Developers Day

at the 2004 World Wide Web Conference

Schedule

Speakers and Abstracts

Li Ding, Pranam Kolari, Anupam Joshi, Timothy Finin, Yelena Yesha
University of Maryland, Baltimore County (UMBC)

The Semantic Web architecture considers trust and provenance about knowledgea critical component. Provenance annotations describe where the data comes from and how it was extracted and processed. Trust annotations describe user evaluations (or rankings) of not just the quality of data, but also agents providing this data. We are creating a Web Of Belief (WOB) framework that maintains trust and provenance for SWETO (http://lsdis.cs.uga.edu/Projects/SemDis/sweto) as a part of the SemDIS project (http://semdis.umbc.edu/) involving collaboration between research teams at the University of Georgia and UMBC.

We have developed a WOB ontology for capturing the trust and provenance semantics. The ontology includes concepts like agent, statement, information source, and association. Trust and provenance are two special types of associations. WOB ontology can be seen as an overlay (optional enhancement) over the SWETO. We populate the provenance part of WOB ontology based on SWETO instances that have curation data. Since the trust information is not directly available from SWETO, it is further computed and/or added.

For any user, we assume that they would have some set of sources which they trust; this could be specified declaratively in the WOB ontology. We use the following heuristics to derive trust in an information source, which characterizes the accuracy of statements from an information source.(i) We use provenance to derive trust manually, i.e. by a user visiting the site and vetting it. (ii) We use provenance to derive trust automatically from online reputation services, such as using Google's page ranking as an approximation of trust, and trusted third party recommendation and certification services. (iii) We run consensus analysis over a group of similar information sources, and dynamically evolve trust based on how each of them conforms to the consensus result. We can then use social networks, such as those amongst researchers, to propagate trust and obtain trust values for sources for which we cannot directly derive trust. We have crawled thousands of instances of FOAF ontology on the web. This data can be used to study online social networks which provide implicit trust information, and evaluate the integration of SWETO instances with other existing instances on the Semantic Web. For instance, we can say that if two people have an advisor-advisee relationship, then trust propagates from advisor to advisee. If two people are co-authors, then the degree of trust propagated between them is dependent on the number of papers they have authored together etc.

The demonstration of our initial prototype system will show how results of queries on the SemDIS knowledgebase are modulated by trust. The trust information will be both on declared and derived. Developers can expect to learn about trust issues in the semantic web, both in theoretical terms of developing ontologies, as well as practical terms, i.e. devising computationally tractable models of trust.

Chris Bizer and Jeremy Carroll
Freie Universitat Berlin, Hewlett-Packard Labs Bristol, UK
The Semantic Web Trust Layer

The Semantic Web Trust Layer needs to support information providers in publishing data together with different types of warranties and has to allow information consumers to use a wide range of task-specific trust policies for deciding which information to accept.

As building blocks for this layer, we propose the extension of RDF to Named Graphs and a Semantic Web Publishing vocabulary. Named Graphs provide a formally defined framework for attaching metadata to graphs without using reification. The Semantic Web Publishing vocabulary allows information providers to communicate assertional intent and to digitally sign information. We define the formal semantics of the publishing vocabulary using the concept of performative acts. Different task require different levels of trust. Trust decisions can be based on the content of a graph; information about the graph; reputational information about the information provider and the task to be performed. We combine these factors into a proposal for a policy framework.

Yolanda Gil, Donovan Artz
University of Southern California and ISI
TRELLIS

Abstract: Sources of information on the Web can be used in supporting or contradicting observations, opinions, or conclusions formed during the process of analyzing information. A user's trust in a source indicates the weight that source has in the context of its use. Sources that are trusted by many users are more likely to be useful in new information analyses. Capturing trust enables reasoners to rank sources based on the judgment of previous users, and it provides guidance to users as they consider the use of sources as they analyze information. We present TRELLIS, a tool for capturing the sources in a user's analysis, the user's trust in them, and how those sources support the user's conclusions. TRELLIS automatically computes the overall trust based on the source's ratings by many individual users. For sources that do not have ratings, TRELLIS derives a measure of trust from the way the source is used in the analysis. This derived trust is used by TRELLIS to assist users in finding trusted sources when they start new analyses. We describe the TRELLIS application and show examples of its use in capturing collective user trust. We also describe current work in developing new measures of trust that exploit finer-grain attribution of sources as well as trust relationships among users.

Benjamin Grosof, Said Tabet, Neogy Chitro
MIT Sloan School of Management , Macgregor USA, MIT Sloan School of Management

Abstract: We show application scenario prototypes that use semantic web rules (primarily RuleML) to represent and enforce trust policies in financial services. Examples where such rule-based trust policies are suitable include regulatory compliance in financial markets trading, brokerage account access, merchant credit card verification, and back-office check clearing, and XACML access control policies. Our new application scenarios involve rulebases implemented using previously existing tools for RuleML, including SweetRules and IBM CommonRules. Implementations could also use other rule systems of course, e.g., Jess, CLIPS, or Prolog. We discuss more generally how semantic web rules are a good match to the requirements of many kinds of authorization policy applications, in and out of financial services. Semantic web rules are also useful to integrate financial reporting information across multiple ontological contexts.

A rule-based declarative approach to policy representation and management allows portfolio managers, compliance officers, traders and other business users to focus on specific functionality as the system is capable of detecting real-time and pre-trade guideline breaches and regulatory policy violations. Trust policies and enforcement involve multiple organizational/socio-legal players, including not only investment firms but also agencies such as the SEC, legal firms specializing in the securities sector, accounting firms, and other organizations. Strategic advantages of semantic web rules include: a conceptual model relatively familiar to non-programmer domain experts; standardized uniform infrastructure with reduced costs, training time, customer lockin and risk; greater transparency and quality of policy enforcement engines; easier enterprise-level control, monitoring, and assurance; and much faster updating and maintenance of policies, e.g., to adopt new customer guidelines and regulatory compliance requirements.

Daniel Olmedilla
Learning Lab Lower Saxony (L3S)
PeerTrust

Abstract: Researchers have recently begun to develop and investigate policy languages to describe trust and security requirements on the Semantic Web. Such policies will be one component of a run-time system that can negotiate to establish trust on the Semantic Web. PeerTrust can be used to express different kinds of access control policies and control their use at run time, a new approach to trust establishment. Guarded distributed logic programs is used as the basis for PeerTrust's simple yet expressive policy and trust negotiation language, built upon the rule layer of the Semantic Web layer cake. PeerTrust can be used to support delegation, policy protection and negotiation strategies. Gaining access to sensitive resources on the Web usually involves an explicit registration step, where the client has to provide a predetermined set of information to the server. The registration process yields a login/password combination, a cookie, or something similar that can be used to access the sensitive resources. An explicit registration step can be avoided on the Semantic Web by using appropriate semantic annotations, rule-oriented access control policies, and automated trust negotiation. A implementation of implicit registration and authentication that runs under the Java-based MINERVA Prolog engine is already available. The implementation includes a PeerTrust policy applet and evaluator, facilities to import local metadata, policies and credentials, and secure communication channels between all parties.

Rob Sherwood
University of Maryland, College Park
NICE

Abstract: We present a distributed scheme for trust inference in peer-to-peer networks. Our work is in the context of the NICE system, which is a platform for implementing co-operative applications over the Internet. We describe a technique for efficiently storing user reputation information in a completely decentralized manner, and show how this information can be used to efficiently identify non-cooperative users in NICE. We present a simulation-based study of our algorithms in which we show our scheme scales to thousands of users using modest amounts of storagem processing, and bandwidth at any individual node. Lastly, we show that our scheme is robust, and can form cooperative groups in systems where the vast majority of users are malicious.