Deploying Trust Policies on the Semantic Web Brian Matthews and Theo Dimitrakos
Establishing that the interactions between actors on the Web are trustworthy –Security: access control, authentication and authorisation and policies –Reliability and dependability –Quality ratings –Personalisation: Privacy, confidentiality, user preferences, accessibility –IPR A Wide Field! Trust on the Web
A Service Vision Dynamic virtual organisations over Web Services –Establishing trust between agents that have no prior knowledge of each other –Transferring trust from third parties –Establishing service-level agreements which can be relied upon Could prevent the growth of future wide area distributed systems Distributed collaborations –On demand –Dynamic –Goal oriented. Within a service vision we need confidence that parties will behave “as advertised” –Security, reliability, confidentiality Confidence in the behaviour of parties is formed by a combination of: –Trust –Control measures
Towards a Service Framework A framework process to support service architecture: –Publication –Discovery –Establishment –Monitoring –Enforcement –Review At all stages in the process, parties need to communicate their needs –Need to establish a common vocabulary to support the collaboration –Need to communicate constraints –Dependent on the business context –This is likely to be different for each party. Problem in establishing the common language.
Semantic Web: Add Meaning to Resources
Semantic Web: A Layered Architecture Basic Syntax of the Web Language of triples for describing resources Formalism for defining and sharing vocabularies Reasoning over statements about resources “The Web of Trust”
Resource Description Framework (RDF) Knowledge representation Designed to make statements about web resources. Statements in form of triples –(Subject, Predicate, object) For metadata descriptions Has an XML Syntax Brian
RDF(S) Example
Allows user to add comments to other web sites And make comments on the comments Uses RDF Metadata Annotation: a Semantic Web Application
So can it help? Can the Semantic Web help us to ease the development of Service oriented architecture? –“Yes” – Semantic Web Services. In particular, can it help support the trust management in such a system? –“Yes” –Some work done already –Need completing and joining up. But Why? –Because it is there! –Offers an established way of describing resources and their properties –Designed to work over distributed resources –Lots of cheap tools and experience available –“The Network Effect”
Service Discovery Semantic matching of service descriptions Establishing relationships between terms “Sufficiently good” matching Lots of work in this area –Semantic web services, OWL-S… Expressiveness? Non-functional requirements (privacy, reliability, accuracy...)
Policy Publication A vocabulary of rights and obligations KAoS provides an OWL Ontology Description logic reasoning Combine with other ontologies describing the business structure. Needs to be integrated with a trust metrics.
Service Negotiation Negotiation of terms of use Develop a SLA or Contract to access the resource Again we need to negotiate common vocabulary –Semantic web has a role here –Use trust valuations –Expressiveness of constraints? A relatively open field
Trust Evaluation The Semantic Web provides a rich network of resources Add trust valuations to links Calculated the propagation of trust FOAF is a candidate for adding trust values to links between people Needs a more comprehensive trust model Is it realistic? –Requires a birds-eye view –Recommender services – PICS Trust community can do better! Golbeck, Hendler and Parsla 2002 A B T(A,B) = f (T(A,j), T(j,B))
Monitoring and review We need to keep the operation of the service under review Update our trust metrics –Especially as other relationships may be going on in parallel Modify actions appropriately Work needed here.
Interoperability is key Policy and trust statements become part of the information assets of the company. Can be combined freely with other data expressed using the Semantic Web –And which are located anywhere. “Give me all those services with description X provided by any company A who is recommended by any B whose judgement I trust to the level 0.8” Waiting for the “network effect”
So Work to be Done! Bringing together a coherent scheme to support this framework in the Semantic Web –Provide better modelling of “trust harvesting” in the Semantic Web –Representation of Policies –Using Trust valuation and monitoring to control behaviour –Integrating policies with service negotiation –Contract negotiation and representation
SWAD-Europe Semantic Web Advanced Development in Europe Purpose is to encourage the use of Semantic Web tools and techniques now: –By an outreach programme –By developing practical demonstrators –By providing tools and standards Partners: –Univ. of Bristol, W3C-INRIA, CCLRC, HP Labs, Stilo
SWAD-Europe Thesuari Queries Trust Semantic Portals SW + WS Semantic Blogging XML + RDF Accessibility Scaleability Annotations Databases Visualisation
What we are doing? Survey of Web and trust methods –Those already in Semantic Web: PICS, P3P, CC/PP –Other Web trust initiatives: XSig, XEncrypt, XACML, SAML, –Other distributed trust work: e.g. Ponder, trust evaluation. Usage scenarios of trust on the Web –E-Commerce, access control, … Framework for Trust within the Semantic Web. –Ontologies for trust statements –Applying trust policies Develop tools for processing RDF statements against policies. Relate general trust values across all the applications –A general trust framework for the Semantic Web Influence the community – e.g. TrustCoM!
Brian Matthews: Theo Dimitrakos: