Trust management for e-transactions

There has been enormous increase in transactions and cooperative-computing services on the internet. This is both a technical and a social phenomenon. Transactions and services over the internet have global reach and users, known or unknown to the service provider, might be interested in availing access or participating in the cooperative transaction in a distributed manner. Thus, it is very important for service providers to identify and establish trustworthiness of potential collaborators, which they do by writing contracts (e.g. access control, security policies; the words contract and policy are used interchangeably) without violating the privacy and confidentiality laws that prevail across geographical boundaries. But as the system becomes complex and dynamic, contractual incompleteness arises since it becomes cumbersome to mention potentially large set of outcomes of the user's choice of action. Trust plays a crucial role in the design of optimal contracts; not all the relevant, valuable information on the user's choice of action is incorporated in the equilibrium contract. It may also be noted in that traditional transactions, the notion ofseeing is believing plays a vital role. However, in e-transactions, this is not the case. The challenge is to see how in such a scenario trust can indeed be generated. Note that the presence of trust facilitates cooperative behaviour and allows for exchange to occur in situations where its absence would preclude trade. In this paper, we shall present a comparative analysis of various approaches of trust management in practice that integrates technology with other factors. We shall also bring out the relative deficiencies and how these issues are tackled in our ongoing work that facilitates execution of optimal contracts.

[1]  Sharon L. Milgram,et al.  The Small World Problem , 1967 .

[2]  Philip Zimmermann,et al.  PGP source code and internals , 1995 .

[3]  Bruce Christianson,et al.  Why Isn't Trust Transitive? , 1996, Security Protocols Workshop.

[4]  Joan Feigenbaum,et al.  REFEREE: Trust Management for Web Applications , 1997, Comput. Networks.

[5]  Joan Feigenbaum,et al.  The KeyNote Trust-Management System , 1998 .

[6]  Joan Feigenbaum,et al.  Compliance Checking in the PolicyMaker Trust Management System , 1998, Financial Cryptography.

[7]  Oliver Hart,et al.  Foundations of Incomplete Contracts , 1998 .

[8]  Frank Stajano,et al.  The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks , 1999, Security Protocols Workshop.

[9]  Atul Prakash,et al.  Antigone: A Flexible Framework for Secure Group Communication , 1999, USENIX Security Symposium.

[10]  J. Feigenbaum,et al.  The KeyNote trust management system version2, IETF RFC 2704 , 1999 .

[11]  Rajeev Motwani,et al.  The PageRank Citation Ranking : Bringing Order to the Web , 1999, WWW 1999.

[12]  Joan Feigenbaum,et al.  The KeyNote Trust-Management System Version 2 , 1999, RFC.

[13]  Mark S. Miller,et al.  Capability-Based Financial Instruments , 2000, Financial Cryptography.

[14]  W. Ford,et al.  Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption , 2000 .

[15]  Jon M. Kleinberg,et al.  The small-world phenomenon: an algorithmic perspective , 2000, STOC '00.

[16]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[17]  Ronald L. Rivest,et al.  Certificate Chain Discovery in SPKI/SDSI , 2002, J. Comput. Secur..

[18]  R. Chen,et al.  Poblano A Distributed Trust Model for Peer-to-Peer Networks , 2001 .

[19]  Ramon Casadesus-Masanell,et al.  Trust and Discretion in Agency Contracts , 2001 .

[20]  Sun Meifeng,et al.  KeyNote Trust Management System , 2002 .

[21]  Hector Garcia-Molina,et al.  The Eigentrust algorithm for reputation management in P2P networks , 2003, WWW '03.

[22]  Jonathan S. Shapiro,et al.  Paradigm Regained: Abstraction Mechanisms for Access Control , 2003, ASIAN.

[23]  R. Shyamasundar,et al.  ROADS: Role-based Authorization and Delegation System , 2003 .

[24]  Ling Liu,et al.  A reputation-based trust model for peer-to-peer ecommerce communities , 2003, EC.

[25]  Georg Lausen,et al.  Spreading activation models for trust propagation , 2004, IEEE International Conference on e-Technology, e-Commerce and e-Service, 2004. EEE '04. 2004.

[26]  R. K. Shyamasundar,et al.  An efficient, secure and delegable micro-payment system , 2004, IEEE International Conference on e-Technology, e-Commerce and e-Service, 2004. EEE '04. 2004.

[27]  R. K. Shyamasundar,et al.  Towards a Flexible Access Control Mechanism for E-Transactions , 2004, EGCDMAS.