Friday, October 28, 2005

 

Trust is a dirty word...?

Ben Laurie has a rant on this, and my comment, which I posted there also, follows.

But you're right. It's another word that has had its apparent meaning augmented and blurred by hype, and its real meaning atrophied by disuse. A big part of what I mean when I say "trusted third parties aren't".

Hopefully the live presentation filled the gaps of meaning in the slides that were intentionally provocative, to shake complacent minds awake. I can at least imagine an interpretation of these slides with which I can strongly agree.

But did he have to quote Ed Gerck? My head still hurts, and that was at least seven years ago...

It is, I agree, very important to agree on consistent meanings of words, and this is the primary point that I take from the presentation. It is also, as I have observed, beyond hope when commercial products are involved, with market positioning by people who generally know and/or care less about such things than about their effect on their audiences' purchasing decisions.

The biggest lesson I have been learning in this area is one that I have learned repeatedly at successively higher levels. At the beginning, it was Carl Ellison's claim that certificate validation is a closed loop, by which I later understood that he meant the same as my "you are your own root" epiphany. In other words, the only party you do ultimately trust, in all of the senses Gollman explores, is yourself.

Later, Rivest and Lampson's SDSI work in 1996, "all names are local", which parallels Carl's points in his earlier musings on the meaning of identity, pointed out the futility of attempting to reconcile subjective points of view into global identifiers, because no one had the necessary objectivity to accept them. Even Steven Kent, the PEM author from BBN, had to admit that there was never going to be a single global naming authority, which was a feature of PEM.

Now, with Semantic Web efforts finding slow adoption, I note that someone (I don't remember who, but I think it was at the Simile project at simile.mit.edu) making the observation that "metadata is in the eye of the beholder", signifying that even meaning itself, and the labels by which it is conveyed, are subjective; hence the PiggyBank project that arranges for semantic maps, correlating one person's meanings to another's.

In every case, trust is a bridge between what you know by experience and what you choose to believe. Gollman explores the many architectures of such bridges, including their foundations, materials, and structures, and as such, helps to explain how one word has acquired so many meanings. English, mongrel that it is, does not have a consistent formal syntax that facilitates distinct expression of different aspects of a concept. For example, I said that trust is a bridge. In common use, it is also appropriate to say that trust is the traversal of that bridge, or the underlying belief that it can be traversed safely and that its far end is where it purports to be.

The need in electronic commerce (by which I mean more than strictly commerce but all of the interchanges, social and commercial, that are newly enabled by networks) is indeed for building "trust", but more precisely for creating trustworthy means of allowing individuals to make reliable informed choices regarding the trustworthiness of information. The more closely and dependably these model familiar mechanisms, of course, the more dependable their use will be.

To tie this all together, then: what is needed is a means for expressing "trust" policies (meaning specifications of logical processes, contexts and conditions yielding particular access-control or acceptance decisions) to a mechanism users can "trust" (to do exactly as told) in a language they can "trust" (i.e. believe that its implications are consistent with their expectations). To achieve this, it (the near end of the bridge) must be solidly anchored in their subjective reality - which means, among other things, that they understand it well enough to use it the way they want to; this, in turn, depends on being able to give things names and meanings of their own, and to specify in detail what kind of attestations they choose to believe, under what circumstances, and from whom. Part of that involves the understanding of at least one other entity's meaning and naming schemes.

A beginning point for understanding such a language and its supporting mechanisms might be to express, in natural language, the exact meaning of the kinds of mechanisms we rely on in the real world, analyze them to understand their contextual assumptions, and see if we can abstract general principles that will allow us to construct templates of decision models.

You might, for example, walk through the door of a fast-food restaurant, glance up at the menu, and ask for a combo, then plunk down the demanded quantity of cash. Why did you do that? Well, in the abstract, you gave something of value in the hope of getting something of (subjectively) greater value. There is a risk, however: you might not get the value you were hoping for. Any number of things could have prevented it, such as: the person waiting on you might have been a stranger off the street; the cooks might be crooked; the beef may be bad; this might not even be the store you thought it was!

You chose to take the risk because you believed, all things considered, that you would get the expected value. In fact, in all probability you didn't even consider most of the possibilities I enumerated above, because your experience told you that the evidence before you - the sign out front, the uniforms and badges, the smell of food cooking, the sight of the food being prepared, the dozens or hundreds of other (presumably) satisfied customers, the fact that it was all public - was consistent with your expectations.

If, on the other hand, you had been led in there in a space suit, with no visual, auditory, or other sensory input from outside except for a communication headset with which you could only hear the supposed counter person, how many of those doubts would occur to you, and how many more that I haven't mentioned? If you knew the person leading you was someone whose character you trust, and whom you knew was not similarly disadvantaged, perhaps none of them. But if you didn't know either their character or their competence, or even their identity... That's the situation we face online today, and a clue to the kinds of mechanisms that must exist to support the same kind of confidence we're comfortable with in live, in-person exchanges.

Comments: Post a Comment



<< Home

This page is powered by Blogger. Isn't yours?