RECOGNIZE TRUSTWORTHY WEB SERVICES

VIA INSTITUTIONS

Han Jiao, Jixue Liu and Jiuyong Li

School of Computer and Information Science, University of South Australia, Adelaide, Australia

Keywords:

Trust, Trustworthiness, Web service, Institution.

Abstract:

The emergence of web services, which provides ﬂexible but standard methods for heterogeneous entities

interacting with each other, has tremendously revolutionized the communication mode on the Web. However,

due to large scalability and anonymity, it is difﬁcult for web service users to determine the trustworthiness of

web services. This paper introduces a new concept, web service institution, based on which we proposes a

web service trust determination framework. We discuss the necessity of web service institutions that leads to

a win-win situation for all. We devise the core trust computation logic which takes both institution-level and

service-level factors into account. We also discuss several typical use cases.

1 INTRODUCTION

The way people communicate on the web has evolved

rapidly in the past decade. Nowadays, web services

have been proved to be a promising technology for

exchanging information among distributed sources in

a ﬂexible but standard manner.

In such open, distributed environment, trust is rec-

ognized as an important factor to impact the commu-

nication (Gefen et al., 2008). Signiﬁcant effort has

been spent to address the trust issues. At present,

there are two major types of methods for determin-

ing trust, policy-based methods and reputation-based

methods. A good survey can be found in (Bonatti

et al., 2005). However, both of the methods can-

not solve the problem perfectly. Policy-based meth-

ods required uniﬁed methods (languages and proto-

cols) for different web service to communicate. The

shortage is that it is difﬁcult to devise such a uni-

ﬁed method that most web users are willing to accept.

Reputation-based methods, because of their ﬁxed rep-

utation calculation logic, can be easily damaged by

malicious behaviours such as collusion and white-

washing. Those behaviours will mislead users to dis-

honest web services who seem to have good reputa-

tion.

In this paper, we propose an institution-based so-

lution to fulﬁl the gap. The contributions can be

summarized as follows: (1) we deﬁne web service

institution and its function; (2) we identify several

institution-level and service-level trust factors and de-

vise a framework based on them; and (3) we design a

trustworthiness determination logic which integrates

both service-level and institution-level trust factors.

The rest of the paper is structured as follows. In

Section 2, we introduce some trust-related concepts.

In Section 3, we describe the overall architecture and

several key processes. In Section 4, we present trust

impact factors and the trustworthiness computation

logic. Several typical use cases are discussed in Sec-

tion 5. Section 6 gives the conclusion and looks at

future work.

2 RELATED CONCEPTS

The key part in our proposal is the so-called web ser-

vice institution deﬁned as follows:

Web Service Institution (WSI) is a kind of on-line

platform for web services and their users to commu-

nicate in an easy, efﬁcient and trust manner.

WSIs act as a conjunction role between web ser-

vices and their users. Their major functionality is

to make the two parties communicate smoothly. To

achieve this goal, on the one hand, WSIs provide ad-

ministrative support to web services, which include

but do not limit to service registration, service moni-

toring and trust calculation. On the other hand, WSIs

also provide search interfaces to web service users.

The searching function does not simply return a web

service address string with a brief service description.

187

Jiao H., Liu J. and Li J..

RECOGNIZE TRUSTWORTHY WEB SERVICES VIA INSTITUTIONS.

DOI: 10.5220/0003432701870190

In Proceedings of the 13th International Conference on Enterprise Information Systems (ICEIS-2011), pages 187-190

ISBN: 978-989-8425-56-0

 2011 SCITEPRESS (Science and Technology Publications, Lda.)

It contains more information which can reﬂect the

trust status of target web services. Web services regis-

tered in a WSI are not required to be physically stored

together. They are virtually tied up and just need to

The existence of WSIs would beneﬁt all the in-

volved parties. It is a good platform for web ser-

vices to exhibit and advertise themselves. It also pro-

vides convenient ways to search ideal web services

and conveys more information to users. Finally, WSIs

themselves also beneﬁt from linking web services and

users. Usually the provided features of advertisement

and service registration are not free. Therefore, we

can safely conclude that the existence of WSIs brings

win-win situation for all the involved parties.

The advant of WSIs also reﬂects a kind of in-

evitability in the evolution of the web service envi-

ronment. If we view the whole web as a society, as

the amount of resources increasing rapidly, there must

be some effort carved from the whole labours to play

as support roles. This makes parts of the social re-

sources concentrate on collecting service information

and provide searching features. Our proposed WSI

structure is one of them. Therefore, WSIs is also a

natural outcome during the evolution of the web ser-

vice environment.

In general, WSIs build the bridge between web

services and their users. They are virtual organiza-

tions that provide more comprehensive information of

web services to their users.

3 FRAMEWORK

ARCHITECTURE

Our research focus is on facilitating users to deter-

mine trustworthiness of web services via WSIs. In do-

ing so, our framework architecture must accomplish

the following two tasks: (1) enable WSIs to gain in-

formation on web services registered in WSIs; (2) en-

able user to determine the trustworthiness of WSIs.

Bearing these two purposes in mind, we design the

architecture depicted in Figure 1.

The above ﬁgure shows the framework architec-

ture of a WSI and how the whole structure interact

with the current web service environment. To partic-

ipate in a WSI, web services are required to register

via the interface for web services. Registration Man-

ager will pass the information to WSI Database and

Service Status Monitor starts to watch the registered

web services and to record the status information.

When a query comes via the Interface for Web Ser-

vice Users, it ﬁrst goes into WS Search Engine, which

sends request to Service Trust Analyser. Service Trust

Figure 1: Architecture of Web Service Institution.

Analyser will use trust determination logic and the

service status information in the database to calcu-

late the trustworthiness which will be posted back to

the user interface. There is another component called

User Feedback Manager for accumulating user feed-

backs and processing them to form institution-level

trust value.

A user query gets a result with two parts: web ser-

vices information, which includes web service URLs

and trust values for both the web service and the. The

calculation logic of service-level and institution-level

trust will be speciﬁed in the next section.

4 TRUST FACTORS

AND CALCULATION

The trustworthiness of a web service in a WSI con-

sists of two dimensions: the trustworthiness of the

WSI and the web service. Our trust determination

logic uses weighted sum to integrate the two dimen-

sions as below:

T = w

(

∑

) + w

(

∑

) (1)

∑

and

∑

are the sum of the weights

multiplied by the contribution of every trust factor for

the corresponding dimension and satisfy

∑

= 1

and

∑

= 1. w

and w

are the weights of the two

dimensions and their sum also equals to 1. All the

weight values are in [0,1]. Users of our framework

can decide them based on their own knowledge and

perference. In the following parts, we will go through

institution-level factors and service-level factors and

discuss their calculation logics in detail.

4.1 Institution-level Trust Factors

For a WSI, four institution-level factors are dis-

cussed. They are: (1)Processing Efﬁciency, (2) Per-

ICEIS 2011 - 13th International Conference on Enterprise Information Systems

188

ception Deviation, (3)Information Transparency, and

(4) Monitor Effectiveness.

Processing Efﬁciency (PE). PE is deﬁned as the

proportion of the number of on-time returns over the

number of total returns for a WSI. Here we assume

that each WSI has a promised response time, which,

if exceeds, should be regarded as ”fail to complete

jobs in its promised efﬁciency”. If a WSI does not

claim its promised response time, users can deﬁne a

threshold value based on their expectation or actual

situation. We use the formula, C

to calculate

PE, in which δ

is the number of user feedback on PE

saying that a WSI completes its job on time and δ

the total number of user feedback on PE.

Perception Deviation (PD). PD reﬂects the differ-

ence between a WSI’s opinion and users’ opinions to-

wards a speciﬁc web service. Suppose that there are n

web services registered in a WSI. Given two vectors

(ε

, ε

, ..., ε

) and (ε

, ε

, ..., ε

), ε

is the summed

score given by all the users to Web Service i. ε

is the

total number of times of the users who score Web Ser-

vice i. One user can only score 1 or 0 for a web service

at one time to indicate whether the trust value given

by the WSI complies with its own experience. Users

have the same opinion with the WSI if

∑

= ε

. Oth-

erwise, ε

≤ ε

. At beginning of a WSI’s formation,

all the elements in the two vectors equal to 0. When a

user gives feedback to Web Service i, ε

will increase

1 or 0 depending on the user feedback. ε

will always

increase 1. PD is calculated as C

∑

i=1

Information Transparency (IT). IT indicates the

extent of publicity and reliability of the information

released by a WSI. To calculate IT, We ﬁrst classify

information publicity into four different levels: (1)

Absolutely transparent; (2) Key-step transparent; (3)

Key-step partially transparent; and (4) Not transpar-

ent. Level i deserves a score of λ

and follow the con-

dition such that λ

> λ

i+1

. The levels and their scores

are conﬁgurable. Meanwhile, we deﬁne another con-

ﬁgurable parameter denoted as γ, ranging in [0, 1], to

represent information reliability. Information trans-

parency, then, can be calculated as C

∑

j=1

×λ

N×λ

min(i)

where γ

and λ

represents the reliability and public-

ity given by the jth user and N is the total number of

times of user feedback.

Monitoring Effectiveness (ME). ME represents

how effective web services are monitored, which can

be divided into two parts: monitoring frequency (MF)

and Monitoring Coverage (MC). MF stands for the

reasonableness of current monitoring frequency. MC

represents the percentage of web services covered by

the monitoring mechanism. Supposet that N users

have given their feedback. Each user can score 0 or

1 to both sub factors. The total score are denoted by

m f

and κ

. ME is calculated as C

m f

+κ

To integrate the above four institution-level fac-

tors, the trustworthiness of a WSI is calculated as

= w

+ w

, in

which w

+ w

= 1. Users can add

other factors or replace some of them. However, the

newly added factors have to satisfy that the contribu-

tion of the factor C

∗

must be scaled to [0, 1] and the

sum of all the weight values must be 1.

4.2 Service-level Trust Factors

Same as institution-level factors, we captured four

factors at service level. They are availability, relia-

bility, integrity and conﬁdentiality.

Availability. Availability of a web service is the ra-

tio of the period in which the service is accessible

over the total test period. It was listed as a QoS factor

in many literatures (Ran, 2003) (Wang and Vassileva,

2007). Given a certain duration D and a checking fre-

quency f , if we denote the total accessible times in D

as ρ, calculation of availability is C

× f

. Given

different D and f , the availability of a certain web

service at a certain time point may vary. In our frame-

work, these two variables are conﬁgurable.

Reliability. Reliability is deﬁned as the ability of a

web service to perform its functions under promised

conditions and restrictions. We use failure rate to cal-

culate reliability. In duration D

, denote the number

of failed transactions as ϕ

and the number of total

transaction as ϕ

, the reliability can be calculated as

. The cycle duration D

is a conﬁgurable

variabile in our framework.

Integrity. Integrity of a web service is the correct-

ness, compatibility and completeness of transactions

and data processed by the web service. In (Ran,

2003), it is described by the ACID properties (atomic-

ity, consistency, isolation and durability). We use the

following formula, C

= W

to calculate integrity, where all the weights are con-

ﬁgurable and satisfy W

= 1 and V

, V

, and V

are boolean values to indicate whehter

the web service supports the corresponding feature.

Conﬁdentiality. International Organization for

Standardization (ISO) deﬁne conﬁdentiality as ”en-

suring that information is accessible only to those

authorized to have access”. Our calculation is based

on whether the web service support cryptography and

”A-A” (Authentication and Authorization). We use

RECOGNIZE TRUSTWORTHY WEB SERVICES VIA INSTITUTIONS

189

Figure 2: Mock data of the Use Cases.

the formula C

con f

= W

cryp

to calculate

conﬁdentiality, where W

cryp

and W

are the two

conﬁgurable weight numbers of cryptography and

A-A and satisfy W

cryp

= 1. V

cryp

and V

are

boolean values to indicate whether the web service

supports corresponding feature.

The following formula is for integrating the

service-level factors: T

= W

avai

+ W

reli

inte

con f

with the sum of all weights is

equal to 1. This formula combined to the institution-

level formula gives the whole logic for calculating

trustworthiness of a web service in a WSI.

5 TYPICAL USE CASES

Four typical situations are given to guide users on how

to use the proposed framework. An ideal situation is

shown in Figure 2 (a), in which WS p2 gains the high-

est trust score in both of the WSIs. The trust values

of the two WSIs are also relatively high. The user can

easily recognize WS p2 is the good choice. In the sit-

uation of Figure 2 (b), the data provided by WSI B is

more trustworthy than that in WSI A. WS p1 is the

rational choice for users since it gains high scores in

both WSIs. In this case of (c), users have two options.

If the user is conservative, they can directly choose

WS p1. Users can also choose WS b1 to gain better

stability, if they do not provide very sensitive infor-

mation. In Figure 2 (d), WS p1 and WS p2 are top

2 in both WSIs but with different order. In this case,

we suggest users can reset the weights of institution-

level trust factors and put more weights on the factors

that are important in their opinions and re-calculate

the trustworthiness.

6 CONCLUSIONS

In this paper, we present framework architecture of

web service institution to facilitate users determining

trust of web services.We identify several service-level

and institution-level trust factors and create a com-

putational structure to calculate each of the factors

and aggregate the result. Our next step is to do ex-

periments with real data to determine the reasonable

weights under different situations.

REFERENCES

Bonatti, P., Duma, C., Olmedilla, D., and Shahmehri, N.

(2005). An integration of reputation-based and policy-

based trust management. In In Semantic Web Policy

Workshop.

Gefen, D., Benbasat, I., and Pavlou, P. (2008). A Research

Agenda for Trust in Online Environments. J. Manage.

Inf. Syst., 24(4):275–286.

Ran, S. (2003). A model for web services discovery with

qos. ACM SIGecom Exchanges, 4:1–10.

Wang, Y. and Vassileva, J. (2007). A review on trust and

reputation for web service selection. In Proceedings

of the 27th International Conference on Distributed

Computing Systems Workshops, pages 25–, Washing-

ton, DC, USA. IEEE Computer Society.

ICEIS 2011 - 13th International Conference on Enterprise Information Systems

190