Reflections on: Trust management on the World Wide Web
First Monday

Reflections on: Trust management on the World Wide Web by Rohit Khare

This paper is included in the First Monday Special Issue #6: Commercial applications of the Internet, published in July 2006. Special Issue editor Mark A. Fox asked authors to submit additional comments regarding their articles.w

Read the original article here

Almost a decade later, the most glaring omission of our vision for a more trustworthy Web was its failure to emphasize human-computer interaction issues — the vibrant new field of usable security. For my own part, I see how it presaged my later research interest in decentralized systems, towards the CommerceNet Labs credo of “making software that works the way society works.”

This paper grew out of the first author’s work from 1995-97 helping start the World Wide Web Consortium’s security activities at MIT. One of his first assignments was, coincidentally, liaison with CommerceNet’s working groups on cryptographic protocols for securing HTTP (RFC 2660), and later for electronic payments. This paper was a précis of a broader survey of all the arenas W3C got involved in for the quarterly World Wide Web Journal (W3J), published jointly with O’Reilly & Associates. As such, it posits a perhaps too-neat re-factoring of the issues to relate a laundry list of then-current initiatives to each other. Needless to say, more than a few of them fell short (SPKI), failed to gain wide adoption (PICS), or vanished entirely from the scene (S-HTTP).

“Browsers are such general-purpose interfaces to the Web that they cannot afford to customize their behaviors to the context or content of a particular transaction.” That’s all we said then about a topic that’s now driving some of the most innovative work in computer security. Spam was the problem of the moment; the term “phishing” had barely been invented. More by chance than forethought, though, this lone sentence captured what I believe today is the essential challenge: a plastic medium for presenting information is necessarily at odds with a static medium for memorializing trustworthy transactions. If anyone can whip up the look-and-feel of a banking site, nobody can.

A subsidiary user interface issue that the article failed to point at was CAPTCHAs: differentiating human principals from robotic ones. This has led to another rich vein of research in adversarial information retrieval and the even more general problem of distinguish flash crowds from distributed denial of service attacks. This paper did not consider the effects of coordinated attacks by multiple principals.

One key recommendation this paper made was to promote rule-driven policy automation. While this concept is firmly entrenched in network-level defense, it is rarely seen at the application-layer, such as to detect and prevent abuse of an accounting system by legitimately authorized users. PolicyMaker and its descendants are still not common tools for software architects; PACE is one such proposal for managing trust relationships between software components at design- and run-time.

After writing this paper, the first author increasingly turned away from basic research in computer security to focus on software architecture: the study of how we can offer constraints on the composition and connection of software components to encourage or enforce desirable properties of the assembled system. The REpresentational State Transfer (REST) style of the Web is one of the most-talked about examples, for explaining the unprecedented scalability and flexibility of HTTP-based systems. However, REST is derived from a traditional client/server style, and the Web of Trust vision suggests a more peer-to-peer style.

Against this backdrop, the themes of this paper resurfaced in the development of a new style for decentralized systems (ARRESTED) that extended REST to reason about how consensus emerges between multiple, independent agencies. Today, many of society’s essential trust decisions about the Web are subsumed by search engines; they do a better job than we ever thought possible of promoting trustworthy content and at least a plausible job of minimizing spam. But placing all our eggs in a few search engine operators’ baskets can risk backsliding from delegation to abdication, as recent controversies over censorship of results in China has highlighted. A world in which the only alternative is to pay for an (expensive!) crawl of one’s own, with its attendant limitations on freshness and breadth suggest that there is still ample room for innovation, into event-driven (“push”) architectures, into reputation management by way of social network analysis, and other new technologies for safely harnessing the power of the Web, warts and all.

Like Dr. Khare’s former W3C colleague Joseph Reagle’s retrospective commentary pointed out “The expectation that [augmenting social relations with technology] could be done with cryptographic systems may now, 10 years later, seem overly ambitious.” Today, it seems equally optimistic to hope that “Computers can alter the equation only by substituting the explicit power of cryptography for the implicit power of psychology.”End of article


About the authors

Rohit Khare is the Director of CommerceNet Labs, which is investigating decentralized electronic commerce. Prior to that, he founded KnowNow in 2000 based on his doctoral research at the Bren School of Information and Computer Science at the University of California, Irvine. There, he studied the development of application-layer Internet protocols and architectural styles for decentralized systems with Prof. Richard N. Taylor, for which he won an ACM SIGSOFT Distinguished Paper Award and was nominated for the ACM Distinguished Dissertation Award.

Dr. Khare's participation in Internet standards development with world-renowned technical teams at MCI's Internet Architecture group and the World Wide Web Consortium (W3C) at the MIT Laboratory for Computer Science, where he focused on security and eCommerce issues, led him to found 4K Associates, a standards-strategy consultancy, as well as editing the World Wide Web Journal (W3J) for O'Reilly & Associates. Rohit received his B.S. in Economics and in Engineering and Applied Science with honors from Caltech in 1995 and his Master's and Ph.D. in Software Engineering from UC Irvine in 2000 and 2003, respectively.

Adam Rifkin is currently Founder and  CEO of Renkoo in Palo Alto. He received an M.S. in Computer Science from the California Institute of Technology, after which he founded KnowNow with Rohit Khare.



Contents Index

Copyright ©2006, First Monday.

Copyright ©2006, Rohit Khare.

Reflections on: Trust management on the World Wide Web by Rohit Khare
First Monday, Special Issue #6: Commercial applications of the Internet (July 2006),

A Great Cities Initiative of the University of Illinois at Chicago University Library.

© First Monday, 1995-2019. ISSN 1396-0466.