Abstract
Trust is essential in the e-business world: to allow the cooperation needed in this setting, independent service providers have to trust each other and, also, end-users have to trust service providers. Trust Management, i.e. the process of establishing trust amongst the parties involved in a transaction, can be carried out using different approaches, methods and technologies. The end-user is an important party involved in this process. Trust Perception models attempt to understand the end-user’s point of view and the pattern he adopts to trust a service over the Internet. In this chapter the authors provide a state of the art for Trust Management in e-business. They review the most important Trust Management technologies and concepts including credentials and PKI, reputation, authorization and access control, trust policies, and trust languages. A conceptual map is presented clarifying the meaning and the links between different elements of a Trust Management system. Moreover, the authors discuss the end-user’s Trust Perception. The chapter presents a literature study on Trust Perception models and introduces the new model, able to list the trust signals the end-user considers to make trust decision. Examples of such signals can be the reputation of a website, the use of security protocols, the privacy policies adopted, and the look and feel of its user interface. Finally, the directions of future work are presented, and conclusions are drawn.
TopIntroduction
An increasing number of business transactions are daily carried out over the Internet, showing the growing importance of e-business. However, to fully exploit the potential of e-business, mechanisms to establish trust amongst the parties involved in the transactions are needed. The need for such mechanisms brought the research community to face with the so called Trust Management (TM) problem, i.e. the problem of establishing trust for internet applications.
Trust is an extremely complex concept that has attracted the attention of scientists from different fields. Several trust definitions, coming from the (field of) social science, focus on how humans build up trust and define it in terms of expectation (Mui, Mohtashemi, & Halberstadt, 2002), (Rotter, 1971), vulnerability to action of others or risk (Mayer, Davis, & Schoorman, 1995). The sociologist Ermisch asserts that a person “trusts someone to do x” if he/she acts assuming that two conditions hold: i) if the trustee (the person that is trusted by someone) fails, then the trustor (the person who trusts someone) would have done better to act otherwise, and ii) the trustor action gives to the trustee a selfish reason to do not do x (“if I hadn’t lent her the money she could not have cheated me”) (Ermisch, Gambetta, Laurie, Siedler, & Noah Uhrig, 2009). Ermisch also observes that “(trust) someone doing X does not necessarily extend to trust in that same person doing Y”. Trust is therefore a directional relationship, going from a trustor to a trustee, and dependent on the context (Jøsang, Keser, & Dimitrakos, 2005). Mutual trust is established when the parties trust each other: this plays an important role in e-business where mutual trust is necessary to carry out business transactions (e.g. vendors trusting buyers and vice versa).
Trust is an important factor in business, allowing collaboration amongst entities that need to cooperate as it happens in the standard value chain. Trust amongst off-line entities (e.g. human-to-human) is hard to establish and requires, both, time and effort, but it is even harder to build when interactions take place online, between parties unknown to each other. Trust Management systems, handling trust for internet applications, are thus of great importance in this setting.
Let us introduce a scenario that can help to understand what a Trust Management system is, how it works, which its core components are, and how these components interact. In the scenario, depicted in Figure 1, Alice approaches an on-line travel agency to arrange her holidays. Using the agency’s website she starts looking for a flight. Besides the flight, Alice would also like to book a hotel close to the beach and rent a car to easily get from the airport to the hotel. When the travel agency’s website receives Alice’s request, the business process is started. The system needs to contact different service providers in order to present Alice with the most suitable offers. The process involves interactions between the travel agency and the other parties: flight, hotel and rent car service providers to satisfy Alice’s requirements, and the VISATM or the MasterCardTM service provider to process Alice’s payment.
In a scenario like this, how can the agency rely on the information provided by the different service providers? Moreover, how can it be sure Alice’s credit card is valid and Alice is the real owner? To manage these kinds of problems, and to assess entities’ trustworthiness, the travel agency can decide to define some rules as follows:
- 1.
Only flight booking services provided by airlines accredited by the IATA (International Airlines Transportation Association) can be queried for flight offers;
- 2.
Only rental car services provided by rental company affiliated with the travel agency can be queried for rental car offers;
- 3.
Only hotel booking services provided by hotels accredited by BHW (Best Hotels in the World) organization and with a high reputation amongst the agency’s costumers can be queried for hotel booking offers;
- 4.
Only payments from customers holding a valid VisaTM or MasterCardTM credit card are allowed.
Key Terms in this Chapter
Trust: Relationship between two entities, where the trustor (the trusting entity) relies on the actions of the trustee (the trusted entity).
Public Key Infrastructure (PKI): Set of mechanisms providing means to create and manage credentials and digital signatures.
Reputation: Aggregated information reflecting the opinion others have about persons, entities or services.
Trust Policy Language: Language able to express privacy policies.
Trust Perception: User-centric studies, aiming to analyze the factors influencing the trustor in making his/her trust decisions.
Trust Management: Set of mechanisms helping to establish trust over the Internet.
Trust Policy: Set of rules, expressed in a formal way, used to make trust decisions.