Child pages
  • Measuring elements of Trust
Skip to end of metadata
Go to start of metadata

Introduction

[1] Trust is first of all a mental state, an attitude towards another agent (usually a social attitude). Delegation necessarily is an action, a result of a decision, and it also creates and is a (social) relation among X, Y, and the action A.

TBD

Considerations on UMA Trust Model

UMA trust model can be showed through the tree phases of the entire process:

  • Subject Registration, which is referring for creating trust relationships between the Subject towards AM, and Subject towards Host, and vice versa. 
  • Host Introduction, which is referring for establishing trust relationship between Host and AM, brokered by the Subject, in order to allow Host to delegate authorization decision to AM during the data sharing process.
  • Data Sharing constellations, which is referring for delegating a third-party (Requesting Party) to access web resource.

The first two phases can be consolidated in a unique and fundamental element that we call Bootstrapping Trust.

Trustworthiness Factors

Through UMA, which is an user centric Identity management system, a Subject is able to control what information will be revealed for what purpose with which parties. Based on these elements, the following table describes the main factors that we consider relevant to measure the level of trustworthiness for each party involved in the protocol: 

items

Factors

Description

Quantitative

Qualitative

Typology

TF1

Level of Assurance

 

1-4

-

Technical and
organizational
procedure

TF2

Privacy Impact

 

Low=0, Medium=1,
High=2

Yes

User Privacy

TF3

Country Privacy
Regulation

 

-

Yes

Compliance

TF4

Term of Service

 

-

Yes

Legal

TF5

Reputation

 

-

Yes

Social

TF6

Maturity Level

 

-

Yes

Security

Bootstrapping Trust

Bootstrapping trust in UMA is referred to the initial process to create a trust relationship among the three main parties: Authorizing User, Host and Authorization Manager.

The following picture shows the possible alternative approaches applicable to UMA protocol:

  1. Self-Registration -> A
  2. Affiliate Registration through standard Identity technologies (SAML, OpenID, etc.) -> B
  3. Trusted Framework -> C

Bootstrapping Trust is the fundamental phase where the subject builds his (trust) mental state towards other agent (Host, AM), evaluating the trustworthiness factors.

Evaluating data sharing trust

UMA Data sharing process is based on three actions of delegation:

  • Access
  • Authorization
  • Consent

Delegation can be represented as a vector in a Cartesian plan (X-axes: Level of trustworthiness between the delegator and delegated agent, Y-axes: level of delegation, based on the iterative process of the protocol), which has initial point (delegator), a terminal point (delegated agent), a length and a direction. 
The following picture shows the Cartesian plan representing a person-self sharing constellation: 

The level of trustworthiness of UMA actors is calculated based on trustworthiness factors. For instance, in the person-self sharing constellation, we assume that the distance between Authorization Manager (AM) and Authorizing User (AU) is equal to 0, this is the highest level of trust that AU relays on AM, considering all the trustworthiness factors (qualitative and quantitative), which are evaluated during the Bootstrapping trust phase.

In the picture are represented the following delegation’s vectors:

  • Vector V1 represents the delegation of the action “Access” from Authorizing User (delegator) to Requester (delegated agent).
  • Vector V2 represents the delegation of the action “Authorization” from the Host (delegator) to Authorization Manager (delegated agent).
  • Vector V3 represents the delegation of the action “Consent” from the Authorization Manager (delegator) to Authorizing User (delegated agent).

The degree of trust of the entire process of data sharing can be calculated as length of resulting vector from summing delegation’s vectors (V1+V2+V3):

Without direct Authorizing User Consent

V1+V2 = (2,1)+(-1,1) = (1,2)

Degree = Length (V1+V2) = 2.23

With direct Authorizing User Consent

V1+V2+V3= (2,1)(-1,1)(0,-2) = (1, 0)

Degree = Length (V1+V2+V3) =  1

 

Reference

 [1] T3 Trust theory http://www.istc.cnr.it/T3/trust/pages/delegation.html

  • No labels