Presentation is loading. Please wait.

Presentation is loading. Please wait.

Open Reputation Systems. Overview OASIS ORMS (Open Reputation Management Systems) introduction Use cases, requirements and model ENISA Paper on Security.

Published byJoella Quinn Modified over 8 years ago

Similar presentations

Presentation on theme: "Open Reputation Systems. Overview OASIS ORMS (Open Reputation Management Systems) introduction Use cases, requirements and model ENISA Paper on Security."— Presentation transcript:

1 Open Reputation Systems

2 Overview OASIS ORMS (Open Reputation Management Systems) introduction Use cases, requirements and model ENISA Paper on Security Issues in Reputation Systems Some thoughts on reputation standardisation

3 OASIS - ORMS Goal: Definition of a portable reputation format Process: Use-case definition for reputation management Reference/standard model Flexible reputation data model Framework and protocol/s for exchanging and porting reputation data (SAML/IDP based) Evaluation algorithms for mapping reputation to risk / risk levels Support for privacy, multiple identities, identity resolution

4 Use-cases 1 Seller reputation Peer-to-peer Key management Anti-spam/IP reputation

5 Use-cases 2 Content filtering Avatar Reputation Social Network Peer Reputation Unified Communications (IM, SPIT/SPIM etc…)

6 Requirements

7

8 Modelling Reputation in a Standard -Thoughts

9 Reputation is an aggregation of opinions about an assertion Assertion – Bob is a good laptop seller Assertion – Bob is a bad husband Score 0.2 – i.e. He is not a good laptop seller Score 1 – i.e. He IS a bad husband

10 The anatomy of reputation – personal view Assertion – Bob is a good laptop seller

11 Reputation Thoughts If reputation is an aggregated opinion about an assertion – why not integrate with SAML and IDP infrastructure? Reputation votes should be separated from the algorithm used to compute it Mean score 2 nd order reputation Reputation Context => Same vote set can be interpreted differently

12 Reputation Thoughts Model must allow for so-called 2 nd order reputations (scores which take into account the reputation of the voter) Rating context should be taken into account – time/date, authentication method/token etc...

13 Security of Reputation Systems ENISA paper – a security analysis of reputation systems http://enisarep.notlong.com

14 Typical security vulnerabilities need to be addressed: Collusion–voters agree to target a victim Denial of reputation – campaigns against an individual Whitewashing (cancelling a bad reputation) Sybil attacks (creating multiple identities to vote – e.g. Ebay 1 cent items voted on by seller)

15 Take home messages ORMS is working towards a global portable reputation standards. Reputation is just another kind of assertion Importance of including features like authentication, privacy, 2 nd order reputation Importance of addressing security issues.

16 ?

Download ppt "Open Reputation Systems. Overview OASIS ORMS (Open Reputation Management Systems) introduction Use cases, requirements and model ENISA Paper on Security."

Similar presentations

Network Security Introduction Security technologies protect mission-critical networks from corruption and intrusion. Network security enables new business.

Network Security Introduction Security technologies protect mission-critical networks from corruption and intrusion. Network security enables new business.
Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.

Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.
Computer Networking Revision Dr Sandra I. Woolley.

Computer Networking Revision Dr Sandra I. Woolley.
Authors Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, Abraham Flaxman Presented by: Jonathan di Costanzo & Muhammad Atif Qureshi 1.

Authors Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, Abraham Flaxman Presented by: Jonathan di Costanzo & Muhammad Atif Qureshi 1.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P Systems Aameek Singh and Ling Liu Presented by: Korporn Panyim.

TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P Systems Aameek Singh and Ling Liu Presented by: Korporn Panyim.
Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.

Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Enhancing Survivability of Security Services using Redundancy Presented by:Zijian Cao Joe Ondercin Based on a paper by Matti Hiltunen, Richard D. Schlichting,

Enhancing Survivability of Security Services using Redundancy Presented by:Zijian Cao Joe Ondercin Based on a paper by Matti Hiltunen, Richard D. Schlichting,
Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.

Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.
ODISSEA Mehdi Kharrazi Kulesh Shanmugasundaram Security Issues.

ODISSEA Mehdi Kharrazi Kulesh Shanmugasundaram Security Issues.
Wireless Sensor Network Security Anuj Nagar CS 590.

Wireless Sensor Network Security Anuj Nagar CS 590.
SybilGuard: Defending Against Sybil Attacks via Social Networks Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, and Abraham Flaxman Presented by Ryan.

SybilGuard: Defending Against Sybil Attacks via Social Networks Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, and Abraham Flaxman Presented by Ryan.
Information Security. Information Security Requirements Confidentiality: Protection from disclosure to unauthorised persons Access control: Unauthorised.

Information Security. Information Security Requirements Confidentiality: Protection from disclosure to unauthorised persons Access control: Unauthorised.
Introduction. Contents  Network Management Overview Sample Scenario where NM is Applied 5 Management Functions Importance to Business Processes  Network.

Introduction. Contents  Network Management Overview Sample Scenario where NM is Applied 5 Management Functions Importance to Business Processes  Network.
Web services security I

Web services security I
Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.
A Use Case for SAML Extensibility Ashish Patel, France Telecom Paul Madsen, NTT.

A Use Case for SAML Extensibility Ashish Patel, France Telecom Paul Madsen, NTT.
Cong Wang1, Qian Wang1, Kui Ren1 and Wenjing Lou2

Cong Wang1, Qian Wang1, Kui Ren1 and Wenjing Lou2

Similar presentations

Ads by Google