xor schrieb: > Hello, > > I am currently refactoring the WoT plugin to allow per-context trust values. > > Lets first explain how WoT currently works so you can understand what I mean: > - There is a set of Identities. An identity has a SSK URI, a nick name, a set > of contexts (and a set of properties). An "own identity" is an identity of > the > user of the plugin, he owns the SSK insert URI so he can insert the identity. > > - Each identity can offer a Set<String> of contexts. A context is a client > application, currently there are: "Introduction" (the > given identity publishes captchas to allow other identities to get known by > the web of trust by solving a captcha - if you solve one, you get on the > publisher's trust list) and "Freetalk", which is the messaging system based > on > WoT (comparable to FMS) which I am implementing. > > - Identities currently can give each users a trust value from -100 to +100. > Each trust relationship is stored as a object of class Trust in the database. > > - From all Trust values an identity has received, from the trust values the > trusters have received, etc. the WoT calculates and stores a "Score" object > for each identity in the database. The score is the calculated rating the > which identity receives from the whole of the other identities. > > Not only one Score object is stored - for each pair of [OWN identity > "treeOwner", identity "target"] a score object is calculated. The reason is > that the score of an identity depends on what trust the treeOwner gives to > the > identity itself, what trust its trusters have received, their trusters, and > so > on. > > .... Considering the fact that there will be many more client applications > (for example: Search indexing, files haring, web of trust based code review > (image Freenet compiling its updates itself as soon as all code has received > enough "review trust")). we came to the conclusion that it must be possible > to > assign a trust value which is only valid in the context of a single client > application and does not affect any others. If someone publishes crap in the > file sharing that does not prove that he is not able to produce nice messages > in Freetalk, and vice versa. > > Therefore, I will implement per-context trust and score now. I will not wait > with the implementation until Freetalk even though Freetalk is important > because the per-context trust values change the database model very much and > writing code to convert legacy databases is possible but not guaranteed to > not > have any bad side effects. Having a "finished" database model before > deploying > stuff is a good idea. > > Now the question is: Which logic should be used to decide when to ignore an > identity, i.e. when to NOT download it anymore and not add the identities > which it trusts to the database? > Several ideas: > - Have a global "trust list trust" as in FMS which is a rating of whether the > identity as a whole is trustworthy and should be downloaded, only decide upon > the score value there whether to download it or not, ignoring all scores from > client apps.
I vote for this option, to be exact, i vote for the way, how FMS basicly works: - 1 trustlist for every application: With this value, you set, if you want to read someones messages, see someones files, freesites or whatever your WoT-based app uses. No value by default, if trusted identities have set a value for an identity, it is used for trust calculation (details for the calculation can be found on the FMS freesite). If you yourself do set a value, it may either be part of the trust calculation or (optionally) overwrite the calculated trust. If no value is set or there exists a value and it is bigger than a locally set limit, you download his data, else it is ignored. - 1 trustlist trust: This does set, if you trust the person to introduce identities and to vote "right" on people. If you set this value and it is higher than your local limit, then you download his trustlists and the values in them are used in the application trust value of every known identity. This system is relativly simple, you can understand it and follow it, if you want and it does use the "little world theory" and the idea of a friends network. And, just as a reminder: This idea and the basic concept was created and agreed upon between all actively writing frost identities during the beginning of the massive frost spam. > - Download it as long as ONE client app has positive score for that identity: > Not possible because then someone could create zillions of spam identities to > spam the WoT and keep every WoT-plugin downloading them by writing good posts > in Freetalk but not adding the Freetalk context to the spam identities so > Freetalk users might not notice them. In general, this attack could be used > with any other client app where it is easy to gather positive trust. No. > - Download as long as ALL client apps have positive trust: Not possible, the > whole goal of per-context trust was to prevent identities from being judged > as > a whole just by their misbehavior in ONE client app. No. > > - Any other ideas by anyone? See above. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 315 bytes Desc: OpenPGP digital signature URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20090507/0d4eec63/attachment.pgp>
