Sini Ruohomaa

Trust management survey

Trust is an important tool in human life, as it enables people to cope with the uncertainty caused by the free will of others. Uncertainty and uncontrollability are also issues in computer-assisted collaboration and electronic commerce in particular. A computational model of trust and its implementation can alleviate this problem. This survey is directed to an audience wishing to familiarize themselves with the field, for example to locate a research target or implement a trust management system. It concentrates on providing a general overview of the state of the art, combined with examples of things to take into consideration both when modelling trust in general and building a solution for a certain phase in trust management, be it trust relationship initialization, updating trust based on experience or determining what trust should have an effect on.

Reputation Management Survey

Electronic markets, distributed peer-to-peer applications and other forms of online collaboration are all based on mutual trust, which enables transacting peers to overcome the uncertainty and risk inherent in the environment. Reputation systems provide essential input for computational trust as predictions on future behaviour based on the past actions of a peer In order to analyze the maturity of current reputation systems, we compare eleven reputation systems within a taxonomy of the credibility aspects of a reputation system. The taxonomy covers three topics: 1) the creation and content of a recommendation, 2) the selection and use of recommenders, and 3) the interpretation and reasoning applied to the gathered information. Although we find it possible to form a trusted reputation management network over an open network environment, there are still many regulatory and technical obstacles to address. This survey reveals various good mechanisms and methods used, but the area still requires both a) formation of standard mechanisms and metrics for reputation system collaboration and b) standard metainformation of right granularity for evaluating the credibility of reputation information provided

Addressing common vulnerabilities of reputation systems for electronic commerce

Reputation systems provide a form of social control and reveal behaviour patterns in the uncertain and risk-laden environment of the open Internet. However, proposed reputation systems typically focus on the effectiveness and accuracy of reputation management, and suffer from a number of common vulnerabilities. As a result, introducing reputation management into the business environment may only replace the problems it hopes to solve with new issues. This paper aims to improve the security and robustness of reputation systems through 1) identifying the basic requirements in that area, 2) analyzing existing reputation systems for e-Commerce and a handful of other environments to compare their design choices and solutions provided, and 3) compiling a number of topical practices into guidelines for future research and development of reputation systems.

From trading to eCommunity management: Responding to social and contractual challenges

The increasing pressure for enterprises to join into agile business networks is changing the requirements on the enterprise computing systems. The supporting infrastructure is increasingly required to provide common facilities and societal infrastructure services to support the lifecycle of loosely-coupled, eContract-governed business networks. The required facilities include selection of those autonomously administered business services that the enterprises are prepared to provide and use, contract negotiations, and furthermore, monitoring of the contracted behaviour with potential for breach management. The essential change is in the requirement of a clear mapping between business-level concepts and the automation support for them. Our work has focused on developing B2B middleware to address the above challenges; however, the architecture is not feasible without management facilities for trust-aware decisions for entering business networks and interacting within them. This paper discusses how trust-based decisions are supported and positioned in the B2B middleware.

Solving Service Ecosystem Governance

The present way of doing business increasingly requires enterprises (and other organisations) to collaborate with each other, networked business allows enterprises to focus on their key competences and still capture market share with added-value, composed services jointly with trusted business partners. However, the present solutions for setting up new collaborations are based on ad hoc methods, or require integration through shared computing and communication platforms. These solutions leave collaborations with major risks on not detecting failures, functional or non-functional, breaches of trust or contractual state, or without systematic support on reacting to the changes in the business environment. This paper proposes service ecosystem governance principles, which are illustrated through the example analysis of the Pilarcos framework for service ecosystems. Service ecosystem governance supports correctness in dynamic collaborations despite strong autonomy of the partners, adaptability to changing business situations, and the manageable evolution of the service ecosystem that is necessary for sustainable networked business.

Inter-enterprise Business Transaction Management in Open Service Ecosystems

One of the difficult challenges in inter-enterprise computing is aligning business transactions and technical management of distributed transactions, especially in breach situations. We propose and analyse a two-level business transaction management framework that allows injection of business level concerns to the control processes of inter-enterprise transactions. The two levels are associated with a) the metamodel of the collaboration, captured in eContract governing the collaboration, and b) the transactional interactions between collaboration member services. The two levels are bound together to form a reflective model, while business level breaches to the eContract can disturb the normal interactions, the metalevel possesses processes for managing (rolling back, compensating, ignoring, triggering ecosystem-level consequences) the failure in manners that align with the business incentives. This framework enables correctness, coherence and efficiency of processing in open inter-enterprise environments, i.e., service ecosystems.

Making Multi-Dimensional Trust Decisions on Inter-Enterprise Collaborations

Enterprise computing is moving towards more open, collaborative systems. Joining a business network must be made efficient, despite the technical and semantic interoperability challenges involved in connecting different information and communication systems. Trust or lack thereof forms a pragmatic challenge: partners must continuously evaluate whether they trust each other enough to collaborate in the face of risk. Supporting technology is needed for making trust-based decisions on routine business transactions and observing the business peers for malicious or incorrect behaviour on interactions. We present a trust model for automating routine decision-making which considers both risk probabilities and tolerance valuations in the enterprise, and is dynamically updated based on new experience gathered both locally and from third parties.

From trading to eCommunity population: Responding to social and contractual challenges

The emergence of networked eBusiness and the wave of service-oriented computing facilities create new challenges for automating inter-enterprise business process management and eContracting. This development leads to strategical benefits for agile enterprises, but also to new challenges on enterprise system architectures and platforms. This paper discusses the techniques of introducing trust-related decisions into eContracting, and their effects. This work enhances the web-Pilarcos project results on B2B interoperability middleware; the architectural model supported comprises of autonomous business services forming loosely-coupled, eContract-governed eCommunities

Automating Decisions for Inter-Enterprise Collaboration Management

The current trend towards networked business forces enterprises to enter federated, loosely-coupled business networks, since much of the competition takes place between networks and value nets. The Pilarcos architecture provides solutions for B2B interoperability middleware to support various kinds of collaboration and cooperation networks by business service discovery and selection, interoperability management support, eContracting support, and reputation-based trust management support. A complementary aspect of high importance is the decision-making within the eContracting process, i.e. decision-making on whether the suggested network is strategically interesting, whether the provided and expected services in the network are feasible, and whether there is sufficient trust to the gained benefits over the risks. The ultimate goal is to create an expert system to support decision-making at the autonomous enterprises for managing the agile collaborations.

From Subjective Reputation to Verifiable Experiences — Augmenting Peer-Control Mechanisms for Open Service Ecosystems

In inter-enterprise collaborations, autonomous services from different organizations must independently determine which other services they can rely on. Reputation-based trust management in Pilarcos utilizes shared experience information on the actors’ past behaviour in estimating the risks of a collaboration; these experiences are shared between members of the service ecosystem through a reputation system. As the reputation system becomes an essential peer-control mechanism for the open service ecosystem, it must be augmented with sanctions for misbehaviour and appropriate incentives for correct behaviour. A fair sanctioning system cannot be built on traditional subjective reports, as rebuttal of undeserved reports requires shared, objective measures. To make the shared experience information objective and verifiable, we associate it with whether the relevant collaboration contract was followed, backed up with evidence in the form of nonrepudiable receipts. In this way, we are able to protect automated reputation-based trust decisions from being skewed by misinformation.