Your SlideShare is downloading. ×
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Analysis of Trust-Based Approaches for Web Service Selection
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Analysis of Trust-Based Approaches for Web Service Selection

938

Published on

Presentation

Presentation

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
938
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
16
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Introduction State of the art Discussion Conclusions Analysis of Trust-Based Approaches for Web Service Selection Nicola Dragoni Nicola Miotto Davide Papini Department of Informatics and Mathematical Modelling Technical University of Denmark NODES 2011 - 5th Nordic Workshop on Dependability and Security 28 June 2011Nicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 1 / 35
  • 2. Introduction State of the art Discussion ConclusionsOutline 1 Introduction Service Oriented Computing 2 State of the art Classification 3 Discussion Pluses & Minuses Direct Experience TTP Hybrid Automated Trust Negotiation Questions & Issues Soft trust VS Hard trust 4 Conclusions Soft trust + Hard trust StepsNicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 2 / 35
  • 3. Introduction State of the art Discussion Conclusions IntroductionNicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 3 / 35
  • 4. Introduction State of the art Discussion ConclusionsService Oriented ComputingThe SOC vision Service oriented architecture to improve code reuse and integration Web Services: the bricks Brought to its full potential: automatic discovery and composition of web servicesNicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 4 / 35
  • 5. Introduction State of the art Discussion ConclusionsService Oriented ComputingVTA Scenario Alice has to develop a Virtual Tourism Agency Development by service composition: flight booking car rent accommodation booking e-payment Several flight booking services found...WS TrustworthinessWhich one can be trusted?Nicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 5 / 35
  • 6. Introduction State of the art Discussion Conclusions State of the artNicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 6 / 35
  • 7. Introduction State of the art Discussion ConclusionsClassificationClasses Figure: Current approaches for trust provisioningNicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 7 / 35
  • 8. Introduction State of the art Discussion ConclusionsClassificationCentralized vs DistributedCentralized Trust score owned and provided by a central authority. Can’t be good for everyone Single point of failure hard to maintain (great scalability demand in SOA) not fitting to a large open system such as SOA.Distributed Trust score computed with the help of other peers in the system Specific issues for each kind of systemNicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 8 / 35
  • 9. Introduction State of the art Discussion ConclusionsPluses & Minuses Pluses & Minuses of current approachesNicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 9 / 35
  • 10. Introduction State of the art Discussion ConclusionsPluses & MinusesDirect ExperienceDefinitionA service consumer trusts a service because of his good pastexperience with the service. + User fitting score → the trust score (derived by the user) is perfectly fitting with his needs - Blind execution → The consumer has to unconditionally trust the web service in order to use/evaluate it. SOA = open system where everyone can publish its (malicious) code - Otherwise he has to unconditionally distrust and discard it (even if it was actually good)Nicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 10 / 35
  • 11. Introduction State of the art Discussion ConclusionsPluses & MinusesMain issues Unconditional Trust/Distrust: the user is constrained to a “take it or leave it” approach for some services.Nicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 11 / 35
  • 12. Introduction State of the art Discussion ConclusionsPluses & MinusesTTP - SocialDefinitionThe trust score of a service/provider is community-driven.3 classes: Reputation: A service consumer trusts a service because of his good reputation → reputation derived from direct experience of the members of the community Recommendation: A service consumer trusts a service because of some recommendations obtained by a trusted authority → recommendation score mined from knowledge of user, community and dominium. Referrals: A service consumer trusts a service because of some referrals obtained from trusted software agents → rating likely to be honest.Nicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 12 / 35
  • 13. Introduction State of the art Discussion ConclusionsPluses & MinusesTTP - SocialShared features: + Pre-use trust score → there are chances to obtain a trust score before using a WS - Community Dependent - New WS Ramp-upNicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 13 / 35
  • 14. Introduction State of the art Discussion ConclusionsPluses & MinusesMain issues Unconditional Trust/Distrust: the user is constrained to a “take it or leave it” approach for some services.Nicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 14 / 35
  • 15. Introduction State of the art Discussion ConclusionsPluses & MinusesMain issues Unconditional Trust/Distrust: the user is constrained to a “take it or leave it” approach for some services. New WS Ramp-up: how to evaluate a brand new Web Service joining the network?Nicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 14 / 35
  • 16. Introduction State of the art Discussion ConclusionsPluses & MinusesMain issues Unconditional Trust/Distrust: the user is constrained to a “take it or leave it” approach for some services. New WS Ramp-up: how to evaluate a brand new Web Service joining the network? Community dependency: a community based trust evaluation always relies on the quality of the community itself. How to bootstrap a good community?Nicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 14 / 35
  • 17. Introduction State of the art Discussion ConclusionsPluses & MinusesTTP - SocialSpecific features: Reputation - most of the suggested approaches are centralizedNicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 15 / 35
  • 18. Introduction State of the art Discussion ConclusionsPluses & MinusesMain issues Unconditional Trust/Distrust: the user is constrained to a “take it or leave it” approach for some services. New WS Ramp-up: how to evaluate a brand new Web Service joining the network? Community dependency: a community based trust evaluation always relies on the quality of the community itself. How to bootstrap a good community?Nicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 16 / 35
  • 19. Introduction State of the art Discussion ConclusionsPluses & MinusesMain issues Unconditional Trust/Distrust: the user is constrained to a “take it or leave it” approach for some services. New WS Ramp-up: how to evaluate a brand new Web Service joining the network? Community dependency: a community based trust evaluation always relies on the quality of the community itself. How to bootstrap a good community? Centralized: single point of failure, hard to maintain, black box computed trust, not fitting to a large open system such as SOA.Nicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 16 / 35
  • 20. Introduction State of the art Discussion ConclusionsPluses & MinusesTTP - SocialSpecific features: Reputation - most of the suggested approaches are centralized Recommendation + trust score fitting to the user profile and behaviour; - either the user has to disclose (maybe) sensitive informations or new user ramp-up issue; - most of the approaches are centralized;Nicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 17 / 35
  • 21. Introduction State of the art Discussion ConclusionsPluses & MinusesMain Issues Unconditional Trust/Distrust: the user is constrained to a “take it or leave it” approach for some services. New WS Ramp-up: how to evaluate a brand new Web Service joining the network? Community dependency: a community based trust evaluation always relies on the quality of the community itself. How to bootstrap a good community? Centralized: single point of failure, hard to maintain, black box computed trust, not fitting to a large open system such as SOA.Nicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 18 / 35
  • 22. Introduction State of the art Discussion ConclusionsPluses & MinusesMain Issues Unconditional Trust/Distrust: the user is constrained to a “take it or leave it” approach for some services. New WS Ramp-up: how to evaluate a brand new Web Service joining the network? Community dependency: a community based trust evaluation always relies on the quality of the community itself. How to bootstrap a good community? Centralized: single point of failure, hard to maintain, black box computed trust, not fitting to a large open system such as SOA. New User Ramp-up: the user, in certain approaches, needs a long interaction with the system in order to be “known” and receive fitting suggestions.Nicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 18 / 35
  • 23. Introduction State of the art Discussion ConclusionsPluses & MinusesTTP - SocialSpecific features: Reputation - most of the suggested approaches are centralized Recommendation + trust score fitting to the user profile and behaviour; - either the user has to disclose (maybe) sensitive informations or new user ramp-up issue; - most of the approaches are centralized; Referrals + rates coming from trusted peers;Nicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 19 / 35
  • 24. Introduction State of the art Discussion ConclusionsPluses & MinusesTTP - MatchmakerMatchmakerA service consumer trusts a service because a trusted(central/distributed) matchmaker states that the service’s policymatches the consumer’s ones. + Pre-use trust score + User-fitting suggestions + Liar-recognition provided by some studiesNicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 20 / 35
  • 25. Introduction State of the art Discussion ConclusionsPluses & MinusesTTP - Matchmaker - Hard to setup → Both consumer and provider need to register to matchmaker - Those ones based on a Centralized architecture suffer of all the drawbacks of centralized systems → Both provider and consumer has to disclose their policies to a central authority - Those based on a Distributed architecture demand the consumer to trust an agent instead of a service (problem moved, not solved)Nicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 21 / 35
  • 26. Introduction State of the art Discussion ConclusionsPluses & MinusesMain issues Unconditional Trust/Distrust: the user is constrained to a “take it or leave it” approach for some services. New WS Ramp-up: how to evaluate a brand new Web Service joining the network? Community dependency: a community based trust evaluation always relies on the quality of the community itself. How to bootstrap a good community? Centralized: single point of failure, hard to maintain, black box computed trust, not fitting to a large open system such as SOA. New User Ramp-up: the user, in certain approaches, needs a long interaction with the system in order to be “known” and receive fitting suggestions.Nicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 22 / 35
  • 27. Introduction State of the art Discussion ConclusionsPluses & MinusesMain issues Unconditional Trust/Distrust: the user is constrained to a “take it or leave it” approach for some services. New WS Ramp-up: how to evaluate a brand new Web Service joining the network? Community dependency: a community based trust evaluation always relies on the quality of the community itself. How to bootstrap a good community? Centralized: single point of failure, hard to maintain, black box computed trust, not fitting to a large open system such as SOA. New User Ramp-up: the user, in certain approaches, needs a long interaction with the system in order to be “known” and receive fitting suggestions. Hard Setup: an approach can be good but really difficult to install in the real world, making it less incisive.Nicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 22 / 35
  • 28. Introduction State of the art Discussion ConclusionsPluses & MinusesHybrid - Socio CognitiveSocio-CognitiveThe degree of trust is a function of the subjective certainty of thepertinent beliefs. Therefore, A service consumer trusts a servicebecause of some of its subjective beliefs.Multi-Agent System where sources of subjective beliefs are directexperience, reputation, categorization, reasoning + Accurate trust computation + User-fitting suggestions - it inherits all the shortcomings deriving from the adopted belief source - agents has to be conforming to a model to communicate → hard to setupNicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 23 / 35
  • 29. Introduction State of the art Discussion ConclusionsPluses & MinusesHybrid - Trust & ReputationTrust & ReputationA system providing for a trustworthiness score employingmethodologies based on both reputation and trust, in order to improvesome weaknesses of the constituent methodologies. + some methodologies provide liars recognition + pre-use trust score + some sort of result can be obtained even with poor community or brand new service - effectiveness still tightly connected to community quality and web services “age” - centralizedNicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 24 / 35
  • 30. Introduction State of the art Discussion ConclusionsPluses & MinusesHybrid - Direct experience & ReputationDirect Experience & ReputationThe trust towards a service is evaluated by means of the user directexperience combined with the service reputation.Trust based on agent direct experience or other agent directexperience (reputation) + issues of constituent models mitigated - new web service ramp-up issue - community dependentNicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 25 / 35
  • 31. Introduction State of the art Discussion ConclusionsPluses & MinusesAutomated Trust NegotiationCredential-Based TrustA service consumer and a service provider mutually trust each otherbecause the access control policy of the requested service iscompliant with the access control policy of the service consumer.MUTUAL TRUST between service consumer and provider + user defined policies bring to a user fitting trust score + trust can ALWAYS be computed - hard to setup - no standard protocol or language defined - current studies not fully “web service aware” WS treated as a single operation Trust “Keep alive” not supportedNicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 26 / 35
  • 32. Introduction State of the art Discussion ConclusionsQuestions & Issues Questions & IssuesNicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 27 / 35
  • 33. Introduction State of the art Discussion ConclusionsQuestions & IssuesQuestions 1 How does the trust score fit the user needs?Nicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 28 / 35
  • 34. Introduction State of the art Discussion ConclusionsQuestions & IssuesQuestions 1 How does the trust score fit the user needs? 2 Does the provider/consumer have to disclose any sensitive informations?Nicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 28 / 35
  • 35. Introduction State of the art Discussion ConclusionsQuestions & IssuesQuestions 1 How does the trust score fit the user needs? 2 Does the provider/consumer have to disclose any sensitive informations? 3 Can the user know how the trust is calculated?Nicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 28 / 35
  • 36. Introduction State of the art Discussion ConclusionsQuestions & IssuesQuestions 1 How does the trust score fit the user needs? 2 Does the provider/consumer have to disclose any sensitive informations? 3 Can the user know how the trust is calculated? 4 How does the community influence the trust score?Nicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 28 / 35
  • 37. Introduction State of the art Discussion ConclusionsQuestions & IssuesQuestions 1 How does the trust score fit the user needs? 2 Does the provider/consumer have to disclose any sensitive informations? 3 Can the user know how the trust is calculated? 4 How does the community influence the trust score? 5 Does the user has to unconditionally trust/distrust certain services?Nicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 28 / 35
  • 38. Introduction State of the art Discussion ConclusionsQuestions & IssuesQuestions 1 How does the trust score fit the user needs? 2 Does the provider/consumer have to disclose any sensitive informations? 3 Can the user know how the trust is calculated? 4 How does the community influence the trust score? 5 Does the user has to unconditionally trust/distrust certain services? 6 What is the trustworthiness of a brand new WS?Nicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 28 / 35
  • 39. Introduction State of the art Discussion ConclusionsQuestions & IssuesQuestions 1 How does the trust score fit the user needs? 2 Does the provider/consumer have to disclose any sensitive informations? 3 Can the user know how the trust is calculated? 4 How does the community influence the trust score? 5 Does the user has to unconditionally trust/distrust certain services? 6 What is the trustworthiness of a brand new WS? 7 How hard is the trust provisioning infrastructure to setup and maintain?Nicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 28 / 35
  • 40. Introduction State of the art Discussion ConclusionsQuestions & IssuesMain issues Unconditional Trust/Distrust: the user is constrained to a “take it or leave it” approach for some services. New WS Ramp-up: how to evaluate a brand new Web Service joining the network? Community dependency: a community based trust evaluation always relies on the quality of the community itself. How to bootstrap a good community? Centralized: single point of failure, hard to maintain, black box computed trust, not fitting to a large open system such as SOA. New User Ramp-up: the user, in certain approaches, needs a long interaction with the system in order to be “known” and receive fitting suggestions. Hard Setup: an approach can be good but really difficult to install in the real world, making it less incisive.Nicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 29 / 35
  • 41. Introduction State of the art Discussion ConclusionsSoft trust VS Hard trust Soft trust VS Hard trustNicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 30 / 35
  • 42. Introduction State of the art Discussion ConclusionsSoft trust VS Hard trustSoft Trust Participants in a market collaborate each other in sharing informations on other participants or services. Malicious user can be identified and consequently put aside The vast majority of the analyzed approaches (community dependent) are based on “Soft trust” Main issue: if someone does not take the risk of invoking an unknown service for the first time, then no one will be able to decide about the trustworthiness of the service before its invocationNicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 31 / 35
  • 43. Introduction State of the art Discussion ConclusionsSoft trust VS Hard trustHard Trust Trustworthiness of a WS could be derived just from the a non-functional contract Semantic of a WS is taken into account (i.e. security behaviour) Not dependent on the “social control philosophy” Main issue: no fault-recognition provided, i.e. anyone can provide fake/wrong contract/policiesNicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 32 / 35
  • 44. Introduction State of the art Discussion Conclusions ConclusionsNicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 33 / 35
  • 45. Introduction State of the art Discussion ConclusionsSoft trust + Hard trustSoft trust + Hard trustHybrid system turned to be generally improving constituent methods:Hard trust + Soft trust = ALWAYS possible to obtain a trust value for discovered Web Services Malicious users/services bypassing the trust system are put aside from the communityNicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 34 / 35
  • 46. Introduction State of the art Discussion ConclusionsStepsSteps 1 define what “trust” and “trustworthiness” mean → two terms are still confused to dateNicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 35 / 35
  • 47. Introduction State of the art Discussion ConclusionsStepsSteps 1 define what “trust” and “trustworthiness” mean → two terms are still confused to date 2 combine hard trust and soft trust methodologies in a unified frameworkNicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 35 / 35
  • 48. Introduction State of the art Discussion ConclusionsStepsSteps 1 define what “trust” and “trustworthiness” mean → two terms are still confused to date 2 combine hard trust and soft trust methodologies in a unified framework 3 adapt them to a Service Oriented Computing environmentNicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 35 / 35
  • 49. Introduction State of the art Discussion ConclusionsStepsSteps 1 define what “trust” and “trustworthiness” mean → two terms are still confused to date 2 combine hard trust and soft trust methodologies in a unified framework 3 adapt them to a Service Oriented Computing environment Alice will be finally able to safely choose where to book a flight when she needs it.Nicola D., Nicola M., Davide P. (DTU) Trust-Based Approaches for WS Selection 28 June 2011 35 / 35

×