting goals" implies an actor identified new goals as a result of the current interaction.  While this may be true in some cases, I believe the actors respond based on already existing goals.

A consequence of an actor adopting a goal on
behalf of another actor is that the actor
becomes accountable to the latter for the
successful satisfaction of the goal.

Suggestion: "When an actor consents to adopt a
goal on behalf of another actor, the former
becomes accountable to the latter for the
successful satisfaction of the goal.

This is different from Trust because "goal"
applies, not RWE. RWE may be the result or one
result among others. We need to think this
through because I think Trust is based on RWE but
Accountability is based on Goal which may have
several RWEs or none.

The suggested wording gets into a different issue, the details of the trusted delegate, and it gets confusing to introduce that before we've dealt with laying other groundwork.


An actor is accountable to another actor when
the former consents to achieve an identified 938



It is important to note that the goal adopted by
one actor as a result of an interaction need not
be the same goal as that of the originating
actor. In many situations, the adopted goal is
not all the same and may even be contrary to the
desires of the original actor.

For example, if an actor wishes to use a third
party to securely transmit a message to an
interaction partner, the actor needs the
intermediary to adopt the goal of transmitting
the message, potentially without even being
aware of the actual goals involved.[D4]

The foundation for successful interaction of
this form between actors is their mutual trust
in each other - counter-balanced by the risks


Trust is an actor's private perception of the
commitment [D5] another actor has to a goal
together with an identifiable set of real world
effects associated with that goal.

Obviously, I think Trust applies to RWE not goal.
I don't expect to get this position adopted.

Suggestion: Trust is an actor's private
perception of the commitment of another actor to
the Real World Effect(s) specified in a
transaction or interaction.

I'll go back to the text I drafted earlier:  Trust is a private assessment or internal perception that some entity will perform actions that will lead to an identifiable set of real world effects. 

Typically, it is not important to know how the
real world effect may be realized, as the
specific actions required may be private, but
the trusting actor believes that these actions
will be sufficient to result in the goal being

Trust should not be confused with the simpler,
more technical concept, of one participant
trusting that their partner in an interaction is
who they purport to be. [D6]

Trust Decision[D7]  956

A trust decision is an internal action performed
by an actor to make a commitment to perform an
action in the future.

I like this better than Degree of Balance.

See comment below for D7.

When making a choice whether or not to trust an
actor many factors may be important - an
assessment of the trustworthiness of the parties
involved, an assessment of the risks involved
and a balance of the merits of making the choice.

Evidence of Trust

Evidence of trust is the set of observable
assertions[D8]  that a stakeholder may use to
measure trust.

Suggestion: Evidence of trust is the set of
testable assertions which can be measured in Real
World Effects that a stakeholder may use to make
a Trust Decision.

Cut to the chase:  Evidence of trust is the set of Real World Effects that an actor [why switch to stakeholder?]may use to make a Trust Decision.

Trust is based on evidence available to the
trusting actor[D9] .  The evidence may be
physical artifacts or a set of information from
which the trusting actor can assess the degree
of trust.  The evidence may include a history of
previous interaction with the trusting actor or
can be based on the public reputation reflecting
the experience of others in dealing with the
prospective actor.

I'd say "Trust may be based..." Would that it
were so, then we wouldn't have the fiascos we
regularly endure.

Trust, as a perception, *is* based on evidence (where The evidence may be physical artifacts or a set of information from which the trusting Participant can assess the degree of trust.) but the evidence or the assessment may be lacking.

Reputation 968

A social expression of the perception of trust.[D10]

I agree with Ken. Needs to be crisper: Accumulation of observable results.

Trust is not binary, i.e. an actor is neither
completely trusted nor untrusted, because there
is typically some degree of uncertainty in the
accuracy or completeness of the evidence. Trust
is based on the confidence the trusting actor
has in the accuracy and sufficiency of the
gathered evidence.

The degree of trust exists as a property of the
trusting actor with respect to another actor or
class of actors; the reputation of an actor or
class of actors may predispose the trusting
actor to a certain extent.

If the trusting actor is aware that actions by
numerous other actors are required in order to
realize certain real world effects, the
collection of trust applicable to each step may
be considered a chain of trust.

Chain of Trust

A chain of trust is an extended set of trust
relationships between actors in which one actor
trusts another by virtue of the fact that there
is one or more intermediaries that are, in turn,
trusted by the original trusting actor and also
trust the target actor.

Agree with Ken. Needs to be tweaked such that
opaque intermediary services are included in the
trust of aggregators.

Actually, I go in the other direction and only bring in a chain of trust if there is a delegate who forgoes opacity and exposes the chain to ensure my trust compensates for risk.


Typically, chains of trust do not extend very
far as the issues involved in perceiving the
true intentions of actors are complex and
inherently opaque.


Risk is an actor's private perception that
another actor's actions will impede the first
actor's objectives.[D12]

Needs work.

Suggestion: Risk is an actor's private perception
that another actor's actions will result in
undesirable Real World Effects.

Risk is a private assessment or internal perception that certain undesirable real world effects may come into being.

An actor░˛s actions are based on a combination
of perceived trust and perceived risk. If there
is little or no perceived risk, then the degree
of trust may not be relevant in assessing
possible actions.  For example, most people
consider there to be an acceptable level of risk
to privacy when using search engines, and submit
queries without any sense of trust being

As perceived risk increases, the issue of trust
becomes more of a consideration. There are
recognized risks in providing or accepting
credit cards as payment, and standard procedures
have been put in place to increase trust or, at
a minimum, bringing trust and risk into balance
by mitigating risk. For interactions with a high
degree of risk, the trusting actor requires
stronger or additional evidence when evaluating
the balance between risk and trust when deciding
whether to participate in an interaction.

[D1]The Trusting Actor wants the Trusted Actor
to do something. It is not necessarily something
on behalf of the Trusting Actor but just
something the Trusted Actor is prepared to do.

Actually, while I agree completely that
actors do what they want to do, I think that
there is no trust involved if there is no
connection between the actors over what one is
going to do for the other.

Not so.  You are writing chunks of this RA because you have a goal of creating this guidance/elaboration/... of SOA.  You are not doing it for me.  From past experience, I have enough trust in you to consider differing views that I am willing to put in the time to interact.  I'm assuming you do the same.

[D2]The Trusted Actor does not adopt the goals
of the Trusting Actor but rather acts according
to its own goals.  If the Trusted Actor is
engaged in a phishing con, its goals have
nothing to do with the Trusting Actor's goals.
In many cases, including legitimate ones, the
Trusted Actor already has goals and is merely
acting to satisfy these and adopting nothing.

Again, stipulated that actors do their own
thing; which may well be at variance with the
intent of the trusting actor. However, trust
must be about something that both actors can
relate to. Even if the result is to break the
trust, there must be something to break!

See my comment above to Rex.  I agree that trust has to do with acting on understood intent, but that has nothing to do with adopting goals.

[D3]This is only true if accountability is part
of the agreed to interaction.  The perception of
accountability is part of reputation.

There very likely to be limits to
accountability. The concept itself refers to the
stance that the actors have to each other after
agreement. I do not think that accountability
should be mixed in with reputation.

As I noted above, accountability is a special attribute of the trusted delegate and in many (most?) cases, we have the interaction among peers with consistent goals and there is no need for a delegate role.  We need to talk about this later but after we've laid some other groundwork.  I think here is a connection between accountability and reputation, i.e. your history of accountability leads to your reputation, but it's not something that needs to be fully explored.

[D4]Again, if my business is to transmit
messages, I will transmit yours because that is
my existing goal.  Transmitting your message
satisfies my goal.

Of course, that is what I was trying to communicate

I was reacting to "the actor needs the intermediary to adopt the goal." 

[D5]A sense of the Trusted Actor's commitment
may affect my perception of trust and risk, but
my trust is in seeing real world effects I want.
The real world effects the Trusted Actor wants
is private to them and not directly my interest.

We are trying to nail down what it means
to trust another actor; not whether or not the
actor is trustworthy.

And I believe nailing it down should be in terms of RWE the trusting actor expects to occur.  The well-intentioned goal of the trusted actor may be irrelevant if I don't trust that actor can achieve that goal.

[D6]Unnecessary here.

Perhaps. But I do feel that the IT
version of trust is not what we are addressing

Parsimony :-)

[D7]This is akin to the Degree of Balance I introduced

I know. I was trying to codify the
important concepts in trusting someone. I feel
that the decision is the pivot and the evidence
is the lever.

I was never wedded to Degree of Balance as the name, but I think the Trust Decision is based on a balancing of trust and risk.  The Trust Decision may be there is insufficient trust for the risk and I will not perform an act in the future.

[D8]Real world effects.  What is observable per the RM is shared state.

Shared state is the set of facts that is
potentially knowable by the parties involved.
State itself is observed by making observations
of the world -- a fact in a shared state is
measurable or it is of no interest to us.

A change in shared state, i.e a real world effect, is what is measurable.

[D9]This should be formally defined and used consistently.


[D10]This is too mushy.  Prefer defining as an
accumulation of observations of real world

Reputation is inherently social. I am in
favour of tightening this up; but do not want to
lose the social aspect. Reputation, like trust,
is based on evidence but is not the same thing
as that evidence.

I don't think the social aspect needs to be emphasized.  (public reputation reflecting the experience of others in dealing with the prospective Participant.)

[D11]Disagree for SOA.  I trust the actor with
whom I interact.  The "chain" is typically
private and unknown to me.  If the Trusted Actor
wants to expose private details, that may affect
my perception of trust and risk but any
assumption that this is required will violate

This was included because of David's
concerns. Strongly related to service

I think David and I agree on this but he can comment himself.

[D12]You've now introduced objectives!  Risk
needs to be in terms of undesirable real world
effects in order to tie all this together.

Sure, no problem. I used it objectives as
short hand for desired RWEs. There is risk of
not producing desired results, and risk of
producing undesired results.

Attachment converted: Macintosh HD:smime 1038.p7s (    /    ) (01653AE5)

Rex Brooks
President, CEO
Starbourne Communications Design
GeoAddress: 1361-A Addison
Berkeley, CA 94702
Tel: 510-898-0670

To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:


Ken Laskey

MITRE Corporation, M/S H305     phone:  703-983-7934

7515 Colshire Drive                        fax:        703-983-1379

McLean VA 22102-7508

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]