THE SEMANTIC WEB: PROOF, TRUST, AND SECURITY

by Tom Welsh, Editor, Web Services Strategies

After hearing a certain amount about the Semantic Web, even the most naive listener is going to ask: "OK, so all this clever stuff is going on somewhere out there -- but how can I believe what the computers tell me?" This is a very good question, and unless some good answers are forthcoming, it is a project-stopper. People won't use the Semantic Web unless they can trust the answers it gives.

At the detail level, some convincing answers have been put together by researchers. In theory (because we are now beyond the part of the Semantic Web that has been fully implemented), some of the information processors on the Web will use logical operations to prove a range of assertions. Having done so, they can (if asked) explain to their human masters how they came to the particular conclusions they did. Furthermore, once a proof has been carried out, it can be posted on the Web for the benefit of other agents. The point here is that it takes far less time and processing power to check a published proof than it did to prove the result in the first place.

Still, proofs are not enough for people to put their faith in the Semantic Web. The proofs may be quite incomprehensible to us -- in any reasonable timescale, anyway -- and besides, they depend on statements whose truth we cannot safely assume. How do we know that such-and-such a computer, perhaps on the other side of the world, is not lying to us?

So proof must be augmented by trust. The idea is that documents in the Semantic Web will be digitally signed by their authors. So will RDF statements. This will provide a universal basis for deciding how much you (and your agents) should trust a given document or RDF assertion.

Of course, this may not help very much at first. We are in a similar position today with the Web. Microsoft's Internet Explorer allows us to divide the Web into zones -- the Internet zone and the local intranet zone. Security defaults can be assigned for each of these, and there is also a provision for treating specific sites as special cases. Some may be trusted in varying degrees, while others are "blacklisted" (distrusted). While this is a crude enough scheme, it is better than nothing.

As time goes by, the Semantic Web designers expect a "Web of Trust" to come into existence. For instance, trust could be propagated transitively. If I trust Alice, and Alice trusts Bob and Carol, then I may decide to trust Bob and Carol, too. (This is not an entirely risk-free strategy, of course, but you never get anywhere without accepting some level of risk.)

Similarly, distrust could also propagate. Eventually, the Web of Trust will become quite extensive and may even approach completeness. This outcome is rendered more plausible by consideration of the "small world" phenomenon, also referred to as "six degrees of separation." (Experiments have shown that, in some cases, a random person on the Internet can reach another random person through no more than five to seven intermediaries. See, for instance, http://smallworld.columbia.edu.)

-- Tom Welsh, Editor, Web Services Strategies