OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Web service and Semantic Web

That is the credibility issue.  It cannot be decided 
apriori.  You do as you would in a face to face negotiation 
where no trusted provider (eg, a keiretsu member) already 
exists (in western terms, a sole source providcer) or for 
which no prior record of authority exists that attests to t
the credibility of the provider (eg, a business reference):

1.  Discover an entity that claims to provide a service 
in a claim language you recognize.  This may be in response 
to a query that serves the same function as a Request for 
Information.  Note that this is as far as discovery systems 
go.  In the next steps, you use a defined business *protocol* 
which I will now describe in limited terms as a set of 
negotiation processes which can vary from company to 
company or business to business but which must be worked 
out in advance.

2.  Engage in a negotiation for the terms and conditions 
of the named service.  This may be by evaluation of a 
result from a query that serves the same function as a 
Request for Proposal.

3.  Conduct a process that narrows the applicants to a 
select list of finalists.  You may at this time use 
business references as a means to assess credibility.

4.  Conduct a process that negotiates the final terms 
and conditions of the offering.  These come in the Best 
and Final Offer (BAFO) document equivalent.

5.  Conduct a process to select the final candidate.  This 
candidate and your company then engage in the process of 
scripting the contract for the service.  Note carefully 
that it is this contract which authoritatively describes 
and limits all quality of service and option conditions 
for performance of the service.

Authority is conferred by behavioral fidelity.   You must 
interogate a system to engage a negotiation, then play 
tit for tat.  Unless the source is a trusted provider 
before engaging the service, you must initiate a means 
to confer authority by reference (eg, using the reference 
of another entity to which a service was provided) or 
by testing and proving the service before conferring 
authority as attested to in the record of authority.

Len Bullard
Intergraph Public Safety

Ekam sat.h, Vipraah bahudhaa vadanti.
Daamyata. Datta. Dayadhvam.h

-----Original Message-----
From: URAMOTO Naohiko [mailto:uramoto@trl.ibm.co.jp]

In the Web Service, input and output schema is fixed and can be trusted with
digital signatures, but the result of services (quality of services) might
not be trusted.

Another question is how can we trust the assertions in the global
environment, the Web.

Suppose I want to publish some assertions with digital signature. My digital
certificate is signed by a commercial CA such as VeriSign, but the cert was 
very easy to
get. In this case, can anyone who doesn't know me or my orgnizatoin trust my
We can limit acceptable classes of the certificates or root CAs, but it migh
t compromise 
the advantage of the Semantic Web (network effect). 

Best regards,