This chapter presents background about services, SOA, and trust. Different trust-based ser- vice selection approaches are provided. Trust aspects are discussed, such as trust development phases, properties of the trust relationship, and trust classes. Moreover, the chapter examines reputation computation engines and commercial reputation systems. The relation between trust and security is presented, along with the WS-Trust standard, which is used to build trust between different parties.
Chapter 3
Related Work
“You may be deceived if you trust too much, but you will live in torment if you don’t trust enough.” Frank Crane
There is a number of review papers and studies on trust and reputation systems [33, 39] and trust-based Web Services selection [94, 21]. Researchers study different approaches for building reputation, rating entities, and receiving feedback in different trust systems, such as the reputation and recommendation systems in centralized and decentralized architectures. This chapter will present literature related to this thesis. Specifically, Section 3.1 will present trust definition, and Section 3.2 will provide trust information. Section 3.3 discussing trust for service providers, and Section 3.4 examines SOA extension. A community-based system is presented in Section 3.5, and trust models are examined in Section 3.6. Finally, Section 3.7 discusses trust bootstrapping and Section 3.8 summarizes the chapter.
3.1
Trust Definition in the Literature
In the literature, there are dozens of trust definitions in different contexts and situations, and there is considerable variation in the meaning of trust. Trust is an important factor in many interactions involving uncertainty and dependency. However, the degree of uncertainty, depen- dency, and risk is higher in the online world than in the offline world [42]. This chapter provides
trust definitions in the offline and online worlds. Our approach in defining trust is to explore the trust literature for extracting the important components of a trust definition.
Trust Definitions in the Offline World
The English dictionary defines trust asreliability, reliance on integrity, confident expectations, obligations or responsibilities imposed on someone/something in whom confidence or author- ity is placed, a fiduciary relationship, being left in guardianship of another, belief, reliance, dependence, certainty, faith, no fear of consequences, commitment, and hope [2, 3]. Further- more,companionship,friendship,love, agreement, relaxation, andcomfortare some emotions associated with trust [19].
According to David [19], “trust is both an emotional and logical act. Emotionally, it is where you expose your vulnerabilities to people, but believe they will not take advantage of your openness. Logically, it is where you have assessed the probabilities of gain and loss, calculating expected utility based on hard performance data, and concluded that the person in question will behave in a predictable manner” [19]. People trust others because they have experienced their trustworthiness and because they have faith in human nature [19]. Honesty is truthfulness, and an honest entity does not lie or cheat [2].
Trust Definitions in the Online World
In the online world, trust has been defined in different ways by researchers, which often reflects the paradigms of the researchers’ academic disciplines. The most frequently cited definition states that “trust is the willingness of a party to be vulnerable to the action of another party based on the expectation that the other will perform a particular action important to the trustor, irrespective to the ability to monitor or control that other party” [61]. This definition suggests that there is something important to be lost by the trustors, which implies vulnerability, and that trustors have no control over trustees, which implies lack of control. Although trust is a very effective complexity reduction method, users cannot have control over the behaviour of others [42], which implies lack of control. Corritore et al. [17] define online trust as “an
attitude of confident expectation in an online situation of risk that one’s vulnerabilities will not be exploited”. The authors include some key concepts in their definition, which are risk,
vulnerability, expectation, confidence, andexploitation. Alternatively, Chang et al. [15] define trust as “the belief that the Trusting Agent has in the Trusted Agent’s willingness and capability to deliver a quality of service in a given context and in a given Timeslot”. This definition implies thecontext-specificproperty of trust.
Buttyan and Hubaux maintain that “trust is about the ability to predict the behaviour of an- other party” [13]. Grandison and Sloman [33] define trust as “the firm belief in the competence of an entity to act dependably, securely, and reliably within the specified context”. In contrast, these authors define distrust as “the lack of firm belief in the competence of an entity to act dependably, securely and reliably within a specified context”. These definitions imply that trust is a composition of multiple attributes, such as reliability, honesty, dependability, security, time- liness, and competence, all of which must be considered in different environments where trust will be established.
There are two common definitions of trust in the literature: reliability trust and decision trust. Reliability trust [29] involves a context where A relies on and expects B to perform a given action on which A’s welfare depends. This definition includes the concepts ofdependency
andreliability. On the other hand, decision trust [62] is “the extent to which one party is willing to depend on something or somebody in a given situation with a feeling of relative security, even though negative consequences are possible”. This definition implies thecontext-specific
property of trust and includes the concepts ofdependency, reliability, utility,risk attitude,law enforcement,insurance and other remedies.
In Web Services, trust is defined in the WS-Trust specification [43] as “the characteristic that one entity is willing to rely upon a second entity to execute a set of actions and/or to make assertions about a set of subjects and/or scopes”. However, this definition fails to induce the concepts of risk and lack of control. Other studies define and specify trust or reputation as a QoS [95, 37, 21]. For instance, Dragoni [21] mentioned that the evaluation of trust is a key QoS aspect of Web Service selection. Kalepu et al. [41] add a “verity” metric to the QoS properties for Web Service selection and define it as “the ability to maintain the lowest difference between the projected and achieved levels of service metrics”. Although QoS properties can be used
as information to establish trust, trust is not a QoS. Maximilian and Singh [58] distinguish be- tween trust and QoS and maintain that the selection of Web Services is based on non-functional attributes, such as QoS and trust.
Often, trust is used synonymously with terms such as cooperation, faith, competence, re- liance and credibility. However, cooperation is either a cause or a manifestation of trust, and trust includes reason, which is the opposite offaith. Moreover, trust goes beyond the belief in thecompetenceof the trusted party. Trust in information means that the information iscredible
or believable [17]. Also, it is possible to rely on a person without trusting him/her [17, 12]. Mayer et al. [61] add confidence and predictability as terms that are considered synonymous with trust. However, with trust, risk is assumed, but withconfidenceit is not.