iTrust Survey
Graham KlyneNine by Nine
http://www.ninebynine.net/8 October 2004
8 October 2004 iTrust survey 2
Goals of this talk
• Reviewing iTrust activity– exemplified by conference papers
• Looking for multidisciplinary results– what are the contributions from
non-computing disciplines?
• Is there any overall “shape” of new understanding coming from iTrust work?
• System implementation perspective– what guidance is offered?
8 October 2004 iTrust survey 3
iTrust
• “The aim of iTrust is to provide a forum for cross-disciplinary investigation of the application of trust as a means of establishing security and confidence in the global computing infrastructure, recognizing trust as a crucial enabler for meaningful and mutually beneficial interactions.”– http://www.itrust.uoc.gr/– (my emphasis)
8 October 2004 iTrust survey 4
Method
• Read through all main papers in LNCS proceedings of first two public iTrust conferences– 48 papers– Not including short papers
• Summarize content of each paper– attempt to reflect content, not evaluate
• Pick out key themes in each paper– subjective, subject to differing views
8 October 2004 iTrust survey 5
Method (continued)
• Data collected using a variant of RDF (N3)– http://www.ninebynine.org/iTrust/iTrust-survey.n3About Notation3:– http://www.w3.org/DesignIssues/Notation3.html– http://www.w3.org/2000/10/swap/Primer.html
• Auto-generated summary document– http://www.ninebynine.org/iTrust/iTrust-survey.html
• Processed using simple rules (using CWM)– http://www.w3.org/2000/10/swap/doc/cwm.html
• Reviewed summaries looking for themes
8 October 2004 iTrust survey 6
Raw data:Multidisciplinary themes
• Computing - 39 papers• Economics - 8 papers• Legal - 4 papers• Philosophy - 1 paper• Logic - 1 paper• Psychology - 4 papers• Sociology - 8 papers• Statistics - 6 papers
8 October 2004 iTrust survey 7
Raw data:Other recurring topics
• Privacy - 4 papers• Reputation - 12 papers
8 October 2004 iTrust survey 8
Raw data:Computing + topic
• Computing + Economics - 6 papers• Computing + Legal - 2 papers• Computing + Philosophy - 1 paper• Computing + Psychology - 3 papers• Computing + Sociology - 5 papers• Computing + Statistics - 4 papers• Computing + Privacy - 4 papers• Computing + Reputation - 11 papers
8 October 2004 iTrust survey 9
Raw data:Paper topics not spotted
• Political science– Informing public policy formation?
• Business/management
8 October 2004 iTrust survey 10
Defining trust
• 23 different definitions found– Two economics papers used the same definition!
• Common themes:– Subjective – Expectation or belief about another’s behaviour– Related to specific context– Risk of trusting behaviour– Basis for decision with incomplete information– Based on past evidence
8 October 2004 iTrust survey 11
Observations
• Very few papers without a strong computing element
• Many papers about computing with input from some other discipline(s)
• Reputation/recommendation systems lead use of trust in implemented systems
• A strong strand of economic theory informing reputation systems
8 October 2004 iTrust survey 12
More observations
• Conference papers are not the whole story
• Work in logic of trust is not yet connecting with systems using trust
• Having existing computational models makes us better able to employ socio-cognitive work?
• Traditional computer security view of trust as an atomic proposition, rather than something to be analyzed
8 October 2004 iTrust survey 13
Observations about trust
• Computing with trust necessarily (?) ignores many subtleties
• The 1994 PhD thesis of S. Marsh seems to be seminal in computation of trust
• “First transaction” trust is challenging• Reduced importance of specific identity• Recommendation/reputation systems
– consensus to separate trust in some action from trust in recommendation
8 October 2004 iTrust survey 14
Some specific observations (1)
• The social aspect of trust is only lightly acknowledged by computing systems– cf. lncs2995_266_276, lncs2995_146_160– Modelling goodwill, community vs individual
benefit?
• Different approaches to trust with and without 3rd party participation– cf. lncs2692_17_32, lncs2692_46_58
8 October 2004 iTrust survey 15
Some specific observations (2)
• Trust may be at the cost of privacy– cf. lncs2995_108_119, lncs2995_108_119
• Empirical data concerning human trusting behaviour is patchy– cf. lncs2692_165_178, lncs2995_206_220
• Two clusters of trust definitions– rational (expected benefit)– social (moral duty, etc)– cf. lncs2995_266_276
8 October 2004 iTrust survey 16
On the Web
• This presentation (PPT and PDF)– http://www.ninebynine.org/iTrust/iTrustSurvey.ppt– http://www.ninebynine.org/iTrust/iTrustSurvey.pdf
• Raw survey data (Notation3 and HTML)– http://www.ninebynine.org/iTrust/iTrust-survey.n3– http://www.ninebynine.org/iTrust/iTrust-survey.html
• Survey processing rules (Notation3)– http://www.ninebynine.org/iTrust/TrustRules.n3
• Processed survey data (Notation3)– http://www.ninebynine.org/iTrust/TrustResults.n3
8 October 2004 iTrust survey 17
Further activity
• Creating iTrust resource page, links for:– Papers– Tutorials– Presentations– Software– Projects
• Please send me your URLs!– [email protected]– (or: iTrust mailing list)
8 October 2004 iTrust survey 18
Discussion
• Are there other major themes?• Most results directed to computing
professionals?• Is trust more than just another technique for
achieving security?• Economic/sociological input seems focused on
reputation/recommender systems?• Can/should computing with trust recognize its
social subtleties?• Can trust sustenance be fully decentralized?• How do other fields influence technical designs?
8 October 2004 iTrust survey 19
Notes
• Simon: taking metaphors from human trust to inform system designs is useful. Richer models are useful for organizations coming to terms with trust.
• Reno: trust is different from security. Security is source of Trust. Trust has to cope with a (novel?) environment. Trust is needed when there are risks. Re. Subtleties “the devil is in the detail”. Difficult to reduce the complex model and ignore other parts.
• Moral and rational reasons: even in this case there is a strict link between them; not always possible to distinguish; e.g. why don’t the economic/game theory models cope effectively with trust problems? They deal only with rational elements, but humans aren’t entirely rational.
• Andrew J: the function of rich (and?) formal models. Aims at conceptual analysis, to achieve clearer understanding of complex concepts. Construction should not be constrained by computation. Then move on from conceptual level to computational level, which does involve simplification … but this way it is clear just what is being simplified. This is to be preferred to starting from a naïve informal description and going straight to a computable model. Thus, formal models are bridge from intuitive understanding to computation.– Stefan: w.r.t. FIPA(?) agent standards. Model developers and companies developing code. Industry is impatient and has
huge inertia (!). They understand conceptual models are a Good Thing, but don’t put resources into them. Lack of people who want to follow the process through: specify conceptual model, understand it, and follow through into real engineered systems. There is a perception that conceptual models are too hard for ordinary engineers.
– Theo: … develop very rich models, but don’t have time (?) to determine if they’re realizable. Practioners tend to treat models as specifications rather than guidelines. … building systems bottom up … re social/logical models: question is not whether whether they are realizable, but what they give us.
– Stefan: any approach is flawed, none is ideal. Need to try several.– Peter H: computer scientists always try to bring things (models) into their computers. [Maybe.. Computer scientists
need to learn to put down their computers?]• Simon… that’s (putting trust inside my computer) is going too far
8 October 2004 iTrust survey 20
Third iTrust conference
• http://www-rocq.inria.fr/arles/events/iTrust2005
• Paper deadline: 25 November 2004– Tutorials, demos later
• Conference: 24-26 May 2005– Tutorials 23 May 2005
• This is the last conference of the present iTrust series… please join in and get people excited!