9 May 2008

Joint iTrust and PST Conferences on Privacy, Trust Management and Security

IFIPTM 2008 Call for Participation

----------------------------------------

Joint iTrust and PST Conferences on Privacy, Trust Management and Security

June 18-20, Trondheim, Norway

http://www.ntnu.no/videre/konferanse/IFIPTM08/index.html

The registration is now open.

Conference Program: http://www.ntnu.no/videre/konferanse/IFIPTM08/program.html

Registration: http://www.ntnu.no/videre/konferanse/IFIPTM08/registration.html

Co-located Workshops:

· Context-awareness and Trust (CAT08): http://cat08.telin.nl

· Web 2.0 Trust (W2Trust): http://www.sis.uncc.edu/~mshehab/w2trust/

· Sustaining Privacy in Autonomous Collaborative Environments (SPACE): http://secml.otago.ac.nz/privacy2008/

· Trust in Mobile Environments: http://time08.cs.ucl.ac.uk/

Please note that EUROPKI Conference will also take place in Trondheim from June 16 to June 17. IFIPTM and EUROPKI offer discounts if you attend both conferences. EUROPKI Registration: http://www.item.ntnu.no/europki08/registration.php

Hope to see you in Trondheim!

General Chairs:
Peter Herrmann, The Norwegian University of Science and Technology, Norway,
herrmann@item.ntnu.no
Christian Jensen, Technical University of Denmark, Denmark,
christian.jensen@imm.dtu.dk

Program Chairs:
Yuecel Karabulut, SAP Research, USA,
yuecel.karabulut@sap.com
John Mitchell, Stanford University, USA,
mitchell@cs.stanford.edu

23 April 2008

Social Capital Gateway - literature resource

Found this by chance: Social Capital Gateway is a nice resource on the subject by PhD student Fabio Sabatini.

28 March 2008

Goodbye, Torrentspy

This summary is not available. Please click here to view the post.

Reputation and Maintaining State

I came across Alex Bunardzic's blog on Online Identity and reading it gave me a new perspective on online reputation, and that is state. Here's a brief brain dump (if there is interest and/or further mulling over this, I will expand on this post)

Trust, reputation identity = someone's collection of attributes

... the Need to remember an object or person's history and attributes that may change over time = state management

... engineering a reputation or identity system becomes a problem of state management

... for embedded systems and connection oriented protocols, state management is already something we do here, e.g. routing algorithms in P2P nets

... the Web is inherently stateless, so maintaining state requires more work

... for engineering an efficient reputation system, the challenge is in state maintenance and optimising state retrieval.

Thoughts?

27 March 2008

Workshop on Trust in Mobile Environments

I'll be reviewing research papers on trust and reputation mechanisms for mobile systems. This is for the Workshop on Trust in Mobile Environments. Looking forward to this as it's one of those areas that is full of creative output at the moment.

25 March 2008

Re-post: answer to "What is a mobile social network"

I answered a question on "What is a mobile social network" on a LinkedIn. My response is copied below, but visit the original post for other replies.

Hi Paul,

Yours is a timely post, and I think your comment spans two broad issues: user experience in a mobile app, and adding a mobility dimension to social networking.
It is getting so much easier now to develop apps for mobile devices, but developers who can build great user experience for the mobile user are still few and far between. Web browsers on mobile devices like the S60 (which uses the same WebKit browser platform as Android) have improved tremendously, and I think this has made developers a bit lazy. This won't last long though as user sophistication will drive the demand for better user experience on mobile devices.

And as you said, eventually "you either need a mobile application or a Web site that has been optimised for mobile phones". I agree, but I think it is becoming increasingly irrelevant whether the app is native to the device or web-based, and platforms like Google Gears and Adobe AIR are blurring the line even further as they let you function online and offline seamlessly.


I see some or all of the following factors (depending on app) as important for user experience, some already mentioned in the replies:


- The ability to discover the user's context and location, either automatically or manually input by the user, and use them to enhance the app's features, like answering your ‘where are you’ question. We don't have to wait for GPS phones for this - look at what the Google Maps people can already do with base-station triangulation: http://www.google.com/mobile/gmm/mylocation/index.html
.

- Making full use of the device's capabilities, taking into account how the user will be using the device. For example, thumbing instructions on the number pad would be better than scrolling to a link using the arrow keys.

- A built in reputation system that will allow the user to query on the trustworthiness of objects and people within vicinity, giving the user an opportunity to gain a comfortable level security before interacting with them.

- The ability to pick up where you left off on your desktop app/wired network and continue your interaction while mobile, as in Pekka's reply.
If you can have an app with those features, an amazing set of opportunities opens up for social networking, like those in the replies and many more yet to be conceived!

To answer your questions...


1. What mobile social networking sites do you like/dislike? As a user, I like Facebook, because it allows me to be lazy at keeping in touch, while at the same time being able to do just that, and to let my friends know what I'm up to at various effort levels (status update, at the very least... send a message if i'm feeling chatty, or post a blog if I have something to get off my chest). As a developer, I dislike Facebook, because while it does give me access to the largest online social network, it is still a closed ecosystem.

2. What’s the one feature you’d like to see in order to get you to use one? Actually, I would like to see my social network opened up and integrated into (or accessible from) all the apps that I'm currently using. I want to be able to forward an email from my Gmail account to a group on Facebook or advertise for post a contract job for a freelance photographer on my Flickr network straight from my Basecamp project page.

@Peter: WiMAX is coming, slowly but surely :). Our WiMAX projects are mainly focused on rural access but our infrastructure partner is part of a group that has just deployed the first mobile WiMAX pilot in Kent: http://tinyurl.com/35g93b

Blogged with the Flock Browser

24 March 2008

Reputation-based systems: a security analysis

This was a paper I co-wrote with a bunch of other contributors working in the trust/reputation and security space: "Reputation-based systems: a security analysis" (PDF). It is a position paper on security issues in reputation systems.

A nice thing that we did in this paper was that we identified concrete use cases for reputation systems to frame our discussions, rather than talking in general but unusable terms that papers of this sort can tend to become. The use cases covered are online markets, P2P networks, spam filters and PKI (my primary area of contribution). The principal threats were then derived from looking at threats to the reputation systems used in these use cases.

Here's the abstract:

ENISA Position Papers represent expert opinion on topics ENISA considers to be important emerging risks or key security components. they are produced as the result of discussion among a group of experts who were selected for their knowledge in the area. the content was collected via wiki, mailing list and telephone conferences and edited by enisa.

This paper aims to provide a useful introduction to security issues affecting Reputation-based Systems by identifying a number of possible threats and attacks, highlighting the security requirements that should be fulfilled by these systems and providing recommendations for action and best practices to reduce the security risks to users.

Examples are given from a number of providers throughout the paper. These should be taken as examples only and there is no intention to single out a specific provider for criticism or praise. The examples provided are not necessarily those most representative or important, nor is the aim of this paper to conduct any kind of market survey, as there might be other providers which are not mentioned here and nonetheless are equally or more representative of the market.

This paper is aimed at providers, designers, research and standardisation communities, government policy-makers and businesses.


Blogged with the Flock Browser

Flock wins Web Award, Community Category

Sometime mid last year I blogged very briefly about my discovery of Flock. I said I would write more about it, but as with all great products that turn into indespensable tools, it merged into my background of online interaction, transparently holding up my silver platter of social network goodies right there in my browser.

Not surprisingly, this year, they are winner of Best in Community at SXSW.

For me, Flock has been my default browser since I started using it, with my Blogger, flickr and twitter accounts always on and ready for the next post directly within the browser.

I do have one gripe with it - the del.icio.us bookmarker. It doesn't show me the recommended and community tags for a particular link, which I do miss. It is really useful to see what tags you already have and what other people are using to tag the same link. I use del.icio.us a lot and for it I still use the del.icio.us Firefox add-on.


Blogged with the Flock Browser