I agree with that : I vote for the way, how FMS basicly works: > > - 1 trustlist for every application: With this value, you set, if you want > to read someones > messages, see someones files, freesites or whatever your WoT-based app > uses. No value by default, if > trusted identities have set a value for an identity, it is used for trust > calculation (details for > the calculation can be found on the FMS freesite). If you yourself do set a > value, it may either be > part of the trust calculation or (optionally) overwrite the calculated > trust. If no value is set or > there exists a value and it is bigger than a locally set limit, you > download his data, else it is > ignored. > > - 1 trustlist trust: This does set, if you trust the person to introduce > identities and to vote > "right" on people. If you set this value and it is higher than your local > limit, then you download > his trustlists and the values in them are used in the application trust > value of every known identity. >
On Thu, May 7, 2009 at 7:58 PM, Thomas Sachau <mail at tommyserver.de> wrote: > xor schrieb: > > Hello, > > > > I am currently refactoring the WoT plugin to allow per-context trust > values. > > > > Lets first explain how WoT currently works so you can understand what I > mean: > > - There is a set of Identities. An identity has a SSK URI, a nick name, a > set > > of contexts (and a set of properties). An "own identity" is an identity > of the > > user of the plugin, he owns the SSK insert URI so he can insert the > identity. > > > > - Each identity can offer a Set<String> of contexts. A context is a > client > > application, currently there are: "Introduction" (the > > given identity publishes captchas to allow other identities to get known > by > > the web of trust by solving a captcha - if you solve one, you get on the > > publisher's trust list) and "Freetalk", which is the messaging system > based on > > WoT (comparable to FMS) which I am implementing. > > > > - Identities currently can give each users a trust value from -100 to > +100. > > Each trust relationship is stored as a object of class Trust in the > database. > > > > - From all Trust values an identity has received, from the trust values > the > > trusters have received, etc. the WoT calculates and stores a "Score" > object > > for each identity in the database. The score is the calculated rating the > > which identity receives from the whole of the other identities. > > > > Not only one Score object is stored - for each pair of [OWN identity > > "treeOwner", identity "target"] a score object is calculated. The reason > is > > that the score of an identity depends on what trust the treeOwner gives > to the > > identity itself, what trust its trusters have received, their trusters, > and so > > on. > > > > .... Considering the fact that there will be many more client > applications > > (for example: Search indexing, files haring, web of trust based code > review > > (image Freenet compiling its updates itself as soon as all code has > received > > enough "review trust")). we came to the conclusion that it must be > possible to > > assign a trust value which is only valid in the context of a single > client > > application and does not affect any others. If someone publishes crap in > the > > file sharing that does not prove that he is not able to produce nice > messages > > in Freetalk, and vice versa. > > > > Therefore, I will implement per-context trust and score now. I will not > wait > > with the implementation until Freetalk even though Freetalk is important > > because the per-context trust values change the database model very much > and > > writing code to convert legacy databases is possible but not guaranteed > to not > > have any bad side effects. Having a "finished" database model before > deploying > > stuff is a good idea. > > > > Now the question is: Which logic should be used to decide when to ignore > an > > identity, i.e. when to NOT download it anymore and not add the identities > > which it trusts to the database? > > Several ideas: > > - Have a global "trust list trust" as in FMS which is a rating of whether > the > > identity as a whole is trustworthy and should be downloaded, only decide > upon > > the score value there whether to download it or not, ignoring all scores > from > > client apps. > > I vote for this option, to be exact, i vote for the way, how FMS basicly > works: > > - 1 trustlist for every application: With this value, you set, if you want > to read someones > messages, see someones files, freesites or whatever your WoT-based app > uses. No value by default, if > trusted identities have set a value for an identity, it is used for trust > calculation (details for > the calculation can be found on the FMS freesite). If you yourself do set a > value, it may either be > part of the trust calculation or (optionally) overwrite the calculated > trust. If no value is set or > there exists a value and it is bigger than a locally set limit, you > download his data, else it is > ignored. > > - 1 trustlist trust: This does set, if you trust the person to introduce > identities and to vote > "right" on people. If you set this value and it is higher than your local > limit, then you download > his trustlists and the values in them are used in the application trust > value of every known identity. > > This system is relativly simple, you can understand it and follow it, if > you want and it does use > the "little world theory" and the idea of a friends network. And, just as a > reminder: This idea and > the basic concept was created and agreed upon between all actively writing > frost identities during > the beginning of the massive frost spam. > > > - Download it as long as ONE client app has positive score for that > identity: > > Not possible because then someone could create zillions of spam > identities to > > spam the WoT and keep every WoT-plugin downloading them by writing good > posts > > in Freetalk but not adding the Freetalk context to the spam identities so > > Freetalk users might not notice them. In general, this attack could be > used > > with any other client app where it is easy to gather positive trust. > > No. > > > - Download as long as ALL client apps have positive trust: Not possible, > the > > whole goal of per-context trust was to prevent identities from being > judged as > > a whole just by their misbehavior in ONE client app. > > No. > > > > > - Any other ideas by anyone? > > See above. > > > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20090507/e732b9a7/attachment.html>
