1. Field of the Invention
This invention relates to evaluating trust and transitivity of trust of online services.
2. Description of the Related Art
Traditional trust relationships between business parties are based on legitimate physical identities such as shopfront. This physical manifestation is in contrast to an electronic commerce (eCommerce) environment on the Internet, where business providers and consumers identify each other by their web sites, email addresses or some electronic means such as a public key or certificate. These changes have brought about a new set of electronic threats and risks. Examples of such risks include fraud, misuse of personal data (e.g. credit card number), deliberate misinformation (e.g. the content of web documents), web spoofing (e.g. mimic legitimate businesses to unlawfully obtain consumers' credit card numbers), eavesdropping, identity theft, and repudiation. These risks represent elements of uncertainty in the eCommerce environment, which can produce financial losses and other undesirable results. As a result of these risks, there is an increasing awareness among web users of the issue of authenticity: of business partners, service providers and product information.
To limit or better deal with these elements of uncertainty, trust has been identified as an important concept in eCommerce. The trustworthiness of web documents is an increasing factor affecting the rate of growth of eCommerce. From an eCommerce perspective, trust can be seen as a counterweight to elements of uncertainty. eCommerce trust can be tentatively defined as: a culturally (e.g. as in web communities) subjective view and perception (and expectation) of honesty and lawfulness by others. Different web communities may have different conceptual interpretations and definitions of trust. The meaning of trust in the context of eCommerce is still evolving along with the web environment and technologies.
Several public key infrastructure (PKI) trust models (such as X.509, PGP, SDSI/SPKI) have been developed, which involve digital signatures and other security services such as authentication, authorisation, access-control-list, privacy. The major industrially adopted PKI trust models are primarily hierarchically structured (e.g. X.509) to form a vertically trusted environment. However, in contrast to the hierarchical PKI trusted environment, most web documents are hypertext linked to form a horizontally (or web) referral environment. The nature of web documents requires an additional way to propagate trust from a parent (or root) web document to their signed or unsigned offspring web documents, giving rise to a heterogeneous trust environment on the Internet.