[OpenID] Web of trust mathematics

[Eric Norman]

On Aug 11, 2007, at 12:30 PM, Peter Williams wrote:

> Henry decided that multiple references to his static RSA-public via  
> FOAF relations will ultimately protect the distribution of the key.  
> that is: checking multiple local resolvers, one can build  
> confidence in a global name/key. This is similar to Ed Gerck's  
> theory of spread-spectrum reliance - for which he provides a basis  
> in classical information theory, information redundancy  - a  
> process that defines a computable confidence metric for a reliable  
> emailAddresses (see nma.com, and its secure web mail scheme).

Editorial note:  you might want to be careful citing Ed Gerck.  A
lot of folks would find this analogy apt: Ed Gerck is to computing
theory as Richard C. Hoagland is to science.  This does not mean
that he doesn't have a good thought every once in a while, and
this might be one of them.

Anyway, the phrase "computable confidence metric" prompts me
to  mention the work of Audun Jøsang.  I've already mentioned
this on Story Henry's blog, but this looks like another opportunity.
Among other things, his work attempts to actually measure the
notion of "confidence" (or "trust").  I'm not claiming the it's Gospel,
but it is interesting and it does correctly capture what seem to be
two "intuitively obvious" notions.

(1)  Confidence decreases as the length of the chain increases.
(2)  Confidence increases with multiple testimonials (issuers).

His publications can be found at

    http://sky.fit.qut.edu.au/~josang/publications.html

A lot of them seem to be mostly the same, perhaps a better list
is the references at the bottom of

    http://www.wikipedia.org/wiki/Subjective_logic

If algebra doesn't terrify you. I recommend starting with

    http://sky.fit.qut.edu.au/~josang/papers/Jos1999-NDSS.pdf

Eric Norman
http://ejnorman.blogspot.com