Knowledge-Based Systems 27 (2012) 162–169

Contents lists available at SciVerse ScienceDirect

Knowledge-Based Systems

journal homepage: www.elsevier .com/locate /knosys

A trust-based game theoretical model for Web services collaboration

Hamdi YahyaouiComputer Science Department, Kuwait University, Safat, Kuwait

a r t i c l e i n f o

Article history:Received 13 November 2010Received in revised form 23 October 2011Accepted 24 October 2011Available online 2 November 2011

Keywords:Web servicesCollaborationGameTrustTasks allocation

0950-7051/$ - see front matter � 2011 Elsevier B.V. Adoi:10.1016/j.knosys.2011.10.014

E-mail address: hamdi@sci.kuniv.edu.kw

a b s t r a c t

We present in this paper a trust-based game theoretical model for Web services collaboration. Each col-laboration is modeled as a game. In each round of the game, a collaborating Web service submits a costfor achieving a specific task. The task-owner Web service computes the so-called trust-based cost, whichis the product between the submitted cost and the inverse of the trust value of the bidding Web service.The game winner is the Web service which has the minimal trust-based cost. The trust is derived from thequality attribute values of a Web service. These values are computed during a collaboration evaluationperiod. They are updated after each game round based on a demotion or promotion decision. We alsoshow how the proposed model is convenient for modeling Web services composition and assessingthe trust of composite Web services. Furthermore, we provide a metric for the assessment of the collab-oration trust. The application of this metric shows that the use of the trust allows a safer collaborationwith respect to a game where there is no consideration of the trust as a criteria for allocating tasks.

� 2011 Elsevier B.V. All rights reserved.

1. Introduction seek to fulfill policies, ethical codes, law, and promises. An entity

With the advent of Internet-based technologies, there is a grow-ing interest in the design and implementation of distributed solu-tions. The emergence of distributed cooperation in networks is oneof the current IT trends. This is exemplified by the growing popular-ity of several peer-to-peer tools such as Kazaa [29], Gnutella [28], etc.Another technology that got a paramount success is Web services.For the World Wide Web Consortium (W3C), a Web service is a soft-ware application identified by a URI, whose interfaces and binding arecapable of being defined, described, and discovered by XML artifacts,and supports direct interactions with other software applications usingXML-based messages via Internet-based applications. Web services arethe standard technology of choice for developing loosely coupledand cross-enterprise business applications. They can be leveragedto achieve distributed computing and they are a means by whichpeer-to-peer collaborations can be performed. This success createdseveral challenges at the industrial and research levels [22]. One ofthese challenges is how to guarantee a successful collaboration be-tween Web services. An example of collaboration between Web ser-vices is composition, which is needed when a user request cannot befulfilled by a sole Web service. Such request requires that two ormore Web services are involved in the composition [4,5]. Selectinga Web service to be involved in a composition requires building amodel that allows to allocate a specific task to one Web serviceamong several possible candidates. An important criterion thatshould be used in this selection process is the trust. Trust can be de-fined as a relationship of ‘‘reliance’’. A trusted party is presumed to

ll rights reserved.

claims that it trusts another entity when the first entity makes theassumption that the second entity will behave exactly as the first en-tity expects. A direct benefit of using the trust is to refer to Web ser-vices as either ‘‘good’’ or ‘‘bad’’. A ‘‘good’’ Web service satisfies users’needs as requested, uses computing resources as agreed, does not re-veal private data as claimed, does not forge its security credentials asprescribed, does not alter or misuse other peers’ data or operations,and does not take prohibited actions. The interaction experiencewith Web services is the medium by which the trust is built. A goodexperience can be modeled through the promotion of the trust of aWeb service (incentive) while a negative one can be modeledthrough the demotion of the trust (penalty). Another dual conceptto trust is reputation, which is the opinion of the others towards aperson or entity. An important feature which distinguishes the termstrust and reputation is the fact that trust is considered as a privateinformation while reputation is rather public. In this work, we focuson the trust of Web services rather than the reputation in establish-ing collaborations between Web services.

We propose in this paper a distributed trust-based game theo-retical model for Web services collaboration. During the game, eachWeb service submits a cost for achieving a specific task. Each Webservice, that is allocating a specific task, computes the so-calledtrust-based cost, which is the product between the submitted costand the inverse of the trust value of the bidding Web service. Thegame winner is the Web service which has the minimal trust-basedcost. The contributions of this paper are threefold:

� We provide a distributed trust-based solution for Web servicescollaboration, which is based on mechanism design. Mechanismdesign is a promising research field that aims at studying the

H. Yahyaoui / Knowledge-Based Systems 27 (2012) 162–169 163

aggregation of private preferences of self-interested agents inorder to fulfill a social function [19]. This field gathersknowledge from game theory and economics [15]. The marriageof these two disciplines is behind the emergence of severalcentralized [20] and distributed [7] incentive-based solutionsfor solving several optimization problems.� We prove that our trust-based solution is better than a

collaboration where trust is not included from a task comple-tion likelihood point of view.� We provide some experiments that show the impact of consid-

ering the trust as a parameter in establishing Web servicescollaboration.

The rest of the paper is organized as follows. Section 2 isdedicated to the presentation of some preliminaries on mechanismdesign that are needed to understand the proposed trust model. InSection 3, we discuss the related work. Section 4 is devoted to thepresentation of our trust-based game for Web services collabora-tion. Section 5 outlines the experimental results. Finally, someconclusions are drawn in Section 6.

2. Preliminaries on mechanism design

In this section, we present the background that is needed tohave a deep understanding of the proposed trust model. Our modellies on the foundations of mechanism design. The general setting ofa mechanism design problem is as follows [7,23]: There are nagents, each of them has a kind of private preference ti, which iscalled also type. An output function maps each type vector t =(t1, t2, . . . , tn) to a set of outputs. Each agent i has a valuationfunction vi, which assigns a real number vi(ti,o) to the output o. Amechanism defines for each agent i a set of strategies Ai. For eachinput (a1,a2, . . . ,an), the mechanism computes an outputo = o(a1,a2, . . . ,an) and a payment vector (p1,p2, . . . ,pn) with pi =pi(a1,a2, . . . ,an). Each agent i tries to maximize his own selfishutility ui(ti,o) = vi(ti,o) + pi. The payment can be seen as anincentive for agents to reveal their true preferences.

A strategyproof mechanism is one in which types are part of thestrategy space Ai and where each agent maximizes his utility byrevealing his type ti. This means that "i, ti, a�i, ai, we have

v iðti; oða�i; tiÞÞ þ piða�i; tiÞP v iðti; oða�i; aiÞÞ þ piða�i; aiÞ ð1Þ

where a�i denotes the vector of strategies of all the agents except i.A direct-revelation mechanism [21,23] is a mechanism in which

the only actions available to agents are to make direct claims abouttheir preferences to the mechanism.

A famous direct-revelation mechanism that is meant to solvemaximization of objective functions is the Vickery–Clark–Groves(VCG) mechanism. A direct-revelation mechanism m = (o,p)belongs to the VCG family if

1. oðtÞ 2 argmaxoðPn

i¼1v iðti; oÞÞ2. piðtÞ ¼

Pi–jv jðtj; oðtÞÞ þ hiðt�iÞ

where hi(t�i) is an arbitrary function of t�i.

It was already proven that a VCG mechanism is truthful, i.e.,direct-revelation and strategy-proof mechanism. The idea of VCGis to choose the offer, which has the minimal cost and pay the win-ner the second least offer. By doing so, the agents are constrainedto reveal their true types.

A weighted implementation of VCG is formulated as follows[20]: A direct-revelation mechanism m = (o,p) belongs to theweighted VCG family if

1. oðtÞ 2 argmaxo

Pni¼1v iðti; oÞ

� �2. piðtÞ ¼ 1

bi

Pi–jv jðtj; oðtÞÞ þ hiðt�iÞ

where b1,b2, . . . ,bn are strictly positive numbers and the objec-tive function is gðo; tÞ ¼

Pibi:v iðti; oðtÞÞ. In this paper, we reuse

the established results about the weighted VCG family to estab-lish a trust model for Web services.

3. Related work

Trust is one of the hot topics that are currently studied[2,3,8,10,12,14,24,31]. The established trust models leverage avariety of trust computation techniques such as statistical analysis,prediction, constraint solving, etc. For Web services, few trust andreputation models were proposed in order to either select, rankWeb services or to compose them in a trusted way. Malik andBouguettaya [13] proposed RATEWeb: a reputation model forWeb services where individual Web services share experiences ofservice providers with their peers through feedback ratings. Thedifferent ratings are aggregated to derive the service provider rep-utation. The overall goal of RATEWeb is to facilitate trust-basedselection and composition of Web services. Rather than relyingmainly on opinions of Web service consumers (second-hand infor-mation) as proposed in this work, we resort to the use of directexperiences with Web services (first-hand information). In fact,the use of second-hand information makes the model vulnerableagainst collusion attacks where raters collude to increase and de-crease the trust of a Web service even though the authors triedto find a solution to such issue. Second-hand experiences are notavailable when new Web services are assessed. Accordingly, weprovide a solution to this issue through the bootstrapping of thetrust of such Web services. Another aspect that is not shown inRATEWeb is the competition between Web services, which issmoothly modeled in our work using game theory. Indeed, compe-tition arises when several services are possible candidates for per-forming a certain task. Therefore, a mechanism is needed to modelsuch competition and select the adequate candidate.

Paradesi et al. [25] devised a trust model for composition ofWeb services. The model is based on a bayesian formalization ofthe trust, which is updated depending on experiences with Webservices. Based on trust values of component Web services andon typical composition operators, they derive trust for Web ser-vices compositions. The composition will involve the most trust-worthy Web services. One of the aspects that is not discussed in[25] is the bootstrapping of the trust, which is paramount to assessthe trust of an unknown Web service. We take into considerationsuch aspect in our work. Besides, the dynamism of the trust doesnot take into consideration the weight of each experience. Suchweight depends on the experience itself. Furthermore, the pro-posed model in [25] is restricted to three quality attributes, whichare competency, reliability and honesty. Our model is more flexiblesince it can include more quality attributes.

Xiong and Perros [30] discuss the selection of resource sites tofulfill a customer request based on the trust. They formulate suchselection as an optimization problem under Service Level Agree-ment (SLA) satisfaction. The problem has been constructed by min-imizing the total cost of service providers while satisfying SLAconstraints. As an end user, a customer submits a service requestwith a certain price for a given quality of service. The trust man-ager negotiates a SLA with a service broker who represents re-source sites, checks the trustworthy information of the resourcesites, and selects those sites which meet pre-defined trustworthyrequirements for serving the service request. We tackle the sameproblem but from a different angle which spans over game theory.The main advantage of using game is to be able to model incentivesrelated to resources allocation. Such incentives are related in our

164 H. Yahyaoui / Knowledge-Based Systems 27 (2012) 162–169

model to the promotion of the trust. Penalties are also modeledthrough the demotion of the trust.

Recently, Khosravifar et al. [11] have proposed a reputationmodel for Web services. Their goal is to analyze the arrival of re-quests and study their impacts on the overall reputation. More pre-cisely, they restrict the elaborated reputation model to two crucialparameters: satisfaction and popularity and analyze the impactsthat these parameters have on each other in continuous serviceselection processes. There are two major differences between ourwork and this published work. First, we focus on tasks allocationwhich is not discussed in [11]. Indeed, the goal of the authors ismainly to perform a theoretical analysis on the performance ofWeb services in diverse network situations. Second, we showhow our model is very convenient for modeling Web services com-position and deriving the trust for composite services. This aspectalso has not been studied in their work, which was targeting com-ponent Web services. Table 1 summarizes the differences betweenour approach and the published works regarding establishing thetrust for Web services.

The aforementioned models paved the way to understand theissues behind using Web services either as components or in com-position and grasp the issues related to the allocation of tasks tosuch services. Our model enjoys two major features: The firstone is the aspect of incentive-based collaborations where trust-worthy collaborating services get rewarded. A theoretical gamemodel is therefore suggested. The second one is the trust dyna-mism (demotion and promotion) and the consideration of theweight of each positive and negative experience with Web ser-vices. In fact, we take into account the impact of each experienceby assigning a weight that reflects a bad or good experience.Experience impact assessment is achieved through the evaluationof Web service quality attributes.

To the best of our knowledge, our work is the first that leveragesgame foundations to model Web services collaboration based on thecomputation of the trust. As mentioned earlier, Web services orches-tration is an example of such collaboration. It can be easily capturedin our model. In fact, in case there is more than one possible Web ser-vice to be involved in such orchestration, the orchestration enginecan use our model to select a Web service among several possiblecandidates. These candidates compete to be selected. Henceforth,we consider a collaboration between Web services as a competitionto win, i.e. get allocated, a certain task among a sequence of tasks thatshould be allocated. Tasks allocation is defined as an assignment of aset of agents to a set of tasks together with an objective function. Theaim is to find a feasible schedule optimizing the objective function.This problem was studied from a game theory point of view. It is de-fined as a game between agents in which each agent follows somespecific strategy to win the game. The aim is to have a situationwhere no agent has the intention to unilaterally change his strategy.This situation is characterized as a Nash Equilibrium. We consider inour work that agents are Web services [9] which compete to get allo-cated a certain task. Web services rely on their direct experiencesrather than recommendations from other Web services to assigntasks to other Web services. These values are kept secret and canbe updated by the Web service that is allocating a task upon the suc-cessful or unsuccessful execution of that task. We consider that Webservices are honest in such update. This led to the smooth extension

Table 1Comparison summary with the related work approaches.

Approach Model Composition

Malik and Bouguettaya [13] StatisticalParadesi et al. [25] Probabilistic

p

Xiong and Perros [30] OptimizationKhosravifar et al. [11] ProbabilisticOur approach Game

p

of VCG and hence to the preservation of the theoretical results of thatmechanism.

Our collaboration model is a trust-based game in which theobjective is to assign tasks to Web services in a way that maxi-mizes the likelihood of performing successfully these tasks. Duringthe proposed game, each Web service submits a cost for achievinga specific task. Each Web service, that is allocating a specific task(task-owner), computes the so-called trust-based cost, which isthe product between the submitted cost and the inverse of thetrust value of the bidding Web service. The game winner is theWeb service which has the minimal trust-based cost. We showhow the use of the trust allows a better allocation of tasks with re-spect to a conventional allocation where there is no considerationof the trust as a criterion for allocating tasks.

4. Trust-based Web services collaboration game model

We present in this section our formal model for Web servicescollaboration. We introduce some notations that will be followedin the rest of the paper. Let:

� W ¼ fW1;W2; . . . ;Wng be a finite set of Web services and

� T ¼ fT1; T2; . . . ; Tmg be a finite set of tasks.

We suppose that 8Ti 2 T ; Ti is indivisible and non-sharable. Wedefine a collaboration as a sequence of tasks, i.e., a finite sequenceof tasks that should be done and we would like to assign a Web ser-vice to each task of the sequence. Each assigned task will be taggedwith a natural number that indicates its position in the sequence.We consider a projection p on a set of tuples, which returns theset composed by first elements of these tuples. The problem is tofind an allocation

A :W ! PðT �NÞ

With AðWiÞ \ AðWjÞ ¼ ;;S

Wi2WpðAðWiÞÞ ¼ T and N the set ofnatural numbers, which minimizes the total allocation cost, i.e.,the following weighted utilitarian social welfare function:

f ðtc;AÞ ¼Xn

i¼1

Xðk;jÞ2AðWiÞ

tci;k ð2Þ

where

tci;k ¼1

ti;kv i;k ð3Þ

In Eq. (3), ti,k denotes the trust of the Web service Wi in achievingthe task Tk while vi,k denotes the cost of achieving the task Tk by thatservice. tci,k is called the trust-based cost for achieving the task Tk.The trust is built through past experiences of tasks allocation andis discussed later in this paper.

We are looking to minimize the social choice function f, i.e., theobjective for our mechanism is:

minXn

i¼1

Xðk;jÞ2AðWiÞ

tci;k

Based on this objective function, the allocation is formalized asa game that is done in several rounds. A specific task of the se-quence is assigned to a Web service in each round of the game.

Trust dynamism Bootstrapping Tasks allocationp ppp ppp p p

H. Yahyaoui / Knowledge-Based Systems 27 (2012) 162–169 165

In order to make Web services reveal their true preferences duringthe game, payments are introduced in a weighted VCG setting. Thepayment of a Web service Wi for achieving a task Tk is defined asfollows.

pi;k ¼ ti;k:X

ðk;jÞ2AðWiÞ;i0–i

1ti0 ;k

v i;k ð4Þ

Hence, in order to maximize his own utility, a Web serviceshould maximize his payment p, which is equivalent to givingthe true cost of achieving a certain task. Concretely, a paymentcan be a disk storage, memory space, internet connection, etc.

The trust is assessed by the task-owner Web service. The latterkeeps track of a Web service performance regarding achieving aspecific task. The trust value is updated after each game round inwhich a Web service is assigned one specific task of the tasks se-quence. We adopt a Bayesian approach to compute the trust of aWeb service. The details about our approach are provided in whatfollows.

4.1. Trust computation

Our trust computation follows a Bayesian model [10] which awell-founded way to derive trust. We consider that a Web serviceWi is endowed with a belief function, which computes the trust ofeach service Wj, which is willing to collaborate with Wi. This meansthat Wi considers that Wj behaves honestly with a probability tj,k inachieving the task Tk and computes the new trust value t0j;k from theold trust value tj,k as follows:

t0j;k ¼ F tj;k; ajk; b

jk

� �ð5Þ

where F is the regularized incomplete beta function, which is alsothe cumulative beta distribution function of the following betaprobability density function:

f ðx; ajk; b

jkÞ ¼

1

Bðajk; b

jkÞ

xajk�1ð1� xÞb

jk�1 ð6Þ

In Eq. (6), B represents the complete beta function while ajk and

bjk are parameters which are updated after the execution of the task

Tk by the Web service Wj (needed for the demotion or promotion oftrust values as will be explained later). The choice of the function Fis due to the properties it enjoys [26]. In fact, the behavior of F isconvenient for updating the trust (through the update of aj

k andbj

k) as will be detailed later. The initial values of ajk and bj

k param-eters are determined after a first evaluation period in which an ini-tial trust value is computed for a Web service. Such initializationstep is explained while presenting the bootstrapping issue.

4.2. Bootstrapping issue

One of the critical issues in establishing trust models is boot-strapping [16]. Bootstrapping means the issue of assigning an ini-tial trust value to a new unknown member of the system. Inwhat follows, we present the solutions proposed in the literatureto solve this issue. It is worth to note that some of the suggestedsolutions are related to Mobile Ad-hoc NETworks (MANETs) butthey can be adapted to Web services.

4.2.1. Default value strategyIn this strategy, the new nodes that join the network got a de-

fault trust value [14]. The value is generally considered as a thresh-old under which a node is considered as malicious. Onedisadvantage of this approach is that, depending on the assignedvalue, it can either favor existing nodes or new nodes that jointhe network. If the initial trust is high, existing nodes are

disadvantaged since the new node is assigned a value that can behigher than existing nodes that collaborated a lot and strived tohave a good trust. This encourages malicious nodes to leave andjoin again the network with new identities to increase their trust(this is known as white-washing).

4.2.2. Punishing StrategyThe punishing strategy [8] is proposed as a solution to over-

come the white-washing issue. By giving low trust values to thenew nodes, it ensures that a malicious node that is trying to leaveand join again the network will not gain that much. However, avery low value will make the new nodes disadvantaged and per-haps no existing node will collaborate with them, which makesthem isolated in the network.

4.2.3. Adaptive strategyIn this strategy [13] a new node that is joining the network is

assigned a trust value that depends on the rate of maliciousness,which is defined as the ratio of the number of collaborations (con-sidered as transactions in that work) where the nodes defect, to thetotal number of collaborations. This requires tracking each collab-oration quality. A rater node marks a collaboration as acceptable ifthe service provider did collaborate in a good way and defective inthe opposite case. A new node is assigned a high initial trust valuewhen the rate of maliciousness is low and a low initial trust valuewhen that rate is high. The issue with this strategy is that a mali-cious node can profit from a low rate of maliciousness to leave thenetwork and join it again in order to get a higher trust value.

4.2.4. Our bootstrapping strategyThe bootstrapping issue in our model arises when a new service

is competing with others to achieve a certain task Tk, i.e., whatshould be the initial trust value that should be given to a newWeb service that is willing to perform a certain task Tk. In orderto solve the bootstrapping issue, we follow a similar strategy tothe one proposed by Malik and Bouguettaya [13] (adaptive strat-egy) but we deviate in the way parameters are initialized. In fact,we compute the initial trust value of a Web service based on itsperformance during an evaluation period. The computed value de-pends on the degree of honesty of a Web service. The honesty iscomputed based on the distance between its actual quality attri-bute [17,18] and its announced quality attribute values. The an-nounced quality attribute values can be established throughService Level Agreement (SLA) and are considered as a commit-ment of a Web service to perform as announced. Eq. (7) presentsthe formula used to compute the initial value of the trust for theWeb service Wj in achieving the task Tk.

tj;k ¼Pr

i¼1qj;ki =qj;k

ia

rð7Þ

In Eq. (7), qj;kia denotes the announced value of the ith quality attri-

bute (among r quality attributes) and qj;ki denotes the value obtained

during the evaluation period of the ith quality attribute for the Webservice Wj in achieving the task Tk.

The initial values of ajk and bj

k are computed based on the meth-od-of-moments [27], which uses the mean and variance values ofquality attributes to compute the values of these parameters. Wepresent their definitions in Eqs. (8) and (9).

ajk ¼ �qj;k �qj;kð1� �qj;kÞ

v j;k� 1

� �ð8Þ

bjk ¼ ð1� �qj;kÞ

�qj;kð1� �qj;kÞv j;k

� 1� �

ð9Þ

where �qj;k denotes the average value of the quality attribute valuesof the Web service Wj in achieving Tk. It is defined as follows:

166 H. Yahyaoui / Knowledge-Based Systems 27 (2012) 162–169

�q j;k ¼ 1r

Xr

i¼1

qj;ki ð10Þ

v j,k denotes the variance of the quality attribute values of theWeb service Wj in achieving Tk. It is defined as follows:

v j;k ¼ 1r

Xr

i¼1

qj;ki � �qj;k

� �2ð11Þ

4.3. Trust update

The trust value can be promoted if the Web service successfullyperforms a task Tk as expected and it can be demoted otherwise.The update of trust values is done through the update of theparameters aj

k and bjk. bj

k is increased when the collaboratingWeb service performs a task Tk as expected. Eq. (12) depicts the up-date of bj

k.

bjk ¼ bj

k � 1þ qjk

� �ð12Þ

where qjk is the weight of performing the task Tk by the Web service

Wj if it is successful and 0 if not.By analogy, Eq. (13) depicts the update of aj

k.

ajk ¼ aj

k � 1þ cjk

� �ð13Þ

where cjk is the weight of performing the task Tk by the Web service

Wj if it is unsuccessful and 0 if not.Eqs. (12) and (13) include an important factor, which is the

weight of the collaboration. In fact, a collaboration can have animportant impact (either positive or negative) so that it is assigneda high weight and vice versa. A higher value of bj

k will increase thetrust of the Web service while a higher value of aj

k will decrease it.It is the duty of the Web service which is allocating the task to setthe values of qj

k and cjk.

The trust update is a good mechanism by which Web servicesdetect malicious Web services which get their trust below a certainthreshold w. When this occurs, a Web service can ignore any bidfrom a malicious Web service and so decide to not collaborate withit. The trust has also an impact on the task allocation decision. Infact, the higher a Web service trust is the less is his trust-basedcost. This means that it is in the interest of a Web service to havea good trust in achieving the tasks that are assigned to it.

4.4. Collaboration evaluation

In order to decide if the trust has to be promoted or demoted,the collaboration is evaluated. More precisely, the distance be-tween the actual quality attribute values (after achieving a taskTk) and the announced quality attribute values (expected values)should be less than a certain bound e. Eq. (14) provides the defini-tion of that distance.

djk ¼

Pri¼11� qj;k

i =qj;kia

rð14Þ

Let e be a value in [0,1]. Performing a certain task Tk is consid-ered as successful if dj

k 6 e and not successful otherwise. In the for-mer case, the trust of the Web service Wj which performed the taskTk is increased through the update of bj

k (Eq. (12)) and in the lattercase it is decreased through the update of aj

k (Eq. (13)).

4.5. Collaboration trust criterion

To assess the added value of our trust-based strategy, we definea collaboration trust as the product of the trust values of all theWeb services, which have been assigned to specific tasks. More for-mally, the collaboration trust is defined as follows:

T W;A ¼Y

Wi2W

Yðk;jÞ2AðWiÞ

ti;k ð15Þ

The use of the product in the definition of the collaborationtrust is done in a way that a very small Web service trust valuehas a big impact on the result so that its effect will not be mit-igated by a higher value if used instead in a summation. Thischoice is judicious for instance when our model is applied inselecting trusted paths in routing. A malicious node can be lo-cated between two trusted nodes and so a summation will hideits presence.

It is expected that the collaboration trust value in the de-signed game is better than the one resulted from a game thatdoes not take the trust as a criterion to assign tasks to Web ser-vices. To verify that, it is sufficient to note that for any selectedWeb service Wi and assigned task Tk that has the order j in thetasks sequence and such that ðk; jÞ 2 AðWiÞ, we can easily provethat ti,k is the highest trust among all the trust values of the bid-ding Web services.

Theorem 1. The collaboration trust value defined in Eq. (15) is betterthan any other collaboration trust value deduced from the winnertrust values of a similar VCG-like game without considering the trustin the selection step.

Proof. Assume that the winner of the trust-based game is the Webservice Wi. This means that "i0 – i. 1

ti;kv i;k 6

1ti0 ;k

v i0 ;k. Now assume

that the winner of the game without trust is the Web service Wi0

with i0 – i. This means that v i0 ;k 6 v i;k. Hence, we get 1ti;k6

1ti0 ;k

and

finally we conclude that ti;k P ti0 ;k.The collaboration trust value is a good metric to assess the level

of trustworthiness of a collaboration between Web services. Thehigher this value is, the more trustworthy is the collaboration. h

4.6. Trust computation for Web service composition

As discussed earlier, Web service composition is a kind of col-laboration. It is needed when a user request cannot be fulfilledby a sole Web service. The resulting Web service is called the com-posite Web service. The composition is specified in a Business Pro-cess Execution Language (BPEL) [1] file, which contains severaloperators for composition of Web services. In what follows, weprovide formulae for computing the trust of a composite Web ser-vice for some BPEL operators such as sequential and conditionaloperators of composition sequence and switch.

4.6.1. Sequential compositionThe operator sequence allows to perform a sequential compo-

sition of two Web services. A general specification of the syntax ofthis operator is as follows:

<sequence name=‘‘X’’>W1

W2

</sequence>

The trust of the sequential composition of two Web services W1

and W2 for achieving a task Tk is the average of the two trust valuesof W1 and W2, which is t1;kþt2;k

2 .

4.6.2. Conditional compositionThe operator switch allows to choose among two Web services

depending on certain conditions. A general specification of the syn-tax of this operator is as follows:

Table 2Trust matrix of Web services.

T1 T2 T3 T4

W1 0.26 0.32 0.60 0.27W2 0.26 0.62 0.52 0.45W3 0.62 0.34 0.38 0.42W4 0.46 0.39 0.68 0.49W5 0.58 0.47 0.56 0.55W6 0.41 0.45 0.43 0.56

Table 3Tasks cost matrix.

T1 T2 T3 T4

W1 2 97 60 13W2 54 14 51 60W3 87 77 64 6W4 22 90 25 2W5 83 19 86 12W6 80 2 86 15

Table 4Results of the trust-based game without promotion and demotion.

Round 1 W6 is assigned Task 2 with the bid 2.0Round 2 W4 is assigned Task 4 with the bid 2.0Round 3 W6 is assigned Task 2 with the bid 2.0Round 4 W4 is assigned Task 3 with the bid 25.0Round 5 W3 is assigned Task 4 with the bid 6.0Round 6 W1 is assigned Task 1 with the bid 2.0

Table 5

H. Yahyaoui / Knowledge-Based Systems 27 (2012) 162–169 167

<switch name=‘‘X’’><case>

<condition>C1

</condition>W1

</case><case>

<condition>C2

</condition>W2

</case></switch

We consider that conditions C1 and C2 hold respectively withprobabilities p1 and p2. In the first case, a Web service W1 will beselected. Otherwise, W2 will be the one to be selected. The trustof a conditional composition of two Web services W1 and W2 forachieving a task Tk is p1 � t1,k + p2 � t2,k.

4.6.3. Trust update for a composite Web serviceIf a composite Web service is successful in achieving a task Tk,

the corresponding composed Web services will get higher trustvalues otherwise their trust values will be lowered. Our gamemodel can cope with Web services composition. In fact, when acertain task Tk can’t be fulfilled by a sole Web service, the biddingWeb service will be the composite, i.e., the Web service that drivesthe composition of two or more Web services. In that case, the win-ner can be a composite Web service. Its trust value is computedbased on the trust values of composed Web services as explainedabove.

Allocation matrix that is result of the trust-based game without promotion anddemotion.

T1 T2 T3 T4

W1 1 0 0 0W2 0 0 0 0W3 0 0 0 1W4 0 0 1 1W5 0 0 0 0W6 0 1 0 0

Table 6Results of the game without trust.

Round 1 W3 is assigned T2 with the bid 3.0Round 2 W1 is assigned T4 with the bid 28.0Round 3 W3 is assigned T2 with the bid 3.0Round 4 W4 is assigned T3 with the bid 2.0Round 5 W1 is assigned T4 with the bid 28.0Round 6 W1 is assigned T1 with the bid 12.0

5. Experiments

The model equations are implemented using the StochasticSimulation in Java (SSJ) API [6]. This API provides a beta probabilitydistribution function as well as random generation functions. Weused SSJ random generation functions in order to initialize the an-nounced and actual quality attributes. Based on these values, wecomputed initial Web service trust values. Then, we conductedsome experiments to validate and illustrate the model (we simu-lated six services) and assess its robustness (we simulated 500Web services).

5.1. Model validation

The validation of the model consists in doing, on a small scalesample of Web services (the large scale sample will be used to as-sess the model robustness), some experiments that should showthe relevance of using the trust in Web services collaboration.For this purpose, we consider a game including six Web servicesthat compete to win one of four tasks and a matrix 6 � 4 thattracks the trust value of each Web service in achieving each ofthe four tasks. If the Web service was never assigned a certain taskTk then its trust value is computed based on the solution proposedin Section 4.2. The initial value should be different from zero. Thiscondition is meant to solve the cold start issue that is faced in trustmodels [16]. We did an experiment with the trust matrix specifiedin Table 2 (values obtained after evaluation periods).

The cost matrix is specified in Table 3. The collaboration taskssequence that should be achieved is the following: T2.T4.T2.T3.T4.T1.

The game is done in several rounds and the result of each roundis specified in Table 4. We do not consider for the moment the

promotion and demotion of trust after each round. After the gameis done, the obtained allocation matrix is outlined in Table 5.

According to matrix Table 5, the overall collaboration trust va-lue is 0.019. If we assume that the game is done without consider-ing trust and with the same parameters, the result of each round isthe one specified in Table 6 and the allocation matrix is the oneshown in Table 7. The overall trust is 0.016, which is clearly lessthan what we get using our trust-based strategy.

Now, if we consider the promotion and demotion (update of aand b) of trust after each round of the game. The overall trust isequal to 0.037 which is better than the trust game without promo-tion and demotion. The allocation in that case is depicted inTable 8.

Table 7Allocation for the game without trust.

T1 T2 T3 T4

W1 1 0 0 1W2 0 0 0 0W3 0 0 0 0W4 0 0 1 1W5 0 0 0 0W6 0 1 0 0

Table 8Allocation that is result of the trust-based game with promotion and demotion.

Round 1 W6 is assigned T2 with the bid 2.0Round 2 W4 is assigned T4 with the bid 2.0Round 3 W6 is assigned T2 with the bid 2.0Round 4 W4 is assigned T3 with the bid 25.0Round 5 W4 is assigned T4 with the bid 2.0Round 6 W1 is assigned T1 with the bid 2.0

Fig. 2. Impact of changing the threshold (w) on the speed of detection of ‘‘Bad’’ Webservices.

Fig. 3. Impact of changing delta (d) on the speed of detection of ‘‘Bad’’ services.

168 H. Yahyaoui / Knowledge-Based Systems 27 (2012) 162–169

5.2. Model Robustness

In order to study the robustness of our proposed model, we re-sort to a large experiment in which we have 500 Web services thatare classified based on their initial trust values in the followingcategories:

� The first class is for Web services which have initial good trustvalues and then preserve their good level of trust. We denotethis class by honest.� The second class is for Web services which have initial bad trust

values and then get their trust values higher in a continuousway. We denote this class by redemptive.� The third class is for Web services which have initial good trust

values and then get their trust values lower in a continuousway. We denote this class by suspicious.� The fourth class is for Web services which have initial bad trust

values and then preserve their bad level of trust. We denote thisclass by malicious.

The 500 Web services compete to win in each game round oneof the 100 tasks that can figure in the collaboration. The defaultthreshold w set to 0.5.

Fig. 1 depicts the evolution of trust values for the aforemen-tioned categories of Web services. It is clear from the Figure that‘‘Good’’ Web services (categories 1 and 2) keep their trust valueshigher than the threshold w while ‘‘Bad’’ Web services have trustvalues under this threshold. The model allows detecting theseWeb services and do not allow them to participate in the competi-tion for getting a task in the collaboration.

Fig. 1. Web services trust evolution.

The threshold w is tuned in our model. The default value is 0.5but we did some experiments in order to see the impact of thethreshold value on the robustness of the model. In fact, we foundthat the higher the threshold, the lower number of game roundsthat are needed to detect ‘‘Bad’’ Web services. Fig. 2 outlines theaverage number of rounds to detect ‘‘Bad’’ Web services whilechanging the distance to the threshold. When the distance in-creases, the malicious Web services are detected in more gamerounds. However, this will give redemptive Web services a secondchance to enhance their quality attributes and so raise their trustvalues. We consider that this is realistic since Web services canget their quality attributes lower because of external factors suchas network issues.

The categories are determined based on the distance d of initialtrust values to the overall average of these values. Varying this dis-tance has an impact on the number of Web services which areranked ‘‘Bad’’ and consequently the average number of rounds todetect these Web services. Fig. 3 outlines the impact of changingthis distance on the speed of detection of ‘‘Bad’’ Web services.Increasing d means having less initial malicious Web services andso less game rounds required to detect them. However, if d is de-creased we have more initial malicious Web services and moregame rounds are required to detect them.

Fig. 4. Impact of increasing the number of collaboration tasks on the speed ofdetection of ‘‘Bad’’ Web services.

H. Yahyaoui / Knowledge-Based Systems 27 (2012) 162–169 169

A Web service learns through interactions ‘‘Bad’’ Web servicesand so the more repeated tasks figure in the collaboration, the lessrounds are required to detect these malicious Web services as de-picted in Fig. 4. This comes from the capability of a Web service torecognize malicious Web services, demote their trust values eachtime they don’t perform as expected and finally reject any bid fromthese Web services when their trust values become lower than thethreshold w.

6. Conclusion

We provided in this paper a distributed trust-based game solu-tion for Web services collaboration. During the game, each Webservice submits a cost for achieving a specific task. The Web ser-vice, that is allocating a specific task, computes the so-calledtrust-based cost. The game winner is the Web service, which hasthe minimal trust-based cost. We have shown how the use of trustallows a better allocation of tasks with respect to a conventionalallocation where there is no consideration of the trust as a criterionfor assigning tasks. We provided an illustration of our model abilityto capture Web services composition and compute the trust forcomposite Web services. As defined the model is suitable for cho-reographical composition however it enjoys features that can bepractically integrated in an orchestration engine, which makesthe trust a paramount factor for enabling such composition. Ourfuture work will include the study of the impact of Web servicerecommendations on the game. A challenge will be the design ofa mechanism that mitigates the effect of collusion and allows tohave a direct-truthful revelation or in the worse case a mechanismwhere liars, i.e., Web services giving false reports have small im-pact on the equilibrium.

References

[1] T. Andrews, F. Curbera, H. Dholakia, Y. Goland, J. Klein, F. Leymann, K. Liu, D.Roller, D. Smith, S. Thatte, I. Trickovic, S. Weerawarana, Business ProcessExecution Language for Web Services, Version 1.1. Standard proposed by BEASystems, IBM Corporation, and Microsoft Corporation, 2003.

[2] A. Archer, E. Tardos, Truthful mechanisms for one-parameter agents, in:Proceedings of the 42nd IEEE Symposium on Foundations of Computer Science(FOCS), Washington, DC, USA, 2001, pp. 482–491.

[3] R. Dash, S. Ramchurn, N. Jennings, Trust-based mechanism design. in:Proceedings of the Third International Joint Conference on AutonomousAgents and Multiagent Systems, New York, USA, 2004, pp. 748–755.

[4] S. Dustdar, W. Schreiner, A survey on web services composition, InternationalJournal on Web and Grid Services 1 (1) (2005) 1–30.

[5] M. Eid, A. Alamri, A. El Saddik, A reference model for dynamic web servicecomposition systems, International Journal of Web and Grid Services 4 (2)(2008) 149–168.

[6] Pierre L’Ecuyer et al., SSJ: stochastic simulation in Java. Available from: http://www.iro.umontreal.ca/simardr/ssj/indexe.html, 2008.

[7] J. Feigenbaum, C. Papadimitriou, R. Sami, S. Shenkar, A BGP-based mechanismfor lowest-cost routing, Distributed Computing 18 (1) (2005) 61–72.

[8] A. Moukas, G. Zacharia, P. Maes, Collaborative reputation mechanisms inelectronic marketplaces, Decision Support Systems 29 (4) (2000) 371–388.

[9] M. Huhns, Agents as web services, IEEE Internet Computing 6 (4) (2002) 93–95.[10] A. Josang, R. Ismail, The beta reputation system, in: Proceedings of the 15th

Bled Conference on Electronic Commerce, Bled, Slovenia, 2002, pp.324–337.[11] B. Khosravifar, J. Bentahar, A. Moazin, Analyzing the relationships between

some parameters of web services reputation, in: Proceedings of the 8thInternational Conference on Web Services (ICWS’2010), 2010, pp. 329–336.

[12] Y. Kim, H. Song, Strategies for predicting local trust based on trust propagationin social networks, Knowledge-Based Systems 24 (8) (2011) 1360–1371.

[13] Z. Malik, A. Bouguettaya, RATEWeb: reputation assessment for trustestablishment among web services, Very Large Data Bases (VLDB) 18 (4)(2009) 885–911.

[14] S. Marti, H. Garcia-Molina, Taxonomy of trust: categorizing P2P reputationsystems, Computer Networks 50 (4) (2006) 472–484.

[15] A. Mas-Colell, M. Whinston, J.R. Green, Microeconomic theory, OxfordUniversity Press, 1995.

[16] E. Maximilien, M. Singh, Reputation and endorsement for web services,SIGecom Exchanges 3 (1) (2002) 24–31.

[17] D.A. Menascé, QoS issues in web services, IEEE Internet Computing 6 (6) (2002)72–75.

[18] J. Myoung, C. Ouk Kim, I. Kwon, Quality-of-service oriented web servicecomposition algorithm and planning architecture, Journal of Systems andSoftware 81 (11) (2008) 2079–2090.

[19] N. Nisan, Algorithms for selfish agents, in: Proceedings of the AnnualSymposium on Theoretical Aspects of Computer Science, Trier, Germany,1999, pp. 1–15.

[20] N. Nisan, A. Ronen, Algorithmic mechanism design, in: Proceedings of ACMSymposium on Theory of Computing, Atlanta, GA, USA, 1999, pp. 129–140.

[21] N. Nisan, A. Ronen, Computationally feasible VCG mechanisms, Journal ofArtificial Intelligence Research (JAIR) 29 (2007) 19–47.

[22] M. Papazoglou, P. Traverso, S. Dustdar, F. Leymann, Service-orientedcomputing: state of the art and research challenges, IEEE Computer 40 (11)(2007) 38–45.

[23] D.C. Parkes, Iterative Combinatorial Auctions: Achieving Economic andComputational Efficiency, PhD thesis, Department of Computer andInformation Science, University of Pennsylvania, 2001.

[24] P. Pu, L. Chen, Trust-inspiring explanation interfaces for recommendersystems, Knowledge-Based Systems 20 (6) (2007) 542–556.

[25] P. Doshi S. Paradesi, S. Swaika, Integrating behavioral trust in web servicecompositions, in: Proceedings of the Seventh International Conference on WebServices (ICWS’09), Los Angeles, CA, USA, 2009, pp. 453–460.

[26] Wikipedia. Beta distribution. Available from: http://en.wikipedia.org/wiki/Beta_distribution, 2010.

[27] Wikipedia. Method of moments. Available from: http://en.wikipedia.org/wiki/Method_of_moments_(statistics), 2010.

[28] Wikipedia. Gnutella. Available from: http://en.wikipedia.org/wiki/Gnutella,2011.

[29] Wikipedia. Kazaa. Available from: http://en.wikipedia.org/wiki/Kazaa, 2011.[30] K. Xiong, H. Perros, Trust-based resource allocation in web services, in:

Proceedings of the IEEE International Conference on Web Services (ICWS’06),Chicago, IL, USA, 2006, pp. 663–672.

[31] W. Yuan, D. Guan, Y. Lee, S. Lee, S. Hur, Improved trust-aware recommendersystem using small-worldness of trust networks, Knowledge-Based Systems23 (3) (2010) 232–238.