xor wrote: > .... Considering the fact that there will be many more client applications > (for example: Search indexing, files haring, web of trust based code review > (image Freenet compiling its updates itself as soon as all code has received > enough "review trust")). we came to the conclusion that it must be possible > to > assign a trust value which is only valid in the context of a single client > application and does not affect any others. If someone publishes crap in the > file sharing that does not prove that he is not able to produce nice messages > in Freetalk, and vice versa.
> Now the question is: Which logic should be used to decide when to ignore an > identity, i.e. when to NOT download it anymore and not add the identities > which it trusts to the database? > Several ideas: > - Have a global "trust list trust" as in FMS which is a rating of whether the > identity as a whole is trustworthy and should be downloaded, only decide upon > the score value there whether to download it or not, ignoring all scores from > client apps. > - Because I do not have any other ideas, I came to the conclusion that it is > necessary to have a separate "global" trust context (could be called > "TrustList" or "WoT" or whatever) which is used to judge whether an identity > should be downloaded or not. This means that each client app will need UI to > manage 2 trust values per identity. Surely each client app will need only one trust value for itself, then the meta-trust value can be handled by WoT itself? Or did you mean the meta-trust is per-context only? In which case I agree this is overkill; just have a meta-trust value for the whole identity, for all its contexts. The UI for this can then be in WoT. Also, other plugins could just provide a link to the WoT UI for their context instead of making their own UIs. > So does anyone has an idea which prevents the need of a "global" trust > context? If not, I will implement it with the global context and call it > "TrustList". I don't see why this is such a bad thing that you'd prefer to prevent it. We (at least I) do something like this in real life, especially when meeting strangers for the first time. A meta-trust value makes perfect sense to me. On a different issue, I don't think it's a good idea for the algorithm to recurse indefinitely. Would you be able to make it automatically construct a small world network? Download the trust list of your most trusted IDs, then (say) 2/3 of their most trusted, then 1/2 of theirs, etc? Also (I said this to you before, but I have an additional reason here) the algorithm itself should be modularised from the rest of the plugin. Maybe not so users can change it, but so that we the developers can change it. Trust metrics are still a topic of research and new ones are probably going to be invented over the next few years; it would be nice if they could be implemented without re-writing the whole plugin. One of my supervisors pointed me to one of his papers: http://www.isoc.org/isoc/conferences/ndss/09/pdf/06.pdf I haven't read it myself yet, but other people here might find it more immediately useful. It's basically another algorithm for detecting sockpuppets or otherwise untrustworthy nodes. X
