Hi Evgeny, On 9/3/17 2:57 AM, Evgeny Khramtsov wrote: > Since the SPIM discussion has sparkled again in the operators list, I > would like to resurrect long-standing reputation problem in XMPP > (see, for example, XEP-0275).
Thanks for bringing this topic back to the attention of the list. Before we spend energy on building a reputation system, it would be good to understand what problems it is intended to help solve. IMHO nothing will solve 100% of the spam problem, but perhaps a reputation system would help. It seems that it might also help solve attacks on chat rooms. Anything else? I did some reading about reputation systems last year, and my recollection is that they are not proven to help all that much with spam compared to the cost of implementing them, but I'm very much open to better evidence. > We probably can consider how this problem is being solved in > distributed p2p systems. One of the popular approach to collect > reputation in p2p systems is EigenTrust[1] model and its derivatives. > While the method itself assumes file-sharing and the rating is based on > satisfied/unsatisfied downloads, it can be adopted for rating based on > subscriptions information of remote contacts, collected by servers > *only* (i.e. a user cannot provide reputation for her contacts). It > seems like everything supposed to work for EigenTrust will work in this > case too. Another advantage of this method is that we don't need to > require all servers to support it instantly: the reputation > information will be aggregated amongst servers supporting the feature > and it will even contain reputation about users from ancient/abandoned > servers. > > Although the idea of EigenTrust is relatively simple and easy to > implement locally, the main problem is how to disseminate this > information across all XMPP servers. For example, EigenTrust is assumed > to be built on top of existing structured overlay (DHT-like), > GossipTrust[2] is built on top of unstructured overlay using its gossip > routing (Kempe algorithm[3] is suggested). While for XMPP we have yet > to build such overlay on top of s2s infrastructure. I can think > about several possible solutions: > > 1) a centralized trusted reputation aggregator. The problem of such > approach is obvious: single point of failure which looks awkward inside > the distributed s2s system. > > 2) building a structured overlay (DHT) on top of s2s infrastructure. The > major problem is, of course, maintaining churn: data migration and > anti-entropy. Although, solutions exist to these problems (such as > RelaxDHT[4]), they are not trivial. > > 3) building a hybrid overlay: a group of server operators maintain a > top-level tier of aggregation servers which collect and share reputation > information. The list of aggregators (which will be also a bootstraping > list in the overlay) will be maintained in DNS by xmpp.org (e.g. > reputation.xmpp.org). All other servers will be logically grouped in > a second-level tier. They will only upload their locally > collected reputation information to the aggregators and perform > lookups from them. This is the most feasible solution in my opinion. We > don't even need in fact to build it on top of s2s network, probably we > can use existing database with needed characteristics (i.e. distributed > partition tolerate database with eventually consistent counters) and > deploy it on the aggregators. This could go in DNS - quite a scalable database. :-) > Sorry if the information here is cumbersome, this is just my brain > dump. Alas, there is no simple solution for distributed reputation > systems. Please ask questions if you want to clarify/critic something or > have another/better ideas. > > [1] http://ilpubs.stanford.edu:8090/562/1/2002-56.pdf > [2] > https://pdfs.semanticscholar.org/a91c/c05025cf5c0b22cb8dc73f1a93d566054f35.pdf > [3] https://arxiv.org/pdf/quant-ph/0210064.pdf > [4] https://hal.inria.fr/file/index/docid/374095/filename/RR-6897.pdf Thanks for the pointers. I'll do more reading now. Peter
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org _______________________________________________
