Your SlideShare is downloading. ×
Open Reputation Management Systems
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Open Reputation Management Systems


Published on

Open Reputation Management Systems

Open Reputation Management Systems

Published in: Technology, Education

1 Comment
1 Like
  • thanks for sharing. I work as a PhD student at Delft University of Technology and focus on this specific topic: an open reputation system and ontology.
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Proposal for Open Reputation Management Systems TC (ORMS) IIW, December 3-5, 2007, Mountain View
    • For information on OASIS IDtrust Member Section see:
    • For more information related to ‘Joining OASIS’ see: Abbie Barbir ( [email_address] ) Nortel OASIS IDtrust Steering Committee
  • 2.
    • OASIS provides a neutral setting where government agencies, companies, research institutes, and individuals work together to advance the use of trusted infrastructures
    • History
    • PKI Forum migrated to OASIS PKI MS in November 2002
    • PKI MS transformed into IDtrust MS in 2007
    • IDtrust expanded its scope to encompass additional standards based identity and trusted infrastructure technologies, policies, and practices
    • Steering Committee
    • Abbie Barbir , Nortel June Leung , FundSERV
    • Arshad Noor , StrongAuth John Sabo , CA, Inc.
    • Ann Terwilliger , Visa International IDtrust MS Background
  • 3.
    • Identity and Trusted Infrastructure components
      • Studies and Projects addressing Identity and Trust models and standards; relevant protocols and standards; trust infrastructures in use; costs, benefits and risk management issues
    • Identity and Trust Policies and Enforcement
      • Policies; policy mapping and standardization; assurance; technical validation mechanisms; trust path building and validation
    • Education and Outreach
      • Documenting trust use cases and business case scenarios, best practices and adoption reports and papers; organizing conferences and workshops; and establishing Web-based resources
    • Barriers and Emerging Issues
      • Data privacy issues; interoperability; cross border/ organizational trust; outsourcing; cryptographic issues; application integration; and international issues
    IDtrust Strategic Focus Areas
  • 4. IDTrust Summary
    • Current TCs
      • Enterprise Key Management Infrastructure TC
      • PKI Adoption TC
      • OASIS Digital Signature Services (DSS) TC
      • XRI TC
    • Steering Committee developing new work plan for 2007/2008
    • Many opportunities to get involved
    • We invite you to join OASIS and participate in the IDtrust MS and/or TCs
    • For more information contact
    • Dee Schur:
  • 5. Open Reputation Management Systems TC (ORMS)
    • Setting the Stage
    • Need established during OASIS IDtrust Burton workshop ( ) at Catalyst Europe 2007
    • Validated by talks in Catalyst Europe 2007, Barcelona,
    • Objectives of this talk
      • Validation/improvement/feedback on the proposed TC charter
      • Getting interested parties involved in TC work
      • Identify co-chairs for the proposed TC
      • Get Founding Members involved
  • 6. Need for Reputation Data Framework
    • Reputation
      • Summary of past behavior of a subject within a specific context (function of time)
      • Assumes that past behavior is indicative of future behavior
      • good reputation increases the trustworthiness of an entity
      • Reputation Score can be used as a foundation of Trust (within a context/interaction and testimonials )
    • Growing in popularity (online/social communities)
    • Many Flavors for providing feedback/reputation data
      • Centralized systems (eBay)
      • Decentralized systems ( such as P2P file sharing systems)
  • 7. Some Examples
    • Filtering out content that does not meet reputation criteria through pre-filtering (by moderators) or post-filtering (by community)
    • Reputation for content, creators and spaces
    • Objects come with reputation metadata
    • Implies an authoring and management system for those metadata
    • Reputation metadata must be trustworthy, i.e., authenticated while respecting privacy
    • Reputation system must be user-centric (i.e., trust decisions are controlled by user) and must offer choices for transparency (must not get into the way of using content, leaves it to the user how to handle trust decisions)
    • Can I trust this collaborative space ?
    • Is all content correct?
    • Is all content authorized?
    • Is all content appropriate for me?
    • What is the creator’s reputation?
    • Can I trust this content ?
    • Is this content correct?
    • Is this content authorized?
    • Is this content appropriate for me?
    • What is the creator’s reputation?
  • 8. Principles of Reputation
    • Reputation is one of the factors that trust is based on
    • Reputation is someone else’s story about me
    • Reputation is based on identity
    • Reputation exists in the context of community
    • Reputation is a currency
    • Reputation is narrative (evolves through time)
    • Reputation is based on claims (verified or not), transactions, ratings, and endorsements
    • Reputation is multi-level
    • Multiple people holding the same opinion increases the weight of that opinion
    Source: Windley et al
  • 9. Reputation Management Framework
    • Build a generic open reputation system that is robust, scalable, IdM and application independent that supports a flexible trust model
    • Data needed for the generation of reputation
      • Cold start problem
      • Supports Multiple computational models
      • Assertions/claims (within a context)
      • Identity linking
      • Portable Data model for users, credentials and claims
    • Reputation based trust model
      • Trust metrics; Verified claims and facts
      • Direct and indirect transactions; Third party
  • 10. Reputation Management Framework
    • Aggregation, Discovery and Storage
      • How reputation scores are generated???
      • Central/distributed
      • Authentication/trust of data and providers
    • Data reputation exchange protocol
    • Overall system security
    • Transparency
      • Users feedback
      • privacy & selective disclosure
      • What transactions a user can see
      • Ability to do Self-Assessment
  • 11. Example of ORMS Interactions B about C and C about B User B User C Interaction Feedback Feedback Reputation Store I Reputation Server Reputation Feedback Feedback Interaction User D Reputation Store II Reputation Server Common Data/Context Common Schema for Rep Score Common Protocol Convertible credentials B about D and D about B Reputation Aggregator User E Inquire about Score of D within a context ; Access to Reputation of II Reputation Reputation Store I Reputation Server Reputation
  • 12. ORMS TC Charter
    • Statement of Purpose/List of Deliverables
    • To develop an Open Reputation Management System (ORMS) that provides the ability to use common data formats for representing reputation data, and standard definitions of reputation scores.
    • The system will not define algorithms for computing the scores. It will provide the means for understanding the relevancy of a score within a given transaction. The TC's output will enable the deployment of a distributed reputation systems that can be either centralized or decentralized with the ability for aggregators and intermediaries to be part of the business model. The standard does not tie itself to a specific IDM, but let implementers plug-in their identity-schemes to ORMS.
    • List of deliverables:
      • Use Cases
      • Requirements document
      • XML Schema for representing ORMS data
      • XML Schema for Reputation Score
      • Assertions/claims (tokens) profiles
      • Protocol(s) for exchanging of reputation data and assertion tokens
      • Security, threats and Risk analysis
  • 13. ORMS TC Charter
    • Use Cases and Requirement Gathering
    • Use cases to gather requirements that ORMS will need to meet and understand the business and social impact of such a system including security, privacy, threats and risks requirements will also be developed. Explore the use of reputation mechanisms in novel settings.
    • Document that analyzes performance of existing reputation mechanisms with respect to the requirements developed in the previous steps and identify current gaps.
  • 14. ORMS TC Charter
    • Develop Framework for Open Reputation Data
    • Enabling data mining through standard reputation data tagging for content
    • Development of common data models for expressing reputation data
    • Development of standard way of exchanging reputation claims among systems
    • Development of means of aggregating reputation data including delegation of claims generations and assertions
    • Development of query/response communication protocols for exchanging reputation data in a trusted and secure fashion
    • This step may develop a new protocol, or extend current ones such as SAML, OpenID etc
  • 15. ORMS TC Charter
    • Out of Scope
    • Algorithms that can be used for generating a reputation score are out of scope of this work. The work will define a standard way to infer what a given score will mean but will not specify how to compute that value.
    • The work does not exclude methods for asserting equivalence or relationships between scoring systems. A possible output of the TC work might include methods to facilitate the calculation of comparisons between score ratings, or operations that take multiple scores as inputs.
  • 16. ORMS TC Charter
    • Proposed Leadership
      • Co-chairs: Anthony Nadalin, IBM
      • Co-chairs: XXX, TBD
    • IPR Mode
      • TBD, RF or RF/RAND??
    • Language
      • English
    • Start Time
      • First Meeting: February or March 2008
  • 17. Next Steps
    • Feedback on scope and charter is encouraged
    • We need community Participation and support
    • Early adopters can be founding members with voting rights at the first TC meeting
    • We need co-chairs and industry support
    • Please send feedback to [email_address] or Dee Schur [email_address]
    • Many Thanks for your time
  • 18. Bckup
    • Backup
  • 19. Reputation Technology Summary of actual past behavior, by service provider Real identity Background check against external data Peer reviews portable specific Identity Verification, Identity Proofing = Strong Identity Trust in specific attribute or future behavior?  Digital Identity