Open Reputation Management Systems TC (ORMS) - PowerPoint PPT Presentation


PPT – Open Reputation Management Systems TC (ORMS) PowerPoint presentation | free to download - id: 4b612e-ZWE1M


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation

Open Reputation Management Systems TC (ORMS)

Description: Open Reputation Management Systems TC (ORMS) Abbie Barbir Ph.D. ( Senior Advisor, SOA, IdM, Security Nortel – PowerPoint PPT presentation

Number of Views:85
Avg rating:3.0/5.0
Slides: 17
Provided by: middleware


Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Open Reputation Management Systems TC (ORMS)

Open Reputation Management Systems TC (ORMS)
Abbie Barbir Ph.D. ( Senior
Advisor, SOA, IdM, Security NortelMember of
OASIS IDtrust Steering Committee
  • For information on OASIS IDtrust Member Section
    see http//
  • For more information related to Joining OASIS
    see http//

OASIS and Member Section Background
  • OASIS Mission is to promote and encourage the
    use of structured information standards such as
  • Development, convergence and adoption of
    e-business standards
  • Development of vertical industry applications,
    conformance tests, interoperability
  • Lightweight, open process designed to promote
  • Member Sections (MS)
  • Geared for independent groups interested in
    advancing the intelligent use of open standards
    as well as those seeking to articulate business
    requirements, promote adoption of existing
    standards, or advocate for interoperable
  • MS maintain their own identities as distinct
    organizations while gaining access to OASIS
    infrastructure, resources, reputation,
    administrative support, and expertise

Identity and Trusted Infrastructure (IDtrust)
Member Section
  • PKI Forum migrated to OASIS PKI MS in November
  • PKI MS transformed into IDtrust MS in 2007
  • IDtrust expanded its scope to encompass
    additional standards based identity and trusted
    infrastructure technologies, policies, and
  • Strategic focus
  • Identity and Trusted Infrastructure components
  • Identity and Trust Policies and Enforcement
  • Education and Outreach
  • Barriers and Emerging Issues
  • Data privacy issues
  • Steering Committee
  • Abbie Barbir, Nortel June Leung, FundSERV
  • Arshad Noor, StrongAuth John Sabo, CA, Inc.

IDTrust Summary
  • Current Technical Committees (TCs)
  • OASIS Digital Signature Services eXtended (DSS-X)
  • Advancing new profiles for DSS standard
  • OASIS Enterprise Key Management Infrastructure
  • Defining symmetric key management protocols
  • OASIS Public Key Infrastructure (PKI) Adoption
  • Advancing the use of digital certificates as a
    foundation for managing access to network
    resources and e-transactions
  • OASIS Extensible Resource Identifier (XRI)
  • Defining a URI-compatible scheme and resolution
    protocol for abstract structured identifiers used
    to identify and share resources across domains
    and applications
  • Open Reputation Management Systems (ORMS)
  • (First F2F May1-2, 2008 OASIS Symposium)

  • Learn through the IDtrust Knowledgebase of
    educational materials and background on the
  • Share news, events, presentations, white papers,
    product listings, opinions, questions, and
    recommendations through postings, blogs, forums,
    and directories.
  • Collaborate with others online through a wiki
  • http//
  • For more information contact Dee Schur

Open Reputation Management Systems TC (ORMS)
  • New TC scheduled to have first F2F meeting May
    1-2, Santa Clara, California, USA. See
  • Need established during OASIS IDtrust Burton
    workshop (http//
    t/2007 ) at Catalyst Europe 2007
  • Validated by talks during Catalyst Europe 2007,
    Barcelona and IIW 2007 December meeting
  • Objectives of this talk
  • Present proposed TC charter
  • Getting interested parties involved in TC work
  • Stimulate interest in the work

Need for Reputation Data Framework
  • Reputation
  • Summary of past behavior of a subject within a
    specific context (function of time)
  • Assumes past behavior is indicative of future
  • good reputation increases the trustworthiness of
    an entity
  • Reputation Score can be used as a foundation of
    Trust (within a context/interaction and
    testimonials )
  • Growing in popularity (online/social communities)
  • Many Flavors for providing feedback/reputation
  • Centralized systems (eBay)
  • Decentralized systems ( such as P2P file sharing

Some Examples
  • Filtering out content that does not meet
    reputation criteria through pre-filtering (by
    moderators) or post-filtering (by community)
  • Reputation for content, creators and spaces
  • Objects come with reputation metadata
  • Implies an authoring and management system for
    those metadata
  • Reputation metadata must be trustworthy, i.e.,
    authenticated while respecting privacy
  • Reputation system should be user-centric (i.e.,
    trust decisions are controlled by user) and must
    offer choices for transparency (must not get into
    the way of using content, leaves it to the user
    how to handle trust decisions)

Principles of Reputation
  • Reputation is one of the factors that trust is
    based on
  • Reputation is someone elses story about me
  • Reputation is based on identity
  • Reputation exists in the context of community
  • Reputation is a currency
  • Reputation is narrative (evolves through time)
  • Reputation is based on claims (verified or not),
    transactions, ratings, and endorsements
  • Reputation is multi-level
  • Multiple people holding the same opinion
    increases the weight of that opinion

Source Windley et al
Reputation Management Framework
  • Build a generic open reputation system that is
    robust, scalable, IdM and application independent
    that supports a flexible trust model
  • Data needed for the generation of reputation
  • Cold start problem
  • Supports Multiple computational models
  • Assertions/claims (within a context)
  • Identity linking
  • Portable Data model for users, credentials and
  • Reputation based trust model
  • Trust metrics Verified claims and facts
  • Direct and indirect transactions Third party

Reputation Management Framework
  • Aggregation, Discovery and Storage
  • How reputation scores are generated???
  • Central/distributed
  • Authentication/trust of data and providers
  • Data reputation exchange protocol
  • Overall system security
  • Transparency
  • Users feedback
  • privacy selective disclosure
  • What transactions a user can see
  • Ability to do Self-Assessment

Example of ORMS Interactions
B about C and C about B
ORMS TC Charter
  • Statement of Purpose/List of Deliverables
  • Develop an Open Reputation Management System
    (ORMS) with the ability to use common data
    formats for representing reputation data, and
    standard definitions of reputation scores
  • Will not define algorithms for computing the
  • Allows understanding score relevancy within a
  • Enables deployment of a distributed reputation
    systems (centralized or decentralized)
  • Aggregators/intermediaries be part of the
    business model
  • No tie to a specific IDM, implementers can
    plug-in their identity-schemes to ORMS
  • List of deliverables
  • Use Cases Requirements document Security,
    threats and Risk analysis
  • XML Schema for representing data and Reputation
    Score Assertions/claims (tokens) profiles
  • Protocol for exchanging of data and assertion

ORMS TC Charter (contd)
  • Use Cases and Requirement Gathering
  • Understand business, social impact of such a
    system including security, privacy, threats and
    risks requirements will also be developed
  • Develop Framework for Open Reputation Data
  • Data mining through standard reputation data
    tagging for content
  • Common data models for expressing reputation data
  • Standard way of exchanging reputation claims
    among systems
  • Aggregating reputation data including delegation
    of claims generations and assertions
  • Development of query/response communication
    protocols for exchanging reputation data in a
    trusted and secure fashion

ORMS TC Charter.. (Contd)
  • Out of Scope
  • Algorithms for generating a reputation score
  • Work define a standard way to infer what a given
    score mean but will not specify how to compute
    that value
  • Possible output of the TC work might include
    methods to facilitate the calculation of
    comparisons between score ratings, or operations
    that take multiple scores as inputs
  • Proposed Leadership
  • Co-chairs Anthony Nadalin (IBM), Sakimura Nat
  • IPR Mode RF on limited Terms
  • First F2F meeting May 1-2 2008, Santa Clara
  • TC Home Page http//
  • Select Join this TC button to join
  • Normal approval process is then followed

Next Step
  • Panel Discussion