Blog

We argued previously that there is a need for a system of identity for Semantic Web Agents, particularly in the process of making judgements of trust.

Examining the requirements of a system of identity, we recognise that such a system cannot count on universal uptake among Semantic Web agents, and therefore it cannot require each agent to state an identity for itself. Additionally even if universal uptake could be relied upon, we cannot count on the honest and benevolent behaviour of every Semantic Web agent. Thus, as we briefly mentioned at the end of our previous post, a system of identity for the Semantic Web must be primarily built around observable characteristics as a measure of identity.

As an analogy; when surfing the Web you would not rely on a Website’s claim that it is your bank’s online portal, you would rely on the factors you can observe (such as the domain name and also the digital certificate) to inform your judgement. Digital certificates are especially important if you are connected to the Internet over an untrusted network connection.

Building on our earlier example of a rudimentary HTTP-based Semantic Web agent, suppose we request a URI from it, and receive some RDF in response. The data we collect about the identity of the agent may look something like the following:

@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>.
@prefix xsd: <http://www.w3.org/2001/XMLSchema#>.
@prefix ex: <http://example.com/ont/>.

_:agent1
	rdf:type 	ex:HTTPAgent;
	ex:port  	80;
	ex:host  	"agent.example.com";
	ex:ip    	"10.0.0.1";
	ex:time  	"2010-04-14T14:37:37Z"^^xsd:dateTime.

Suppose at some later date we again communicate with the agent at the domain agent.example.com, and in the process observe that the DNS entry has changed, and the domain now refers to a new IP address. Do we then consider this to be the same agent which we have previous experience of? Further, is the information we have sufficient to make such a decision? Other attributes may influence the judgement of similarity if they significantly alter the behaviour of the agent, software version numbers or digital certificates, for example.

Returning to our analogy, if your browser stored the credentials for your bank’s online banking portal, you would specify very strict criteria, very similar to what we described above, to dictate which websites are permitted to see this information.

Below follows a second observation record, for an interaction with the same agent at a different IP address.

_:agent2
	rdf:type 	ex:HTTPAgent;
	ex:port  	80;
	ex:host  	"agent.example.com";
	ex:ip    	"10.0.0.2";
	ex:time  	"2010-04-14T14:37:37Z"^^xsd:dateTime.

It is possible to encode our criteria for equivalence using OWL (to some degree) such that a reasoner can identify that two agents are in fact the same entity. This involves declaring a class of all things which meet the criteria of being a particular agent such that those which meet the necessary and sufficient criteria may be considered the same.

Unfortunately the equivalence afforded by OWL causes the effective merging of the identifiers, such that, as below, the metadata from the two different requests becomes inseparable.

_:agent1
	owl:sameAs   	_:agent2;
	rdf:type 	ex:HTTPAgent;
	ex:port  	80;
	ex:host  	"agent.example.com";
	ex:ip    	"10.0.0.1";
	ex:ip    	"10.0.0.2";
	ex:time  	"2010-04-18T10:24:12Z"^^xsd:dateTime;
	ex:time  	"2010-04-14T14:37:37Z"^^xsd:dateTime.

The problem with this approach is not the use of OWL classification (though it is somewhat ill suited to this task), rather it is the result of a simplistic ontology design. We acknowledge that this crude example ontology has many flaws (the assumption that a HTTP agent operates on a sole port and network address, for example), however to fully satisfy our potential requirements we must adopt an event-based ontology design, as these observations are inherently temporal in nature.

Open Data movements are gradually gaining traction; government transparency efforts in the US and the UK have begun to release data-sets, some of which are published in Linked Data form. As the range and variety of Semantic Web data publishers grows, it is increasingly important that we address the problem of trust.

Previously we discussed the challenges of a trust layer for the Semantic Web, and more recently, how we think these challenges should be faced. We are convinced that provenance and reputation information will be a crucial basis for Semantic Web trust decisions.

Reputation and provenance are by no means new subjects in the domain of Computer Science, both are grounded in substantial bodies of literature. Existing techniques will likely require some adaption in order to match the challenges of the Web of Linked Data.

Hartig and Zhao‘s provenance vocabulary for Linked Data does exactly this, taking existing provenance techniques in a Web-friendly direction, recognising the distinctions between data curation, publishing and access. To do similar for reputation mechanisms will not be prohibitively difficult, however there remains a missing piece of the technological puzzle: a system of identity.

A notion of identity is necessary for any judgement of trust in order to fully link together available information. The FOAF vocabulary gives us identifiers for people, and the FOAF+SSL proposals allow us to prove the ownership of (Web of Trust, or PKI style) digital certificates, however there is of yet no accepted means of identifying a Semantic Web software agent (e.g. a Webserver) beyond the foaf:Agent type.

In order to properly describe the identity of a Semantic Web agent we require more information than a single URI. For example, in the case of a HTTP-Based Semantic Web agent (a Webserver), metadata such as the hostname and network port is to some purposes integral to the identity of the agent. To avoid coining a new identity with every HTTP request we must have some criteria by which we judge that the other parties of different data exchanges are the same entity.

An important point to make here is that we cannot rely on declarative identities, that is we cannot count on universal uptake among Semantic Web agents of a vocabulary in which to assert identity. Thus an appropriate identity mechanism must consider both observational identities (identities coined by another agent based on its observations) and declarative identities.

Previously we explored the challenges of trust on the Semantic Web and described our take on how we might go about engineering a trust layer for the Semantic Web technology stack. This post elaborates on the challenge of making a judgement of trust.

Recalling the two questions posed in the previous post:

1. Can I rely on this piece of information?
2. Can I trust this service provider?

As we observed previously, both questions call for a judgement to be made based on available information.

Consider the first question, of whether to rely on — and therefore trust in — a piece of information. We believe this decision should be based on the level of belief that is held in that statement. Furthermore, our level of belief in a statement should be grounded in an assessment of its credibility and plausibility.

To clarify further, we consider the credibility of a statement to be an assessment of the reliability and trustworthiness of the agents and processes involved in its assertion. Such an assessment would likely include analysis of the provenance data associated with the statement, as well as a review of reputation information and first-hand experiences of the actors and processes involved.

With respect to plausibility, we consider it to be a measure of how likely a statement is to be true, against the background of our existing knowledge, taking into account confirmatory or contradictory knowledge and trends.

The second question has much in common with the first; while the primary concern of the judgement is over the expected behaviour of the service provider, it too must be concerned to some degree with the provenance of information. Reputation information is valuable in judging expected behaviour and facilitates interactions with yet un-encountered providers, however the provenance of reputation information is also important because disreputable sources may provide fraudulent information when collaborating with disreputable service providers.

Therefore, if we are to construct an ecosystem of Semantic Web technologies in order to engineer trust as a macro phenomena, we must first engineer robust provenance and reputation systems for the Semantic Web.

Trust has long been foreseen as challenge for the Semantic Web research community, appearing in the upper echelons of the Semantic Web Layer Cake technology stack, however Semantic Web research around the topic of trust does not seem to have a clear idea of what exactly this challenge is.

Jen Golbeck‘s prominent work with Semantic Web technologies has harnessed trust within social networks, putting it to tasks such as Email filtering and film recommendation, unfortunately this does not really shed any light on the role trust might play in the Semantic Web technology stack.

If we unpack our expectations of a Semantic Web trust layer, taking the time to consider what we expect it to achieve,  by what questions we wish to be able to ask of it, we generally arrive at two questions:

1. Can I rely on this piece of information?
2. Can I trust this service provider?

These two questions are fundamentally different; the first pertains to the truth of a piece of information, whereas the second concerns the probable behaviour of another agent. However both are similar in that they require a judgement to be made based on information such as provenance and reputation.

To construct a trust layer we require both the capacity to make such judgements and the information on which to ground such decisions, both of which represent sizable research challenges.

The Semantic Web trust layer will not be a single technology, rather a collection of interacting techniques and standards whose emergent macro phenomena we must engineer to be trust.