Social Protocols: Enabling Sophisticated Commerce on the Web
Audience: Students of HLS and MIT 6.805: Ethics and Law on the Electronic Frontier
Goal: Present ideas about social protocols, abstract on technical and
legal design principules and rules of thumb, frame analaytical questions for student
projects.
Anecdotes:
5 Key Points
- web interactions can be as sophisticated as those found in the real world
- but the web requires mechanisms of trusted abstraction, assurance, redirection, and
visual cues
- the key components of this are meta-data, negotiation, and signatures.
- social cues are meta-data! <exclaim>
- meta-data is RDF, based on XML
Abstract: Social Protocols: Meta-data and Negotiation in Digital
Commerce
On the foundations of basic network, meta-data, and negotiation protocols, a
"new" set of protocols, "social protocols," are being built. They are
in fact applications of meta-data and negotiation in order to mimic the social
capabilities people have in the real world: capabilities to create rich content, make
verifiable assertions, create agreements, and to develop and manage trust relationships.
Outline:
- Introduction, what is a social protocol
- Methods of exchanging social cues, and negotiation: Anecdote about interacting with
others (talking to Richard at CFP)
- Real world examples
- Definition
- <smile> (emoticons) XML markup that is a social cues, so is CSS (visual cues)
- Generations of Protocols
- Meta-Data and Negotiation
- Example of a Social Protocol, P3P
Agenda
- Social Protocols Introduction
- 3 Generations of Protocols
- Metadata
- Negotiation and DSig
- P3P and PICS as Social Protocols
Motivation
- At the last CFP, someone asked me what I do, I said "policy analysis," they
said, "you don't look like a policy analyst, where's your suit?"
- the real world has mechanisms for exchanging meta-data about real world objects
(people), and data (the things people state)
this includes the social cues and body language that we take for granted
- Web interactions could be as sophisticated as those found in the real world
Social Protocols
- "technical protocols" typically serve to facilitate machine to machine
communications.
- "graphical user interfaces" serve to facilitate machine to human
communications
- "social protocols" mediate interactions between humans using
computers/networks,
or computer agents acting on behalf of human concerns.
- enable the creation of rich content, verifiable assertions, decisions, and agreements --
to develop and manage trust relationships
- often driven by explicit policy requirements
- the web requires mechanisms of trusted abstraction, assurance, redirection, and cues
- the key components of this are meta-data, negotiation, and trust mechanisms.
Real World Examples
In today's world we use a number of "tools" to create and maintain
relationships:
- value added services
- information seeking and filtering (NYT, CNN)
- assertion systems that are verifiable or even legally binding
- actionable policies (2 out of 3 bank officer signatures required for loans > 50K)
- price lists (LL Bean catalog)
- contractual agreements (employment contract)
- relationship and trust management systems
- reputation and brand creation (seal of approval)
- trusted third parties (letters of credit)
Three Generations of Protocols
Web protocols can be broadly classified into three "layers":
- architectural protocols: HTML and HTTP
- meta-data, negotiation, and signature protocols: annotations, PICS (as spec'd),
XML/CSS/RDF and JEPI/PEP
- social protocols: PICS (as applied), P3P
2nd Generation: Meta-Data Protocols
Meta-data: "data about data" (Web resources).
All of these systems provide some "data about data."
- SGML/XML (structure meta-data)
- CSS/Aural-CSS (presentation meta-data)
- PICS (numerical annotation meta-data)
- RDF (assertions/descriptions meta-data)
(Any data that has a referent is meta-data. The definition of meta-data and semantics
are dependent on the application and respective position of other layers.)
Platform for Internet Content Selection (PICS)
- a machine understandable Web annotation system
- an assertion system
- multiple "rating" systems (referred to as assertion systems, schemas, or
vocabularies)
- multiple distribution mechanisms, including third party label bureaus
XML and RDF
XML is document structure/syntax
- used for creating structured elements beyond those provided in HTML:
<Author>John Smith</Author>
- one could create an emoticon DTD, with documents having actual <smile>,
<frown>, and <grin> tags!
- this could be complemented by style sheets (including aural) which present further
information on how those tags should be rendered (bright, loud, muted, etc.)
XML and RDF
RDF is meta-data about Web resources (anything referable by a URI)
- constrains the XML syntax according to a specified data model, semantics are explicit
- assertions about other documents
<RDF:Description ID="John_Smith">
<BIB:Email>john@smith.com</BIB:Email>
<BIB:Phone>+1 (555) 123-4567</BIB:Phone>
</RDF:Description>
2nd Generation: Negotiation & DSig Protocols
Negotiation protocols allow two agents to flexibly communicate about how they wish to
interact.
- Joint Electronic Payment Initiative (JEPI)
- negotiate which payment system to use between a client and server
- Protocol Extension Protocol (PEP)
- allow client and server to negotiate about how to use HTTP extensions.
DSig
- couples an assertion with a cryptographic signature block
- bridges the gap between second and third generation. First it is an assertion system,
but the semantics of the assertion and the associated "trust" models can be
tailored towards specific applications.
- signed PICS labels, and signed RDF
Third Generation: Social Protocols
Social protocols are the application of second generation protocols towards problems of
social relevance like content regulation, IPR, and privacy.
These tools enable others to create new applications, offer sophisticated services and
to build Web markets.
No complete list of applications, but the determining factor for analysis is the degree
to which the semantics and operation of social behavior/structure are captured within
the data structures and protocol of the application.
It is at this point that social/legal concerns and methods have a critical relationship
to technical design.
Platform for Privacy Preferences (P3P)
Sites make assertions about their privacy practices.
Users express their privacy preferences over those practices.
Negotiation between the site's supported and user's desired practices results in an
agreement.
The interaction between the site and user is flexible. Users can find the level of
privacy most appropriate for their sense of privacy and the type of interaction they wish
to have with that site.
P3P Scenario
- A user sets generic preferences, upon which her agent (browser) automatically acts.
She can now browse the Web seamlessly.
- She encounters a site with "exceptional" practices outside her generic
preferences.
Perhaps a sports news site wants to collect her favorite teams for a customized news
page.
- The user is prompted if she wishes to consider other alternatives, consent to the
exceptional practice, or to go elsewhere.
She can develop a one-to-one relationship with a site she trusts.
To simplify the experience, users also have the option to download recommended settings
from a trusted source.
The users could go to a trusted organization that present practices they feel, if
followed, will keep users safe.
Conclusion: Social Protocols
- A social protocol is not so much an "Internet Control," but a way of using
meta-data and negotiation to control the interactions one has with others on the
Internet/Web.