270 likes | 396 Views
Automated eContract Negotiation in Web Service Environment: Trust Management and Electronic Contract Management Aspects. Doctoral student Marius Šaučiūnas Institute of Mathematics and Informatics, Vilnius University. The plan of the presentation. Automated negotiation problem
E N D
Automated eContract Negotiation in Web Service Environment: Trust Management and Electronic Contract Management Aspects Doctoral student Marius Šaučiūnas Institute of Mathematics and Informatics, Vilnius University Baltic DB & IS 2012, July8-11, Vilnius
The plan of the presentation • Automated negotiation problem • Trust management aspects • Electronic contract management aspects • The goal of the presentation • Different approaches which has been proposed to solve the problems • Conceptual framework of negotiation process analysis from trust and contract management perspective • Proposals how to improve conceptual framework • Conclusions Baltic DB & IS 2012, July8-11, Vilnius
Automated negotiation problem • At present time the whole contract lifecycle in eBusiness, including the negotiation, preparation of eContract and its acceptation, predominantly is handled manually. The automated negotiation and usage of eContracts still is a challenge. • In order to develop an electronic contract in virtual environment, humans should not only write and agree upon it but also to translate manually into some computer-readable internal representation. • Contracts in virtual environment should be prepared by negotiation of software agents which represents service requester and service provider • Contract is provided to sign for involved parties only after the agreement between software agents on all details is done. Baltic DB & IS 2012, July8-11, Vilnius
Service provider Publish service Deliver service Select service Service discovery agency Service requester Automated negotiation problem Baltic DB & IS 2012, July8-11, Vilnius
Trust management aspects • Automated negotiation process have a lot specific problems. Trust assurance between the parties – is one of the negotiated issues. • Traditional security mechanisms, which assume that parties are known to each other and that trust can be granted only on the basis of partner identity, are insufficient in the Semantic Web environment. • To identify requester in this environment, provider requires additional information that is sufficient for him to make access permission decision. • On the other hand, requester wants to restrict conditions under which his personal information will be automatically disclosed. Baltic DB & IS 2012, July8-11, Vilnius
Electronic contract management aspects • Automated negotiation process have a lot specific problems. Electronic contract preparation– is one of the issues. • The contracts specify the commitments that the involved parties make to each other, regulate the behavior and that play the important role in their interactions. • From the point of electronic contract management, the aim of negotiation process is to automaticallyform contractual agreements between different parties, coordinate their behavior and facilitate contract execution. • The electronic contract representation is especially important in the dynamic environments where, contracts have an intrinsic dynamic and flexible nature and have to regulate independent behavior of diverse parties. Baltic DB & IS 2012, July8-11, Vilnius
The goal of the presentation • Familiarize with the details of trust negotiation and electronic contract representation problem and with approaches which has been proposed to solve this problem, analyze one of more advanced conceptual framework of negotiation process from the trust and electronic contract modeling perspective, highlight its drawbacks and propose how to improve this framework. • Approaches – trust negotiation: • Credentials, • Policies, • Negotiation strategies. • Approaches - electronic contract preparation: • LCR, • DocLog, • SweetDeal. • Advanced conceptual framework of negotiation process • Jyhjong Lin, A conceptual model for negotiating in service-oriented environments, Information Processing Letters, 108, 2008, 192–203 Baltic DB & IS 2012, July8-11, Vilnius
Credentials A credential is an attestation of authority issued to an individual by a third party with a relevant or de facto authority or assumed competence to do so, permission to use confidential information or the nature of information, which can be disclosed. Parties can disclose the confidential information to each other iteratively only by negotiation, at each step increasing the level of trust and disclosing the confidential information such as credentials or some other confidential information e.g. sensitive business rules. Drawbacks: Credentials can be falsified Usually not obligatory information is disclosed Baltic DB & IS 2012, July8-11, Vilnius 8
Policies Policies – procedureor protocol, which specifies what decisions and when each party have to take for trust assurancebetween them. The main role of policies is to specify who can use service and under what condition, and to define information, especially sensitive, handling rules. That is very important in Sematic Web environment where services should be discovered and invoked automatically and decision, which information has to be exchanged, needs to be autonomous. Comparing to credentials, policies are higher level mechanisms. Policies are using credentials as data to make a decision. Baltic DB & IS 2012, July8-11, Vilnius 9
Policies Policies are used also for other aims: Security policies constraint access to some resources Trust management policies are used to collect agent properties in open environments Define business rules Formalize and automate business decisions Drawbacks: Parties could use different policies, that’s why they have to comprehend each other policies during the negotiation. For this purposes appears reasoning engine which have to decide if parties could meet the requirements. Not possible to use external information such as review from third parties. Policies are imperative nature. It is complicate to write correct and non-contradictory policies. This problem partly could be solved using ontology and various deduction techniques. Baltic DB & IS 2012, July8-11, Vilnius 10
Negotiation strategy All reviewed methods could be used in trust negotiation protocol, which defines the messages, their sequence, data types and other. Together with trust negotiation protocol negotiation strategy can be used. The negotiation strategy controls negotiation process, i.e. defines which credentials when have to be disclosed, when negotiation have to be terminated, others. Main drawbacks of the negotiation strategy is interaction between parties problem in case the used strategy differs, or sensitive data was not disclosed as it was requested by the strategy of the other party. Baltic DB & IS 2012, July8-11, Vilnius 11
The main challenges in the trust negotiation problem A number of challenges still exist in the trust negotiation problem. The main challenges are as follow: • Negotiation success: in which way to guarantee the successful result of negotiations in cases when some serious difficulties arise (e.g., rules are not disclosed because of lack of trust; credentials cannot be found because their repository is unknown, etc.)? • Optimal negotiations: what strategies should be used to optimize information disclosure in a negotiation process? Is it possible to prevent not obligatory information disclosure by reasonable preconditions? • Choosing of service: how should the requester choose a particular service when the request can be fulfilled in several different ways? Both a language for expressing preferences and efficient optimization algorithms are required to solve this problem. Although the problem is more or less explicitly assumed by most of approaches on trust negotiation, so far any concrete solution is not proposed. Baltic DB & IS 2012, July8-11, Vilnius
Logic for Contract Representation • LCR (Logic for Contract Representation) is a language for description interaction in multi-agent systems. This language based on branching-time logic, i.e. the formulae in LCR are interpreted over tree-type branching structures that represent all conceivable ways the system can evolve. • Contract clauses are represented as deontic expressions. The violations and sanctions can also be defined in LCR. • The main purpose of the language is to formalize the behavior of multi-agent system and to relate this behavior to the global objectives of the system. Drawback: • LCR is not intended to be used in the web service environment. Baltic DB & IS 2012, July8-11, Vilnius
DocLog • DocLog is an XML based representation language for contract terms. It is based also on the principles of deontic and action logic. Contractual obligations are treated as norms and represented in a semi-formal way using the extended norm frames. Drawback • Although the DocLog is intended to be used in the eComerce environment and to support the contract negotiation, the language cannot be used in sophisticated Semantic Web environment because it cannot represent exceptions, temporal and some other important aspects of contracts, and is semi-formal. Baltic DB & IS 2012, July8-11, Vilnius
SweetDeal • SweetDeal - it is a rule-based approach for e-commerce business contracts representation. • Approach enables software agents to automate the creation, negotiation, execution, evaluation of the contracts and reuse contract description for multiple purposes. • The motivation for rule-based approach is that rules as knowledge representation formalism is relatively mature, suitable for prescriptive specification and already long time ago integrated into software engineering mainstream techniques, besides, is closer to humans’ understandability. Baltic DB & IS 2012, July8-11, Vilnius
SweetDeal In summary, • The SweetDeal approach is an well-theoretically-grounded approach that supports many aspects of e-contracting and negotiation. However it does not provide any means to describe deontic modalities and, consequently, is not sufficient to define all legal aspects of negotiated contracts. Baltic DB & IS 2012, July8-11, Vilnius
Lin’s conceptual framework • The Lin’s conceptual framework (Lin, 2008) is one of wide-accepted conceptual models of the negotiation process for Web services contracting. He sees this process as a collaboration of the three conceptual entities: • The service requester, • The service provider, • The service discovery agency. LIN, J. (2008). A conceptual model for negotiating in service-oriented environments. Information Processing Letters, Volume 108 Issue 4, p. 192–203. Baltic DB & IS 2012, July8-11, Vilnius
Lin’s conceptual framework Each entity is defined by an UML package and further modelled by use case, class, sequence, and package diagrams that define the internal architecture of the entity. Package diagram describes internal architecture of the parties (Lin uses package diagram instead of component diagram) Use case diagrams define the goals of each entity and, consequently, the all use case diagrams together model the functional requirements of the negotiation system. Class diagrams specify classes that implement the entities. Sequence diagrams model interactions of objects participating in the negotiation. Baltic DB & IS 2012, July8-11, Vilnius 18
Analysis of the Lin’s conceptual framework from the trust management perspective • In order to negotiate about the trust, the conceptual model should provide mechanisms to reason about requesters’ and providers’ policies that determine who can access the sensitive information and under what conditions. The model should also guarantee that any legal norms will not be violated in the negotiated contracts. Lin’s conceptual framework does not provide any details how to do this. • Lin does not also discuss how the proposed model can be extended for the Semantic Web Services for which the trust requirements are even stronger because in this case the service discovery agency can determine at run time which actual previously unknown services should be employed to satisfy requirement of a requester. Baltic DB & IS 2012, July8-11, Vilnius
Propositions how to improve Lin’s conceptual framework Who can access the sensitive information and under what conditions • The way in which the framework models the service discovery agency is questionable. The model assumes that the service discovery agency should be trusted by any party and that all parties would disclose to it all their policies, including sensitive ones. Propositions how to improve • Any sensitive information should be disclosed for the agency step-by-step in the process of negotiation only • Some trustworthy authority, should issue signed credentials to the agency • The access control, provision and obligation policies should be provided to manage the credentials’ exchange process • Some trust-related policy language should be used to specify policy-based trust mechanisms • Usage of the disclosed sensitive information should be controlled (eAgreement ) Baltic DB & IS 2012, July8-11, Vilnius
Propositions how to improve Lin’s conceptual framework Framework extension for the Semantic Web. • Advanced trust-related and reactive policies could be used to adapt the Lin’s conceptual framework to the requirements of the Semantic Web. • To describe the services OWL-based ontologies should be provided in the model. In order to ensure the processing of the semantic annotations in service discovery, the matchmaking algorithms should be changed. Baltic DB & IS 2012, July8-11, Vilnius
Analysis of the Lin’s conceptual framework from the electronic contract representation perspective • In order to negotiate about contractual agreements, the conceptual model should provide mechanisms to specify contract structure and content, related to contract representation, normative statements, related to involved parties behavior regulation and semantic meaning, related to meaning of contract concepts provision. Lin’s conceptual framework does not provide any details how to do this. Baltic DB & IS 2012, July8-11, Vilnius
Propositions how to improve Lin’s conceptual framework • Contract structure and content. The model do not provide any information regarding contract structure and content, consequently some XML-based languages, designed to express contractual agreements in a form, understandable for human beings, could be used for this aim. Baltic DB & IS 2012, July8-11, Vilnius
Propositions how to improve Lin’s conceptual framework Involved parties’ behavior regulation and semantic meaning. • Every contract can be modeled as set of different roles, that allocates the tasks to the agents and set of different clauses that regulates the behavior of them. • Every agent, depending on the role it is playing in electronic contract, is able or must to perform certain action. For this purpose contract norms, regulating the behavior, can be specified in electronic contract. • Normative statements can be modeled based on deontic logic, the logic of the normative concepts: obligation, permission, prohibition, sanction. In most cases these concepts of deontic logic could be used to model electronic contract. Baltic DB & IS 2012, July8-11, Vilnius
Propositions how to improve Lin’s conceptual framework Involved parties’ behavior regulation and semantic meaning. • Another serious requirement for eContracts that involved parties should have common terminology and interpretation of the contract concepts they agreed on. Proposed model extension presents how to incorporate common (meaning for general terms) and domain (domain meaning) ontologies.
Summary and Conclusions • The trust management and electronic contract management approaches that shows how the trust negotiation and eContract representation problems can be solved, has been discussed and the drawbacks and challenges of these solutions have been highlighted. • A wide-accepted object-oriented Lin’s negotiation model has been evaluated from the trust negotiation and eContract representation perspective and how to improve this model has been proposed. • The critical analysis of the automated eContract negotiation problem demonstrates, that a lot of different approaches and useful ideas have been proposed. However there exists a lack of works that synthesise all these approaches and ideas, and recommend how to use the results of carried researches in practice. A lot of experimental research should be done for this aim. Baltic DB & IS 2012, July8-11, Vilnius
Thank you! Baltic DB & IS 2012, July8-11, Vilnius