Enabling Usage Control through Reputation Objects: A Discussion on E-Commerce and the Internet of Services Environments

Article excerpt

Abstract

This paper discusses the meaning and the role of Trust and Reputation in Internet-of-Service and e-Commerce environments following a comparative case study. Both environments represent paradigms through which the Internet is seen as a huge infrastructure where electronic services or real products are traded on. In comparison to electronic commerce, participating in an Internet-of-Services can be full of risks for all participants. Even well known security mechanisms are not able to close all gaps of access and usage control. This paper discusses the concepts of trust and reputation and brings to light the relation between these concepts to security mechanisms, Service-Level-Agreements, and quality measurements in order to enable Usage Control. The proposed solution is based on our previous model of reputation objects. The discussion also introduces a new concept of what we call reputation auditing where quality processes are considered part of reputation management not the other way around.

Key words: Reputation, Rating, Trust, Security, Quality, QoS, SLA, Usage Control

1 Introduction

The Internet of services and e-commerce make use of the infrastructure of the Internet. But while the Internet of Services vision bases on fully automated provision and invocation of services (i.e. software agents representing users), the e-commerce scenario consists of human actors, who provide and ask for products or services. Due to the distributed nature of both scenarios, the participants of the system have to deal with multiple risks. The absence of a central authority (or the limited role of one) forced Usage Control solutions to emerge in order to minimize the risks of system interactions during runtime.

The key point of minimizing these risks is to find a suitable way to build trust between system participants. Trust relationships are important in all kinds of human interactions, business transactions, international politics, stock markets, and software engineering. In an environment where one has to deal with unknown parties, reputation is used to manage this trust. Figure 1 gives a brief view on the benefits of using reputation concepts in several environments. This model mimics real world social and business interactions to propagate trust. On the business level, corporate reputation is as a central competitive element, and is of great significance for a company's ability to win tomorrow's customers, key employees and co-operation partners. In his book, G. Silverman elaborates on the power of the word of mouth, which was described by Rahman et al. as the core process that construct one's reputation [41,46].

Existing work on reputation systems focuses on improving the calculation of reputation values, preventing malicious actions, and the deployment into the business world where reputation is mostly represented in a singular value form. Our previous work focuses on how we represent reputation to reflect its real-world concept (i.e. non-general, context specific and dynamic). In our model, we also took advantage of the extensive research on quality processes to help in configuring correct reputation values. We have achieved this by presenting a new form of reputation value: reputation object. This object holds information on the reputation of an entity in multiple contexts. This helps opening the online market to a context-aware competition between service providers, and customers can select their provider according to their customized needs.

This paper discusses the meaning and the role of trust and reputation in Internet of Service and e-commerce. The discussion build up to the goal of using our model of reputation objects to enable usage control. We elaborate on our previous work in the model and in usage control, and then relate both works at the end of the paper. This work follows the methodology of a comparative case study [19]. Following the work of Eisenhardt, we will compare two use cases, both covering the issue of trust and reputation problems through qualitative observations. …