<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Archiving and Interchange DTD v1.0 20120330//EN" "JATS-archivearticle1.dtd">
<article xmlns:xlink="http://www.w3.org/1999/xlink">
  <front>
    <journal-meta />
    <article-meta>
      <title-group>
        <article-title>Trust Awareness for Redecentralized Web Applications (Position Paper)</article-title>
      </title-group>
      <contrib-group>
        <contrib contrib-type="author">
          <string-name>Valentin Siegert</string-name>
          <email>valentin.siegert@informatik.tu-chemnitz.de</email>
          <xref ref-type="aff" rid="aff0">0</xref>
        </contrib>
        <contrib contrib-type="author">
          <string-name>Martin Gaedke</string-name>
          <email>martin.gaedke@informatik.tu-chemnitz.de</email>
          <xref ref-type="aff" rid="aff0">0</xref>
        </contrib>
        <contrib contrib-type="editor">
          <string-name>Trust, Decentralized Web, Web Redecentralization</string-name>
        </contrib>
        <aff id="aff0">
          <label>0</label>
          <institution>Technische Universität Chemnitz</institution>
          ,
          <addr-line>Chemnitz</addr-line>
          ,
          <country country="DE">Germany</country>
        </aff>
      </contrib-group>
      <abstract>
        <p>Redecentralizing the web improves user privacy and data control, but also brings the challenge of acquiring trusted data across distributed data storage. In this paper we propose how redecentralized web applications can autonomously and automatically make trust-aware decisions about acquired data from decentralized stores, and we identify requirements and open challenges. https://vsr.informatik.tu-chemnitz.de/people/siegert (V. Siegert); 0000-0001-5763-8265 (V. Siegert); 0000-0002-6729-2912 (M. Gaedke) TrusDeKW@ESWC'23: Trusting Decentralised Knowledge Graphs and Web Data Workshop at Extended Semantic Web htp:/ceur-ws.org CEUR Workshop Proceedings (CEUR-WS.org) ISN1613-073</p>
      </abstract>
    </article-meta>
  </front>
  <body>
    <sec id="sec-1">
      <title>1. Introduction</title>
      <p>
        Today, centralized web platforms store data in their controlled infrastructure, resulting in data
silos and walled gardens [
        <xref ref-type="bibr" rid="ref1 ref2">1, 2</xref>
        ]. As this leads to significant privacy concerns [
        <xref ref-type="bibr" rid="ref1 ref3">1, 3</xref>
        ], initiatives
such as Solid [
        <xref ref-type="bibr" rid="ref1">1</xref>
        ], the distributed social app Mastodon1 or the EU’s Next Generation Internet2
are working to redecentralize the web. Achieving this redecentralization requires universal
open protocols and application interfaces that allow users to be independent of centralized
instances [
        <xref ref-type="bibr" rid="ref1 ref3 ref4 ref5">1, 3, 4, 5</xref>
        ]. Solid, for example, enables users to store and manage personal data in
decentralized pods that contain linked data.
      </p>
      <p>
        An imminent challenge for the redecentralized web is trusted data acquisition [
        <xref ref-type="bibr" rid="ref2 ref3 ref5">2, 3, 5</xref>
        ].
Since web application operators are interested in their users or customers perceiving the
application as trustworthy, the web application must work with trusted data. In the current
web, trustworthiness is determined by third parties based on predetermined artifacts or
humanissued permissions created and controlled by centralized instances [
        <xref ref-type="bibr" rid="ref5">5</xref>
        ]. A redecentralized
web application, on the other hand, works with data that is not hosted by it, but is available
on any decentralized knowledge graph or solid pod. Since these are hosted by third parties,
the web application has no control over the trustworthiness of the data, but must ensure it.
Therefore, the proposed privacy and data freedom enhancements [
        <xref ref-type="bibr" rid="ref1">1</xref>
        ] may be limited if the data
nEvelop-O
LGOBE
https://vsr.informatik.tu-chemnitz.de/people/gaedke (M. Gaedke)
CEUR
Workshop
Proceedings
acquired is malicious or harmful. Data is in this paper’s context trustworthy if the using web
application makes a positive trust-aware decision on whether to trust the data or not. This
decision is taken based on an evaluation which computes factors with diferent input parameters
and subsequent combination to one final trust value for the respective decision. Despite the
influence of sociological and psychological research on trust, computing trust in the web focuses
on algorithms, standards and empirical studies [
        <xref ref-type="bibr" rid="ref6">6</xref>
        ].
      </p>
      <p>
        The redecentralized web can be metamodeled as an open and dynamic multi-agent system
(MAS) [
        <xref ref-type="bibr" rid="ref5">5</xref>
        ] since its web applications are autonomous and structurally independent and the
number of existing applications is large. Moreover, it classifies itself as an open and dynamic
system since it is free of membership constraints and web applications can go on and ofline
at any time. The proposal of hypermedia MAS [
        <xref ref-type="bibr" rid="ref7">7</xref>
        ] envisages similarly the idea of allowing
heterogeneous entities to interact uniformly through hypermedia. A web application (a web
agent in MAS) can make autonomous trust decisions in many ways, as discussed in several
research papers in the area of trust within MAS [
        <xref ref-type="bibr" rid="ref5 ref8">5, 8</xref>
        ] as well as within the web [
        <xref ref-type="bibr" rid="ref6 ref9">6, 9</xref>
        ].
      </p>
      <p>
        In this position paper, we outline a proposal for making web applications trustworthy in
an autonomous and automatic way, with the goal of acquiring web data from decentralized
knowledge graphs, third-party Solid pods, or other decentralized stores of web data.
2. Redecentralized Web Applications’ Trust Awareness
In a scenario where the web is redecentralized and data is stored in a decentralized manner in
Knowledge Graphs (KGs), Solid Pods, and other distributed web data stores, a web application
no longer stores data only on itself. Therefore, such a web application must be able to search
the Semantic Web and dynamically acquire linked data on-the-fly. While data in the web might
be still duplicated due to practical needs and responsive design, data has to be synced in both
directions for privacy and data control purposes. A redecentralized web application will thus not
always take data from a decentralized data store, but very often dynamically at runtime. Hence,
the applications must constantly make trust-aware decisions on whether it should process
received data or not. Those decisions are mandatory for only using trustworthy data to not
decrease trust of users or customers in the web application by ignoring trust awareness. Yet,
existing policies and norms should not be adapted, nor should other service qualities of web
applications be negatively afected, e.g. its response time. Thus, our proposal does not contradict
ideas about governance of autonomous agents on the web [
        <xref ref-type="bibr" rid="ref10">10</xref>
        ], but starts at the web application
itself instead of defining governance on a global top-down view over (parts of) the web.
      </p>
      <p>One example of such a scenario with decentralized data stores are redecentralized on-demand
music streaming services. Some domain-related data such as recommendations for new
discoveries, automatic playlists, or streaming functionality potentially remain at the individual
applications. With the possibility of decentralized data storage, both users and music artists
may have a high interest in storing their data in their own KG or solid pod. This allows data
owned by users and artists to be reused across multiple services. However, because multiple
applications read and write to these decentralized data stores, each application cannot ensure,
even during the read process, that the data it reads is not harmful to itself. This can be due to
data consistency issues caused by multiple applications working with the same data. Other</p>
      <p>Front End
 Presentation Layer</p>
      <p>Back End
Business Layer
Trust Awareness</p>
      <p>Data Layer
Solid Pods</p>
      <p>Decentralized</p>
      <p>KGs
reasons can be problems with data replication and fraudulent manipulation of data by competing
services. A trusted decision about reading data from decentralized storage would reduce the
risk of working with data that is not ”good enough” for the purpose of one web application.</p>
      <p>
        We propose that each web application should have its own trust awareness. Otherwise,
redecentralization will soon be a centralized web again, but no longer dependent on centrally
stored data, but on the provision of trust awareness or its testimonials. Trust testimonials in
this context are artifacts that contain statements about the trustworthiness of other entities, be
they hosts or data. We sketch in Figure 1 a common 3-tier webserver, which is redecentralized
in its data layer and includes trust awareness. We indicate by positioning the Data Layer across
the boundary of the web server, that the Data Layer is not necessarily a local or controlled
layer of the web application anymore, but redecentralized. Additionally, the external sources of
the data layer are Solid Pods, decentralized KGs or similar decentralized web data stores. Any
local data storage might still be in place as parts of the Data layer is also still inside the web
application. In the context of the newly added trust awareness, it needs to make decisions on
which data is trustworthy enough to process and which one is not. Yu et al. [
        <xref ref-type="bibr" rid="ref8">8</xref>
        ] describes that
the term trust awareness, can be divided in the two parts of trust evaluation and trust-aware
decision making. Trust evaluation is the process to compute a numeric trust value or a cognitive
ranking on given inputs as the interacted peer’s identity, meta data of a message or even the
message itself. The trust-aware decision making is then enabling the web application to decide
about trustworthiness based on the results of the trust evaluation.
      </p>
      <p>
        The idea we propose is consistent with Golbeck’s view [
        <xref ref-type="bibr" rid="ref6">6</xref>
        ] in that trust on the semantic web
is critical for data and its exchange over decentralized data stores. However, Golbeck treats
trust mainly as involving the user in the process of trust and its computation. This holds since
user-to-machine or user-to-user trust relationships or manual trust conditions from users are
considered in the aforementioned approaches of Golbeck. In this sense, Golbeck mentions for
trust in web services mainly approaches for authorizing access to web service functionalities.
In contrast, our proposal refers to a machine-to-machine trust relationship for the exchange
of decentralized data. The most similar trust models in Golbeck’s survey to our proposal are
those for peer-to-peer (P2P) systems. However, these require at least adaptations towards the
web’s data heterogeneity. This includes the fact that most of these models assume an existing
trust relationship path between all peers within the system. Our approach, on the other hand,
assumes a high degree of individuality in the trust awareness of web applications, whether in
terms of automation or autonomy.
      </p>
    </sec>
    <sec id="sec-2">
      <title>3. Requirements and Open Challenges</title>
      <p>
        To enable trust awareness within web applications, the following requirements apply: Runtime:
To ensure adequate response time of a web application’s back end, the runtime of the trust
awareness needs to be as short as possible. Since the response times of web applications are
within milliseconds to respond instantaneously3, there is not much time to increase them with
additional components like the proposed trust awareness. Accuracy: Any trust-aware decision
should be as accurate as possible in order not to regret it later. Therefore, trust evaluations
require high accuracy, which can be measured e.g. by comparing expected with calculated
rankings of trust evaluations [
        <xref ref-type="bibr" rid="ref11">11</xref>
        ]. Full Automation: Trust awareness must be fully automated
because the number of data sources on the web is already large and decentralization only
increases the number of data providers [
        <xref ref-type="bibr" rid="ref5">5</xref>
        ]. Any human intervention would thus slow down the
process to dynamically acquire data from decentralized data sources and overwhelm users with
the amount of data sources available. Autonomy: Since the decentralization of the web should
not be undermined by newly introduced central instances, web applications should handle trust
autonomously. While considering trust testimonials can be valuable, outsourcing the complete
trust evaluation would contradict our proposal. Trust Attack Robustness: As we introduce
a component of trust awareness into a web application, the newly added component must be
robust against known trust attacks [
        <xref ref-type="bibr" rid="ref12 ref9">9, 12</xref>
        ]. Similar to web application security attacks, trust
awareness must not be compromised by misleading input.
      </p>
      <p>
        The following challenges are the main to address to enable trust awareness for web
applications: Suitable Trust Model: Although several trust models exist to date [
        <xref ref-type="bibr" rid="ref2 ref5 ref6 ref8 ref9">2, 5, 8, 6, 9</xref>
        ], it
remains an open challenge to find the most suitable one or combinations of existent for the
purpose of our presented scenario. Initial Trust: Initial evaluations for new applications
can be as challenging as migrating existing collaborations between web applications. Trust
awareness in web applications needs to establish initial values without full trust or full distrust
at the outset. It remains an open challenge how to initialize trust evaluations by taking neither
ifxed default values nor random values that could influence following trust evaluations. Web
Data Heterogeneity: The heterogeneity of web data poses additional challenges for trust
3https://www.nngroup.com/articles/response-times-3-important-limits/
evaluations, as information is only sometimes available, but information cannot always be
collected in the same way, nor can it be collected everywhere.
      </p>
    </sec>
  </body>
  <back>
    <ref-list>
      <ref id="ref1">
        <mixed-citation>
          [1]
          <string-name>
            <given-names>A. V.</given-names>
            <surname>Sambra</surname>
          </string-name>
          ,
          <string-name>
            <given-names>E.</given-names>
            <surname>Mansour</surname>
          </string-name>
          ,
          <string-name>
            <given-names>S.</given-names>
            <surname>Hawke</surname>
          </string-name>
          ,
          <string-name>
            <given-names>M.</given-names>
            <surname>Zereba</surname>
          </string-name>
          ,
          <string-name>
            <given-names>N.</given-names>
            <surname>Greco</surname>
          </string-name>
          ,
          <string-name>
            <given-names>A.</given-names>
            <surname>Ghanem</surname>
          </string-name>
          ,
          <string-name>
            <given-names>D.</given-names>
            <surname>Zagidulin</surname>
          </string-name>
          ,
          <string-name>
            <given-names>A.</given-names>
            <surname>Aboulnaga</surname>
          </string-name>
          ,
          <string-name>
            <given-names>T.</given-names>
            <surname>Berners-Lee</surname>
          </string-name>
          ,
          <article-title>Solid: A Platform for Decentralized Social Applications Based on Linked Data</article-title>
          ,
          <source>Technical Report</source>
          , MIT CSAIL &amp; Qatar Computing Research Institute,
          <year>2016</year>
          .
        </mixed-citation>
      </ref>
      <ref id="ref2">
        <mixed-citation>
          [2]
          <string-name>
            <given-names>V.</given-names>
            <surname>Siegert</surname>
          </string-name>
          ,
          <string-name>
            <given-names>A.</given-names>
            <surname>Kirchhof</surname>
          </string-name>
          , M. Gaedke,
          <article-title>ConTED: Towards Content Trust for the Decentralized Web</article-title>
          ,
          <source>in: Proceedings of WI-IAT</source>
          <year>2022</year>
          ,
          <year>2022</year>
          , pp.
          <fpage>604</fpage>
          -
          <lpage>611</lpage>
          . doi:
          <volume>10</volume>
          .1109/WI-IAT55865.
          <year>2022</year>
          .
          <volume>00095</volume>
          .
        </mixed-citation>
      </ref>
      <ref id="ref3">
        <mixed-citation>
          [3]
          <string-name>
            <given-names>L. D.</given-names>
            <surname>Ibáñez</surname>
          </string-name>
          ,
          <string-name>
            <given-names>E.</given-names>
            <surname>Simperl</surname>
          </string-name>
          ,
          <string-name>
            <given-names>F.</given-names>
            <surname>Gandon</surname>
          </string-name>
          ,
          <string-name>
            <given-names>H.</given-names>
            <surname>Story</surname>
          </string-name>
          ,
          <article-title>Redecentralizing the web with distributed ledgers</article-title>
          ,
          <source>IEEE Intelligent Systems</source>
          <volume>32</volume>
          (
          <year>2017</year>
          )
          <fpage>92</fpage>
          -
          <lpage>95</lpage>
          . doi:
          <volume>10</volume>
          .1109/MIS.
          <year>2017</year>
          .
          <volume>18</volume>
          .
        </mixed-citation>
      </ref>
      <ref id="ref4">
        <mixed-citation>
          [4]
          <string-name>
            <given-names>M.</given-names>
            <surname>Noura</surname>
          </string-name>
          ,
          <string-name>
            <given-names>V.</given-names>
            <surname>Siegert</surname>
          </string-name>
          ,
          <string-name>
            <given-names>M.</given-names>
            <surname>Gaedke</surname>
          </string-name>
          , WAT:
          <article-title>Autonomous Hypermedia-driven Web Agents for Web of Things Devices, in: Proceedings of the All the Agents Challenge co-located with the 20th</article-title>
          <source>International Semantic Web Conference</source>
          ,
          <year>2021</year>
          , pp.
          <fpage>38</fpage>
          -
          <lpage>43</lpage>
          . URL: https://ceur-ws.
          <source>org/</source>
          Vol-
          <volume>3111</volume>
          /short6.pdf.
        </mixed-citation>
      </ref>
      <ref id="ref5">
        <mixed-citation>
          [5]
          <string-name>
            <given-names>V.</given-names>
            <surname>Siegert</surname>
          </string-name>
          ,
          <string-name>
            <given-names>M.</given-names>
            <surname>Noura</surname>
          </string-name>
          ,
          <string-name>
            <surname>M.</surname>
          </string-name>
          <article-title>Gaedke, aTLAS: A Testbed to Examine Trust for a Redecentralized Web</article-title>
          ,
          <source>in: Proceedings of WI-IAT</source>
          <year>2020</year>
          ,
          <year>2020</year>
          , pp.
          <fpage>411</fpage>
          -
          <lpage>416</lpage>
          . doi:
          <volume>10</volume>
          .1109/WIIAT50758.
          <year>2020</year>
          .
          <volume>00060</volume>
          .
        </mixed-citation>
      </ref>
      <ref id="ref6">
        <mixed-citation>
          [6]
          <string-name>
            <given-names>J.</given-names>
            <surname>Golbeck</surname>
          </string-name>
          ,
          <article-title>Trust on the world wide web: A survey</article-title>
          ,
          <source>Foundations and Trends® in Web Science</source>
          <volume>1</volume>
          (
          <year>2008</year>
          )
          <fpage>131</fpage>
          -
          <lpage>197</lpage>
          . doi:
          <volume>10</volume>
          .1561/1800000006.
        </mixed-citation>
      </ref>
      <ref id="ref7">
        <mixed-citation>
          [7]
          <string-name>
            <given-names>A.</given-names>
            <surname>Ciortea</surname>
          </string-name>
          ,
          <string-name>
            <given-names>S.</given-names>
            <surname>Mayer</surname>
          </string-name>
          ,
          <string-name>
            <given-names>F.</given-names>
            <surname>Gandon</surname>
          </string-name>
          ,
          <string-name>
            <given-names>O.</given-names>
            <surname>Boissier</surname>
          </string-name>
          ,
          <string-name>
            <given-names>A.</given-names>
            <surname>Ricci</surname>
          </string-name>
          ,
          <string-name>
            <given-names>A.</given-names>
            <surname>Zimmermann</surname>
          </string-name>
          ,
          <article-title>A decade in hindsight: The missing bridge between multi-agent systems and the world wide web</article-title>
          ,
          <source>in: Proceedings of the International Conference on Autonomous Agents and Multiagent Systems</source>
          ,
          <year>2019</year>
          . URL: http://www.alexandria.unisg.ch/256718/.
        </mixed-citation>
      </ref>
      <ref id="ref8">
        <mixed-citation>
          [8]
          <string-name>
            <given-names>H.</given-names>
            <surname>Yu</surname>
          </string-name>
          ,
          <string-name>
            <given-names>Z.</given-names>
            <surname>Shen</surname>
          </string-name>
          ,
          <string-name>
            <given-names>C.</given-names>
            <surname>Leung</surname>
          </string-name>
          ,
          <string-name>
            <given-names>C.</given-names>
            <surname>Miao</surname>
          </string-name>
          ,
          <string-name>
            <given-names>V. R.</given-names>
            <surname>Lesser</surname>
          </string-name>
          ,
          <article-title>A Survey of Multi-Agent Trust Management Systems</article-title>
          , IEEE Access 1
          <article-title>(</article-title>
          <year>2013</year>
          )
          <fpage>35</fpage>
          -
          <lpage>50</lpage>
          . doi:
          <volume>10</volume>
          .1109/ACCESS.
          <year>2013</year>
          .
          <volume>2259892</volume>
          .
        </mixed-citation>
      </ref>
      <ref id="ref9">
        <mixed-citation>
          [9]
          <string-name>
            <given-names>Y.</given-names>
            <surname>Ruan</surname>
          </string-name>
          ,
          <string-name>
            <given-names>A.</given-names>
            <surname>Durresi</surname>
          </string-name>
          ,
          <article-title>A survey of trust management systems for online social communities - trust modeling, trust inference and attacks</article-title>
          ,
          <source>Knowledge-Based Systems</source>
          <volume>106</volume>
          (
          <year>2016</year>
          )
          <fpage>150</fpage>
          -
          <lpage>163</lpage>
          . doi:https://doi.org/10.1016/j.knosys.
          <year>2016</year>
          .
          <volume>05</volume>
          .042.
        </mixed-citation>
      </ref>
      <ref id="ref10">
        <mixed-citation>
          [10]
          <string-name>
            <given-names>T.</given-names>
            <surname>Kampik</surname>
          </string-name>
          ,
          <string-name>
            <given-names>A.</given-names>
            <surname>Mansour</surname>
          </string-name>
          ,
          <string-name>
            <given-names>O.</given-names>
            <surname>Boissier</surname>
          </string-name>
          ,
          <string-name>
            <given-names>S.</given-names>
            <surname>Kirrane</surname>
          </string-name>
          ,
          <string-name>
            <given-names>J.</given-names>
            <surname>Padget</surname>
          </string-name>
          ,
          <string-name>
            <given-names>T. R.</given-names>
            <surname>Payne</surname>
          </string-name>
          ,
          <string-name>
            <given-names>M. P.</given-names>
            <surname>Singh</surname>
          </string-name>
          ,
          <string-name>
            <given-names>V.</given-names>
            <surname>Tamma</surname>
          </string-name>
          ,
          <string-name>
            <given-names>A.</given-names>
            <surname>Zimmermann</surname>
          </string-name>
          ,
          <article-title>Governance of autonomous agents on the web: Challenges and opportunities</article-title>
          ,
          <source>ACM Trans. Internet Technol</source>
          .
          <volume>22</volume>
          (
          <year>2022</year>
          ). doi:
          <volume>10</volume>
          .1145/3507910.
        </mixed-citation>
      </ref>
      <ref id="ref11">
        <mixed-citation>
          [11]
          <string-name>
            <given-names>D.</given-names>
            <surname>Jelenc</surname>
          </string-name>
          ,
          <string-name>
            <given-names>R.</given-names>
            <surname>Hermoso</surname>
          </string-name>
          ,
          <string-name>
            <given-names>J.</given-names>
            <surname>Sabater-Mir</surname>
          </string-name>
          ,
          <string-name>
            <given-names>D.</given-names>
            <surname>Trček</surname>
          </string-name>
          ,
          <article-title>Decision making matters: A better way to evaluate trust models</article-title>
          ,
          <source>Knowledge-Based Systems</source>
          <volume>52</volume>
          (
          <year>2013</year>
          )
          <fpage>147</fpage>
          -
          <lpage>164</lpage>
          . doi:
          <volume>10</volume>
          .1016/j. knosys.
          <year>2013</year>
          .
          <volume>07</volume>
          .016.
        </mixed-citation>
      </ref>
      <ref id="ref12">
        <mixed-citation>
          [12]
          <string-name>
            <given-names>Y. L.</given-names>
            <surname>Sun</surname>
          </string-name>
          ,
          <string-name>
            <given-names>Z.</given-names>
            <surname>Han</surname>
          </string-name>
          ,
          <string-name>
            <given-names>W.</given-names>
            <surname>Yu</surname>
          </string-name>
          ,
          <string-name>
            <given-names>K. R.</given-names>
            <surname>Liu</surname>
          </string-name>
          ,
          <article-title>A trust evaluation framework in distributed networks: Vulnerability analysis and defense against attacks</article-title>
          ,
          <source>in: Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications</source>
          ,
          <year>2006</year>
          , pp.
          <fpage>1</fpage>
          -
          <lpage>13</lpage>
          . doi:
          <volume>10</volume>
          .1109/INFOCOM.
          <year>2006</year>
          .
          <volume>154</volume>
          .
        </mixed-citation>
      </ref>
    </ref-list>
  </back>
</article>