Brief Description

The Trust on the Web track at the WWW2004 Developers Day will bring demonstrations and presentations of new work in the area of trust on the web to a wide community of users. Topics addressed span the space of web interests and applications.

Speakers and Abstracts

Chris Bizer and Jeremy Carroll
Freie Universitat Berlin, Hewlett-Packard Labs Bristol, UK
The Semantic Web Trust Layer

Abstract: The Semantic Web consists of many RDF graphs nameable by URIs. This paper extends the syntax and semantics of RDF to cover such Named Graphs. This enables RDF statements that describe graphs, which is beneficial in many Semantic Web application areas. As a case study, we explore the application area of Semantic Web publishing: Named Graphs allow publishers to communicate assertional intent, and to sign their graphs; information consumers can evaluate specific graphs using task-specific trust policies, and act on information from those Named Graphs that they accept. Graphs are trusted depending on: their content; information about the graph; and the task the user is performing. The extension of RDF to Named Graphs provides a formally defined framework to be a foundation for the Semantic Web trust layer.

Yolanda Gil, Donovan Artz
University of Southern California and ISI
TRELLIS

Abstract: Sources of information on the Web can be used in supporting or contradicting observations, opinions, or conclusions formed during the process of analyzing information. A user's trust in a source indicates the weight that source has in the context of its use. Sources that are trusted by many users are more likely to be useful in new information analyses. Capturing trust enables reasoners to rank sources based on the judgment of previous users, and it provides guidance to users as they consider the use of sources as they analyze information. We present TRELLIS, a tool for capturing the sources in a user's analysis, the user's trust in them, and how those sources support the user's conclusions. TRELLIS automatically computes the overall trust based on the source's ratings by many individual users. For sources that do not have ratings, TRELLIS derives a measure of trust from the way the source is used in the analysis. This derived trust is used by TRELLIS to assist users in finding trusted sources when they start new analyses. We describe the TRELLIS application and show examples of its use in capturing collective user trust. We also describe current work in developing new measures of trust that exploit finer-grain attribution of sources as well as trust relationships among users.

Benjamin Grosof, Said Tabet, Neogy Chitro
MIT Sloan School of Management , Macgregor USA, MIT Sloan School of Management

Abstract: We show application scenario prototypes that use semantic web rules (primarily RuleML) to represent and enforce trust policies in financial services. Examples where such rule-based trust policies are suitable include regulatory compliance in financial markets trading, brokerage account access, merchant credit card verification, and back-office check clearing, and XACML access control policies. Our new application scenarios involve rulebases implemented using previously existing tools for RuleML, including SweetRules and IBM CommonRules. Implementations could also use other rule systems of course, e.g., Jess, CLIPS, or Prolog. We discuss more generally how semantic web rules are a good match to the requirements of many kinds of authorization policy applications, in and out of financial services. Semantic web rules are also useful to integrate financial reporting information across multiple ontological contexts.

A rule-based declarative approach to policy representation and management allows portfolio managers, compliance officers, traders and other business users to focus on specific functionality as the system is capable of detecting real-time and pre-trade guideline breaches and regulatory policy violations. Trust policies and enforcement involve multiple organizational/socio-legal players, including not only investment firms but also agencies such as the SEC, legal firms specializing in the securities sector, accounting firms, and other organizations. Strategic advantages of semantic web rules include: a conceptual model relatively familiar to non-programmer domain experts; standardized uniform infrastructure with reduced costs, training time, customer lockin and risk; greater transparency and quality of policy enforcement engines; easier enterprise-level control, monitoring, and assurance; and much faster updating and maintenance of policies, e.g., to adopt new customer guidelines and regulatory compliance requirements.

Daniel Olmedilla
Learning Lab Lower Saxony (L3S)
PeerTrust

Abstract: Researchers have recently begun to develop and investigate policy languages to describe trust and security requirements on the Semantic Web. Such policies will be one component of a run-time system that can negotiate to establish trust on the Semantic Web. PeerTrust can be used to express different kinds of access control policies and control their use at run time, a new approach to trust establishment. Guarded distributed logic programs is used as the basis for PeerTrust's simple yet expressive policy and trust negotiation language, built upon the rule layer of the Semantic Web layer cake. PeerTrust can be used to support delegation, policy protection and negotiation strategies. Gaining access to sensitive resources on the Web usually involves an explicit registration step, where the client has to provide a predetermined set of information to the server. The registration process yields a login/password combination, a cookie, or something similar that can be used to access the sensitive resources. An explicit registration step can be avoided on the Semantic Web by using appropriate semantic annotations, rule-oriented access control policies, and automated trust negotiation. A implementation of implicit registration and authentication that runs under the Java-based MINERVA Prolog engine is already available. The implementation includes a PeerTrust policy applet and evaluator, facilities to import local metadata, policies and credentials, and secure communication channels between all parties.

Rob Sherwood
University of Maryland, College Park
NICE

Abstract: We present a distributed scheme for trust inference in peer-to-peer networks. Our work is in the context of the NICE system, which is a platform for implementing co-operative applications over the Internet. We describe a technique for efficiently storing user reputation information in a completely decentralized manner, and show how this information can be used to efficiently identify non-cooperative users in NICE. We present a simulation-based study of our algorithms in which we show our scheme scales to thousands of users using modest amounts of storagem processing, and bandwidth at any individual node. Lastly, we show that our scheme is robust, and can form cooperative groups in systems where the vast majority of users are malicious.