1 / 16

Open Reputation Systems

Open Reputation Systems. Overview. OASIS ORMS (Open Reputation Management Systems) introduction Use cases, requirements and model ENISA Paper on Security Issues in Reputation Systems Some thoughts on reputation standardisation. OASIS - ORMS. Goal: Definition of a portable reputation format

faunus
Download Presentation

Open Reputation Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Open Reputation Systems

  2. Overview • OASIS ORMS (Open Reputation Management Systems) introduction • Use cases, requirements and model • ENISA Paper on Security Issues in Reputation Systems • Some thoughts on reputation standardisation

  3. OASIS - ORMS • Goal: Definition of a portable reputation format • Process: • Use-case definition for reputation management • Reference/standard model • Flexible reputation data model • Framework and protocol/s for exchanging and porting reputation data (SAML/IDP based) • Evaluation algorithms for mapping reputation to risk / risk levels • Support for privacy, multiple identities, identity resolution

  4. Use-cases 1 • Seller reputation • Peer-to-peer • Key management • Anti-spam/IP reputation

  5. Use-cases 2 • Content filtering • Avatar Reputation • Social Network Peer Reputation • Unified Communications (IM, SPIT/SPIM etc…)

  6. Requirements

  7. Modelling Reputation in a Standard -Thoughts

  8. Reputation is an aggregation of opinions about an assertion Assertion – Bob is a bad husband Assertion – Bob is a good laptop seller Score 0.2 – i.e. He is not a good laptop seller Score 1 – i.e. He IS a bad husband

  9. The anatomy of reputation – personal view Assertion – Bob is a good laptop seller

  10. Reputation Thoughts • If reputation is an aggregated opinion about an assertion – why not integrate with SAML and IDP infrastructure? • Reputation votes should be separated from the algorithm used to compute it • Mean score • 2nd order reputation • Reputation Context => Same vote set can be interpreted differently

  11. Reputation Thoughts • Model must allow for so-called 2nd order reputations (scores which take into account the reputation of the voter) • Rating context should be taken into account – time/date, authentication method/token etc...

  12. Security of Reputation Systems • ENISA paper – a security analysis of reputation systems http://enisarep.notlong.com

  13. Typical security vulnerabilities need to be addressed: • Collusion–voters agree to target a victim • Denial of reputation – campaigns against an individual • Whitewashing (cancelling a bad reputation) • Sybil attacks (creating multiple identities to vote – e.g. Ebay 1 cent items voted on by seller)

  14. Take home messages • ORMS is working towards a global portable reputation standards. • Reputation is just another kind of assertion • Importance of including features like authentication, privacy, 2nd order reputation • Importance of addressing security issues.

  15. ?

More Related