Trust Indicator Modeling for a Reputation Service in Virtual Organizations.
TRUST INDICATOR MODELING FOR A REPUTATION
SERVICE IN VIRTUAL ORGANIZATIONS
Till J. Winkler2, Jochen Haller2, Henner Gimpel1, Christof Weinhardt1
1Information Systems and Management, University of Karlsruhe
Englerstr. 14, 76131 Karlsruhe, Germany
2 SAP Research
Vincenz-Priessnitz-Str. 1, 76131 Karlsruhe, Germany
In today's Internet economy, new business models emerge to respond to business opportunities that one
organization alone can not exploit. Virtual organizations (VOs) are a prominent example for such models
currently investigated in, e.g., collaborative engineering and aggregated services provisioning. The partner
selection process is a problem that needs to be swiftly performed for a VO to become operational. In the global
Internet community, previously unknown partners have to be considered for important business transactions,
taking a risk in expecting partners to behave reliably. A reputation service can help to reduce this risk by
supporting the (automated) decision process of system integrators inquiring about potential partner
organizations. This paper presents a service-based reputation system rooting trust in an organization’s inherent
observable properties, called trust indicators. A taxonomy to classify trust indicators according to their semantic
meaning is proposed. Furthermore, a stochastic trust indicator model based on distribution functions is
presented, taking updates and trust indicator aggregation towards an overall reputation using Bayes theory into
account as well.
Keywords: Trust management, risk management, reputation systems, virtual organization, eOrganisation,
stochastic modeling, Bayesian networks, design science research
Trust became an accredited aspect not only in social, but also in computer science. Virtual organizations (VOs)
are one of the environments where trust is indispensable. A VO is a temporary coalition of otherwise
independent organizations or individuals, collaborating to achieve a goal one party alone could not master.
Typically, a VO follows a phased lifecycle consisting of identification, formation, operation, and dissolution
phase (Strader et al. 1998). The strongest influence of trust becomes apparent in the identification phase,
entailing the selection of suitable VO partners for defined business roles by a VO manager. A VO can be set in
diverse, highly dynamic markets like high-tech industries (e.g. chip manufacturing) or collaborative engineering
in, e.g., the aerospace or automotive industry. Since time to market and thus speed is essential, partner selection
has to take previously unknown partners into account besides already well known ones (Haller 2006).
In this paper, we present a reputation service for VOs. The contribution of the paper is fourfold: it outlines (1) a
set of requirements for trust management in VOs, (2) a taxonomy of objective trust indicators, (3) a model of a
reputation service rooting reputation in such trust indicators, and (4) an implementation as proof-of-concept.
1.1A VO Application Scenario from Collaborative Engineering
To analyze the requirements for a reputation service and its underlying trust management in detail, we present a
motivating application scenario from collaborative engineering in the aerospace industry: An aerospace systems
integrator won an airplane maintenance contract. A VO needs to be formed to analyze the design data, verify the
design or report back flaws and missing details. The following description scopes the scenario to the initial VO
phases, identification and formation, that entail the partner selection process. The systems integrator may act as
the VO manager and triggers the process of VO formation, cycling through above mentioned phases (Robinson
et al. 2005). Since time and speed are of essence while trying to exploit the cheapest of frequently changing
service offerings, the VO manager identifies potentially required VO partners who meet the business
requirements during the identification phase. The business roles’ skill sets required for the VO – besides the VO
manager – are those of an airplane design data analyst and a storage provider. Potential VO partners may be
located anywhere in the world offering their services via standardized interfaces such as Grid services. A
reputation system is maintained by a trusted third party (TTP) in contrast to distributed reputation systems e.g. in
P2P architectures, offering reputation values for potential VO partners as a supporting service.
During the formation phase, the VO manager queries the reputation service for each potential partner’s
reputation. The reputation should be based on business criteria directly characterizing a partner organization’s
business reliability within the VO context. For instance “in time delivery of results” would be a valid business
criterion for a design data analyst. The TTP providing the reputation based on observable data is hereby
Upon receipt of the requested set of reputation values, the VO manager decides on a set of VO partners and
invites them to join the VO. This may be repeated until the required roles are filled with VO partners accepting
the invitation. The formation phase concludes with the instantiation of the service choreography required to
conduct the VO’s engineering task. The operation phase then starts with the intended actual work and the
partners provisioning their Grid services. After the operation phase, the VO manager’s feedback about the past
business transaction is a valuable piece of information for the TTP, to improve the reputation service for future
1.2 Requirements for Trust Management
A more detailed version of this scenario was published in (Robinson et al. 2005). Having analyzed this scenario,
we discovered that a VO oriented trust management approach for a reputation service has to meet the following
set of requirements also following from general properties of trust:
Directed relationship (R1). Trust is a bidirectional relationship between a trustor and one or more trustees, but
not inherently symmetric (Jøsang et al. 2005). If the VO manager (trustor) trusts a particular storage provider
(trustee), an equal trust in the opposite direction does not automatically follow. Nevertheless mutual behavior
can play a big role in trust relationships (Gambetta 1988). Furthermore, overlapping trust relationships do not
necessarily extend to their transitive closure. If a VO manager trusts an analysis expert who in turn has a trust
relationship with a particular storage provider, it is not automatically implied that the VO manager also trusts the
storage provider. Transitivity of trust is an ongoing research topic, e.g. in (Jøsang et al. 2006).
Subjective (R2). Trust is a subjective matter. It depends on a trustor’s subjective evaluation of past experiences
and it depends on the characteristics of the trustee (Jøsang 2001, Gambetta 1988). In this contribution, we focus
on organizations enacting the roles of trustor and trustee.
Objective basis (R3). Although the evaluation of trust itself is subjective, its sources, which we will later
introduce as trust indicators (TIs), can be objective (Tan 2003). Trust needs to be soundly rooted in an
organization’s characterizing properties, already implying that such roots are typically multi-facetted instead of
relying on one single root of trust (Dellarocas et al. 2003). This approach supports especially a VO manager’s
decision making when participating in multiple VOs and therefore needing an objective basis for trust across
different VO contexts.
Automated management (R4). Trust needs to be modeled by a formal approach in order to be usable in
computer systems. Those can either act as decision support system or even decide autonomously. In this paper,
we will focus on the latter, supporting executable business processes in a highly dynamic VO environment
(Strader et al. 1998, Robinson et al. 2005, Jøsang et al.2005).
Comparable (R5). Trust should be comparable among different organizations in order to model them within a
shared reputation service and support a fair decision process, e.g. when selecting among several potential
business partners (Haller 2006).
Dynamic (R6). Trust develops and changes over time (Ismail et al. 2002). It may increase or decrease with
further experience and it should decay over time (Ruohomaa et al. 2005). A trust model needs to dynamically
adapt to such changes.
Besides these trust-specific requirements, generic requirements for information systems are obvious; these are,
for example, availability (of the system itself and required data sources), correctness, and efficiency.
The remainder of the paper is structured as follows: Section 2 reviews related work and in Section 3 we present a
trust model as core of the reputation service. The model has three main building blocks: Firstly, a taxonomy of
trust indicators and their respective attributes, secondly the update mechanisms for the trust indicators once new
data is available and thirdly the aggregation concept taking objective and subjective trust information into
account. As proof-of-concept, Section 3 also describes an implementation of the reputation service. Section 4
concludes and enumerates future work.
2 RELATED WORK
Trust is a complex sociological phenomenon. The purpose of this section is to review notions of trust and related
concepts that are relevant for automated trust management in VOs. For a complete overview of all facets of trust
we recommend related surveys from (Grandison et al. 2000; Ruohomaa et al. 2005; Jøsang et al. 2004).
In the context of a VO, we define trust as the subjective probability by which the trustor expects the trustee to
perform actions captured in a role specification within the context of a VO. This definition relates to work from
(Gambetta 1988) and (Jøsang et al. 2004). It would harm the entire VO if one partner organization, e.g. the
storage provider, would not perform as expected.
In the area of information technology, the term trust management was invented by (Blaze et al. 1996) who define
the term "trust management (problem)" as the collective study of security policies, security credentials and trust
relationships. This purely technical perspective resulted in a system simply providing access control for
distributed environments. Following this groundbreaking publication, a multitude of trust management
approaches were developed and published in parallel. The most recent and successful ones are surveyed in
(Jøsang et al. 2004). On the higher level of business to consumer e-commerce, a model of trust relevant, directly
observable factors that for instance characterize online vendors is presented by (Egger 2003). While the general
approach to root trust in observable indicators is comparable to our work, the application domain and hence the
relevant indicators are different.
Reputation is a known concept in many disciplines, equally broad as and closely related to trust (Mui et al.
2002). Reputation can be seen as the general opinion of a group towards a person, another group of people or an
organization. Broken down to the field of trust management in VOs, reputation can be defined as a perception a
VO has about the intentions and norms of another organization. This perception develops through past actions
and through objective indicators. A recommendation then is an attempt to communicate reputation from one
party to another. A general reputation can thereby be mapped to an individual binary (directed) trust relationship.
Risk commonly refers to a potential harm that may arise from some present process or from some future event.
At this point, the differentiation among risk (i.e. known probabilities) and uncertainty (i.e. unknown
probabilities) is irrelevant and hence omitted. There is an inherent risk when collaborating in a VO. Risk and
trust are intrinsically related (Luhmann 1988). Obviously, if risk did not exist, there would be no need for trust,
as stated in (English et al. 2004).
Risk management is the process of identifying, measuring, and controlling risk as well as developing strategies
to manage or reduce it. Risk management frameworks can be used for the exact assessment of input risk levels
and the transfer of related concepts in general (Grandison et al. 2000). Unlike trust modeling, risk modeling and
risk management are established fields in economic research and practice, covering many different domains
where risks emerge. Similar to our approach, such risk management frameworks assess risk based on risk
indicators that map to well established key performance indicators (KPIs). Some risk indicators behave
stochastically and have an impact on trust intersecting with our set of proposed TIs.
Presumed that we have a formalized basis on how to relate risk to trust, we can derive trust measures from the
indicators that risk management already provides.
3.1A Taxonomy of Trust Indicators
While most of the previously proposed reputation systems assume given data, rely only on externalized,
subjective sources such as feedback or simple binary measures, an improved system roots trust in the inherent
properties of a trustee’s organization. Adapting the concept of risk indicators from risk management, we define a
trust indicator (TI) to be a regular measurement based on data that has an impact on trust in a certain area of the
trustee’s organization. In the following, we will identify these areas and subordinate them in a top-down
approach to a reasonable classification.
Since trust is inherently related to risk, existing operational risk categories play a big role for TIs. On an abstract
level, operational risk is commonly divided to derive from staff, technology, process and environment (King
2001). Technology and process refers to risks surging in the operational processes of a firm and thus operational
TIs. Herein a sub classification according to the functional units of the firm seems applicable. Staff points to
more hidden risks caused by human behavior. These can occur on different decision levels, strategic, managerial
or simply on employee level. This class is denoted as organizational TIs.
External TIs refer to influences and risks that stem from sources external to the organization. These can be
caused by other parties like customers or competitors, the legislation but also non-entities like the general
economic environment, labor and factor markets or natural resources and catastrophes. Further also financial
TIs impact the reliability of an organization that becomes apparent in case of a firm’s financial bankruptcy.
Financial information can be based on balance sheet data or from non-direct measures like stock market prices.
Popular indicators for performance measuring are for example the cash flow quote, economic value added,
earnings per share ratio etc. (Schultze 2003).
At last, trust related information may also stem from a third party. Various commercial information providers
have tackled the task of providing meaningful ratings about potential business entities. Prominent examples are
financial stock ratings from Standard & Poors and Moodys as well as the company database by Dun&Bradstreet
amongst others providing extensive information about credit-worthiness of organizations. This information as
well as information from other instances of the same type of reputation service, can be integrated to a trust
system as a third party TI carrying condensed reputation information content, cp. (Tan 2003).
Figure 1 depicts the TI taxonomy, summarizing our classification effort. The subcategories specialize the top-
level classes and are drawn according to a bottom-up approach that collected and clustered a total number of 146
and 56 verifiably unique different key indicators (Winkler 2006) into several classes described in the relevant
literature (Schultze 2003; Arndt 1985) and related areas like Financial Risk (Hager 2004; Allen 2003),
Operational Risk (King 2001; Cruz 2002), and particularly Supply Chain Risk Management (Brindley 2004;
Chan 2003) in parallel to the overall top-down classification.
The taxonomy represents an extensible reference framework for trust management in VOs. For an
implementation of the model in a specific setting, domain specific indicators need to be defined within these
categories. Of course, newly discovered TIs can be added to the taxonomy as can additional (sub-) categories.
The following section will show that adding a TI encompasses defining its unique identifier and implementing a
set of attributes. Trust indicators then can be aggregated according to the categories, whereas the arrows in the
diagram show the specific dependencies.
Figure 1: Taxonomy of Trust Indicators
3.1.2 Examples for Trust Indicators
As mentioned before, trust indicators have to meet the set of requirements implied by 1.2, namely availability,
comparability and automation. TI modeling hereby has to cope with incomplete data since it can in general not
be assumed that complete datasets are available at any given time for each TI. Furthermore, similar to risk
management, a decision maker such as a VO manager wants to predict a potential business partner’s behavior
based on his TI model. The list of possible TIs has to be filtered according to these criteria that motivated us to
pursue a stochastic TI model based on density functions.
The specific trust indicators to be used depend on the application domain of the reputation service. In the context
of our collaborative engineering scenario, the following trust indicators are considered most applicable. Due to
the complexity of trust, the TIs that contain aggregated information are preferred.
The Cash flow (CF) is a measure for the actual cash generated by a business. The cash flow quote is the quotient
of CF and turnover and is used to make the CFs of different organizations comparable. Cash flow can also be
seen as a measure for financial trustworthiness. Adopting (Hayne 1999) we model the likelihood for the cash
flow quote as a lognormal distribution.
In general, VO networks operate on a global scale. In risk literature country risk is understood as consequences
caused by the economic, political and social environment (Lehrbass 1999). A widely used daily measure of
country risk is the country bond spread, i.e. the yields on bonds issued by a country (Damodaran 2003). This
measure also incorporates currency and interest volatility, whereas a higher spread likewise reflects a higher risk.
Herein we find an appropriate and highly aggregated indicator for external influences. Empirical studies show,
that country bond rates are best modeled by fat-tailed distributions like the student-distribution (Romeike 2005).
There are only a few quantitative measures that express organizational trust. Among the simplest and most
popular ones is the employee fluctuation rate, indicating the employee satisfaction and organizational climate.
The members of an organization know best about the overall situation of their entity. In (Teitelbaum et al. 2005)
a statistical study is conducted, finding that member fluctuation on a longer term follows a Pareto distribution.
Availability of the technological systems is a common measure of operational risk and, thus, system downtime
can serve as a TI (Cruz 2002). For a storage provider in a VO this availability even turns to be crucial for
offering his service. Several studies report on statistical modeling of system downtime in general (Williams
1994). Due to the possibilities for parameterization, a gamma distribution is suggested to be most flexible in
modeling this TI.