160 likes | 328 Views
www.oasis-open.org. Open Reputation Management Systems TC (ORMS). For information on OASIS IDtrust Member Section see: http://www.oasis-idtrust.org/ For more information related to ‘Joining OASIS’ see: http://www.oasis-open.org/join. Abbie Barbir Ph.D. ( abbieb@nortel.com )
E N D
www.oasis-open.org Open Reputation Management Systems TC (ORMS) For information on OASIS IDtrust Member Section see: http://www.oasis-idtrust.org/ For more information related to ‘Joining OASIS’ see: http://www.oasis-open.org/join Abbie Barbir Ph.D. (abbieb@nortel.com) Senior Advisor, SOA, IdM, Security NortelMember of OASIS IDtrust Steering Committee
www.oasis-open.org OASIS and Member Section Background • OASIS Mission is to promote and encourage the use of structured information standards such as XML • Development, convergence and adoption of e-business standards • Development of vertical industry applications, conformance tests, interoperability specifications • Lightweight, open process designed to promote consensus Member Sections (MS) • Geared for independent groups interested in advancing the intelligent use of open standards as well as those seeking to articulate business requirements, promote adoption of existing standards, or advocate for interoperable solutions • MS maintain their own identities as distinct organizations while gaining access to OASIS infrastructure, resources, reputation, administrative support, and expertise
www.oasis-open.org Identity and Trusted Infrastructure (IDtrust) Member Section • PKI Forum migrated to OASIS PKI MS in November 2002 • PKI MS transformed into IDtrust MS in 2007 • IDtrust expanded its scope to encompass additional standards based identity and trusted infrastructure technologies, policies, and practices Strategic focus • Identity and Trusted Infrastructure components • Identity and Trust Policies and Enforcement • Education and Outreach • Barriers and Emerging Issues • Data privacy issues Steering Committee • Abbie Barbir, Nortel June Leung, FundSERV • Arshad Noor, StrongAuth John Sabo, CA, Inc.
IDTrust Summary • Current Technical Committees (TCs) • OASIS Digital Signature Services eXtended (DSS-X) • Advancing new profiles for DSS standard • OASIS Enterprise Key Management Infrastructure (EKMI) • Defining symmetric key management protocols • OASIS Public Key Infrastructure (PKI) Adoption Committee • Advancing the use of digital certificates as a foundation for managing access to network resources and e-transactions • OASIS Extensible Resource Identifier (XRI) • Defining a URI-compatible scheme and resolution protocol for abstract structured identifiers used to identify and share resources across domains and applications • Open Reputation Management Systems (ORMS) • (First F2F May1-2, 2008; OASIS Symposium)
Learn through the IDtrust Knowledgebase of educational materials and background on the standards • Share news, events, presentations, white papers, product listings, opinions, questions, and recommendations through postings, blogs, forums, and directories. • Collaborate with others online through a wiki interface • http://idtrust.xml.org • For more information contact Dee Schur: Dee.schur@oasis-open.org
Open Reputation Management Systems TC (ORMS) • New TC scheduled to have first F2F meeting May 1-2, Santa Clara, California, USA. See http://events.oasis-open.org/home/symposium/2008 • Need established during OASIS IDtrust Burton workshop (http://events.oasis-open.org/home/idtrust/2007 ) at Catalyst Europe 2007 • Validated by talks during Catalyst Europe 2007, Barcelona and IIW 2007 December meeting • Objectives of this talk • Present proposed TC charter • Getting interested parties involved in TC work • Stimulate interest in the work
Need for Reputation Data Framework • Reputation • Summary of past behavior of a subject within a specific context (function of time) • Assumes past behavior is indicative of future behavior • good reputation increases the trustworthiness of an entity • Reputation Score can be used as a foundation of Trust (within a context/interaction and testimonials ) • Growing in popularity (online/social communities) • Many Flavors for providing feedback/reputation data • Centralized systems (eBay) • Decentralized systems ( such as P2P file sharing systems)
Some Examples Can I trust this content? • Is this content correct? • Is this content authorized? • Is this content appropriate for me? • What is the creator’s reputation? Can I trust this collaborative space? • Is all content correct? • Is all content authorized? • Is all content appropriate for me? • What is the creator’s reputation? • Filtering out content that does not meet reputation criteria through pre-filtering (by moderators) or post-filtering (by community) • Reputation for content, creators and spaces • Objects come with reputation metadata • Implies an authoring and management system for those metadata • Reputation metadata must be trustworthy, i.e., authenticated while respecting privacy • Reputation system should be user-centric (i.e., trust decisions are controlled by user) and must offer choices for transparency (must not get into the way of using content, leaves it to the user how to handle trust decisions)
Principles of Reputation • Reputation is one of the factors that trust is based on • Reputation is someone else’s story about me • Reputation is based on identity • Reputation exists in the context of community • Reputation is a currency • Reputation is narrative (evolves through time) • Reputation is based on claims (verified or not), transactions, ratings, and endorsements • Reputation is multi-level • Multiple people holding the same opinion increases the weight of that opinion Source: Windley et al
Reputation Management Framework • Build a generic open reputation system that is robust, scalable, IdM and application independent that supports a flexible trust model • Data needed for the generation of reputation • Cold start problem • Supports Multiple computational models • Assertions/claims (within a context) • Identity linking • Portable Data model for users, credentials and claims • Reputation based trust model • Trust metrics; Verified claims and facts • Direct and indirect transactions; Third party
Reputation Management Framework • Aggregation, Discovery and Storage • How reputation scores are generated??? • Central/distributed • Authentication/trust of data and providers • Data reputation exchange protocol • Overall system security • Transparency • Users feedback • privacy & selective disclosure • What transactions a user can see • Ability to do Self-Assessment
Feedback Reputation Reputation Interaction Feedback Reputation Interaction Reputation Server Reputation Server Reputation Server Common Data/Context Common Schema for Rep Score Common Protocol Convertiblecredentials Feedback Feedback Inquire about Score of D within a context ; Access to Reputation of II B about D and D about B Aggregator User B User D Reputation User C User E Reputation Store III Reputation Store I Reputation Store II Example of ORMS Interactions B about C and C about B
ORMS TC Charter Statement of Purpose/List of Deliverables • Develop an Open Reputation Management System (ORMS) with the ability to use common data formats for representing reputation data, and standard definitions of reputation scores • Will not define algorithms for computing the scores • Allows understanding score relevancy within a transaction • Enables deployment of a distributed reputation systems (centralized or decentralized) • Aggregators/intermediaries be part of the business model • No tie to a specific IDM, implementers can plug-in their identity-schemes to ORMS • List of deliverables: • Use Cases; Requirements document; Security, threats and Risk analysis • XML Schema for representing data and Reputation Score; Assertions/claims (tokens) profiles • Protocol for exchanging of data and assertion tokens
ORMS TC Charter (cont’d) Use Cases and Requirement Gathering • Understand business, social impact of such a system including security, privacy, threats and risks requirements will also be developed Develop Framework for Open Reputation Data • Data mining through standard reputation data tagging for content • Common data models for expressing reputation data • Standard way of exchanging reputation claims among systems • Aggregating reputation data including delegation of claims generations and assertions • Development of query/response communication protocols for exchanging reputation data in a trusted and secure fashion
ORMS TC Charter.. (Cont’d) • Out of Scope • Algorithms for generating a reputation score • Work define a standard way to infer what a given score mean but will not specify how to compute that value • Possible output of the TC work might include methods to facilitate the calculation of comparisons between score ratings, or operations that take multiple scores as inputs • Proposed Leadership • Co-chairs: Anthony Nadalin (IBM), Sakimura Nat (NRI) • IPR Mode: RF on limited Terms • First F2F meeting May 1-2 2008, Santa Clara • TC Home Page http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=orms • Select Join this TC button to join • Normal approval process is then followed
Next Step • Panel Discussion