Workpackage description: 11: Distributed trust systems

Workpackage number: 11

Start date or starting event: Month 1

Lead Partner: CCLRC (3)

Participant short name:	ILRT	ERCIM	CCLRC	HP	STILO
Participant number:	1	2	3	4	5
Person-months per participant:	10	5	20	0	0

Total number of deliverables: 2

Objectives

Use Semantic Web technology (RDF, RDF Schema) to describe mechanisms for expressing digital signatures and trust relationships
Show how to expose existing trust management systems to the Semantic Web
Build a framework for distributed trust management in Semantic Web applications

Description of Work

The W3C's vision for a Semantic Web describes a world of interoperating systems. Such interoperability is facilitated by RDF and Web-Ontology technologies. In addition, however, interoperating systems need the ability to determine the reliability of information that they glean from third parties; and to store and communicate that measure of trust to other systems. Such abilities must be founded on a solid, cryptographically robust framework that permits the transmission, verification and storage of digitally signed data and metadata.

Trust, signatures, annotation

The widespread availability of powerful search engines has resulted in a glut of information being available to Web users. However, no guarantee as to the accuracy of information available on the Web is available. This workpackage builds on preexisting work in the area of distributed annotation in order to offer one method of coping with this situation: the use of signed third-party annotations to existing Web resources. Users may make signed assertions about the content of Web resources. By chaining together trusted assertions about resources, about a user's expertise in a field, and so on, a third party can come to a decision as to the level of trust to place in that user's assertions about a particular Web resource.

Distributed operations and capabilities

It is not just passive metadata that benefits from a solid trust framework. Interoperating systems need to pass messages between themselves requesting operations to be performed on their behalf. A system receiving such a message needs to: confirm the identity of the message originator; ensure that the originator of that request has the appropriate authorisation for the operation to be carried out. Capability mechanisms offer support for such reasoning processes. In addition, they enable the devolving of authentication and authorisation management across widely distributed systems. If the W3C's vision of large-scale distributed interoperating systems is to be fully realised, such mechanisms must be employed. This workpackage will contrast capability-based and proof-based systems. A toolkit for capability management will be constructed.

Deliverables

Month 23: (11.1: trust_doc) A public report giving implementation experience and advice on the integration of legacy authentication systems with Semantic Web technologies (6 months, report, Pub.)
Month 26: (11.2: trust_impl) Release of an Open Source/Free Software toolkit that implements signature chaining, capability handling and proof-based trust using RDF. (25 months, software, Pub.)