[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Web service and Semantic Web
- From: URAMOTO Naohiko <uramoto@trl.ibm.co.jp>
- To: "Bullard, Claude L (Len)" <clbullar@ingr.com>,XML DEV <xml-dev@lists.xml.org>
- Date: Wed, 03 Jan 2001 23:39:08 +0900
Len, thank you very much for your comment.
> That is the credibility issue. It cannot be decided
> apriori. You do as you would in a face to face negotiation
> where no trusted provider (eg, a keiretsu member) already
> exists (in western terms, a sole source providcer) or for
> which no prior record of authority exists that attests to t
> the credibility of the provider (eg, a business reference):
I see. My question is does Semantic Web require a mechanism
of trust establishment as well as digital signature framework.
I think digital signature (and certificates from CAs) is not
enough for trust establishment for assertions, and we need
extra mechanism to qualify assertions scattered on the
Web. If not, we might make trust network in local communities,
but it is very hard to establish Web-scale trust network (which
is a goal of SW), since it is (still) expensive to introduce a trust
establishment system with PKI that can cover whole the Web.
> 1. Discover an entity that claims to provide a service
> in a claim language you recognize. This may be in response
> to a query that serves the same function as a Request for
..
The steps describe how to establish business trading
between business entities that don't know each other.
For example, tpaML (Trading Partner Agreement ML), which
is discussing in the ebXML community, aims to describe terms
and condition for negotiation (I heard tpaML has been renamed,
but I forgot the new name). Do you think such negotiation is
needed for SW?
At 15:49 2001/01/02 -0600, Bullard, Claude L (Len) wrote:
> That is the credibility issue. It cannot be decided
> apriori. You do as you would in a face to face negotiation
> where no trusted provider (eg, a keiretsu member) already
> exists (in western terms, a sole source providcer) or for
> which no prior record of authority exists that attests to t
> the credibility of the provider (eg, a business reference):
>
> 1. Discover an entity that claims to provide a service
> in a claim language you recognize. This may be in response
> to a query that serves the same function as a Request for
> Information. Note that this is as far as discovery systems
> go. In the next steps, you use a defined business *protocol*
> which I will now describe in limited terms as a set of
> negotiation processes which can vary from company to
> company or business to business but which must be worked
> out in advance.
>
> 2. Engage in a negotiation for the terms and conditions
> of the named service. This may be by evaluation of a
> result from a query that serves the same function as a
> Request for Proposal.
>
> 3. Conduct a process that narrows the applicants to a
> select list of finalists. You may at this time use
> business references as a means to assess credibility.
>
> 4. Conduct a process that negotiates the final terms
> and conditions of the offering. These come in the Best
> and Final Offer (BAFO) document equivalent.
>
> 5. Conduct a process to select the final candidate. This
> candidate and your company then engage in the process of
> scripting the contract for the service. Note carefully
> that it is this contract which authoritatively describes
> and limits all quality of service and option conditions
> for performance of the service.
>
> Authority is conferred by behavioral fidelity. You must
> interogate a system to engage a negotiation, then play
> tit for tat. Unless the source is a trusted provider
> before engaging the service, you must initiate a means
> to confer authority by reference (eg, using the reference
> of another entity to which a service was provided) or
> by testing and proving the service before conferring
> authority as attested to in the record of authority.
>
> Len Bullard
> Intergraph Public Safety
> clbullar@ingr.com
> http://www.mp3.com/LenBullard
>
> Ekam sat.h, Vipraah bahudhaa vadanti.
> Daamyata. Datta. Dayadhvam.h
>
>
> -----Original Message-----
> From: URAMOTO Naohiko [mailto:uramoto@trl.ibm.co.jp]
>
>
> In the Web Service, input and output schema is fixed and can be trusted with
> digital signatures, but the result of services (quality of services) might
> not be trusted.
>
> Another question is how can we trust the assertions in the global
> environment, the Web.
>
> Suppose I want to publish some assertions with digital signature. My digital
> certificate is signed by a commercial CA such as VeriSign, but the cert was
> very easy to
> get. In this case, can anyone who doesn't know me or my orgnizatoin trust my
> assertions?
> We can limit acceptable classes of the certificates or root CAs, but it migh
> t compromise
> the advantage of the Semantic Web (network effect).
>
> Best regards,
> Naohiko
>
Naohiko URAMOTO ($B1:K\(B $BD>I'(B)
uramoto@jp.ibm.com
Internet & Language Technology, Tokyo Research Laboratory, IBM Research