eCommerce Trust via the Proposed W3 Trust Model

Yinan Yang, Lawrie Brown, Ed Lewis

School of Computer Science,

University of New South Wales,

University College, ADFA

{yany97, Lawrie.Brown, e-lewis}

Jan Newmarch

School of Network Computing

Monash University, Melbourne, VIC



The major industrially adopted public key trust models are primarily hierarchically structured to form a vertically trusted environment (eg. X.509), whereas most web documents are hypertext linked to form a horizontally referral (or web-linked) environment. By introducing a set of trust attributes in such a heterogeneous environment, transitivity of trust can be implemented. The proposed Trusted W3 Model described in this paper combines a vertically trusted public key infrastructure with a horizontally referral Web classification of trust metadata. The proposed W3 Trust Model provides a mechanism to assess both the trust and the transitivity of trust of web contents.


1. Introduction

Traditional trust relationships between business parties were based on legitimate physical identities (eg. shopfront). This physical manifestation is in contrast to an eCommerce environment on the Internet, where business providers and consumers identify each other by their Web sites, email addresses or some electronic means (eg. a public key, or certificate).

These changes have brought about a new set of electronic threats and risks. Some risks include fraud [NFIC, 1999], misuse of personal data (eg. credit card number), deliberate misinformation (ie. the content of Web documents), Web spoofing (ie. mimic legitimate businesses to unlawfully obtain consumers' credit card numbers), eavesdropping, identity theft [USA, 2001], and repudiation.

These risks represent elements of uncertainty in the eCommerce environment, which can produce devastating results (eg. financial losses). As a result of these risks, there is an increasing awareness among web users of the issue of authenticity: of business partners, service providers and product information.

To limit or better deal with these elements of uncertainty, Trust has been identified as an important concept in eCommerce [Yang, et al, 1999b]. The trustworthiness of a web document is an increasing factor affecting the rate of growth of eCommerce.

From an eCommerce perspective, Trust can be seen as a counterweight to elements of uncertainty. eCommerce Trust can be tentatively defined as: a culturally (ie. Web communities) subjective view and perception (and expectation) of honesty and lawfulness by others [Yang et al., 1999a].

2. Statement of problem

Different Web communities may have different conceptual interpretations and definitions of Trust. However the meaning of Trust in the context of E-Commerce is still very recent, and is evolving along with the Web environment and technologies.

From different perspective, there are some works have looked at the issues of Trust, such as the meaning of Trust [McKnight, 1999], legal aspects of Trust [McCullagh, 1998], IT security industry viewing Trust [VeriSign, 1998], and Web professional viewing Trust [Khare, 1998]. Some Trust related projects include the DSig project [Khare, 1998], and the REFEREE Project [EFEREE Project, 1998] by W3C working groups.

There are several public key infrastructure (PKI) trust models (X.509, PGP, SDSI/SPKI) [Yang et al., 1998] that have been developed, which involve digital signatures and other security services (eg. authentication, authorisation, access-control-list, privacy). The major industrially adopted PKI trust models are primarily hierarchically structured (eg. X.509) to form a vertically trusted environment [Yang, et al., 1999b].

(Figure 1) PKY hierarchical Structure

However, in contrast to the hierarchical PKI trusted environment (Figure1), most web documents are hypertext linked to form a horizontally (or web) referral environment. The nature of web documents requires an additional way to propagate trust from a parent (or root) web document to their signed or unsigned offspring web documents, giving rise to a heterogeneous trust environment on the Internet.

There are a number of methods and metadata models such as Back-propagation [Marchiori, 1998], Dublin Core (DC) [DC, 1998], Meta Content Framework [MCF, 2001], and ICRA [ICRA, 2001].

The back-propagation method [Marchiori, 1998] tries to automatically generate a metadata description, and make it easier to classify web information by "fuzzifying" the metadata attributes. In his mathematical formula, there is a "fading factor" during the back-propagation. However, the "fading factor" has not been specifically identified nor how the "fading factors" relate to the metadatum of web documents. The DSig project uses "digitally signed labels to make authenticateable assertions about standalone documents or about manifests of aggregate objects" [DSig, 1998].

Existing metadata models are targeted to a particular group. For example, Dublin Core is a set of descriptors to describe web publications, the meaning of each descriptor defined from the point of view of library communities. RSACI is used by parents and teachers for filtering the content of information on the Web.

 There is a lack of connection and analysis on the following areas:

In other words, there is a lack of coherent assessment of trustworthiness of Web contents within a heterogeneous environment, ie. where there is a combination of a hierarchical PKI trusted environment and a Web referral environment.

3. Proposed Approach

The proposed W3 Trust Model is in an attempt to narrow the gap/disconnection between a PKI environment and Web referral environment. The proposed trust attributes (trust metadata) of W3 Trust Model combines a vertically trusted Public Key Infrastructure (PKI) with a horizontally referral Web environment. We believe that it can provide an adequate trust environment and promote the transitivity of trust within its defined trust domain (ie. Web referral environment with a manageable number of nodes on the Internet).

The following provides general analyses of the heterogeneous environment in which the W3 Trust Model resides, and issues of Transitivity of Trust within the heterogeneous trust web environment.

In contrast to the PKI vertically trusted environment, horizontally referred web documents are the most common in a web environment. The Figure 2 shows that common web referrals are arbitrary and horizontal (ie. web-linked).

(Figure 2) Web-linked documents

Is a certified server (ie. certified machine) sufficient for web users to trust the information and make a purchase on the web? A certified server only proves the authenticity of the server (eg. web server), but does not prove web content information on the server. Also, in most cases, the communications between the server and client machines are not secure until web users agree to give their credit card numbers.

A well-known CA displayed the following information on its web site: "Keep in mind that it is not necessary to make all the pages on your server secure. SSL (Secure Socket Layer) imposes some performance overhead. Therefore, most server software packages allow you to apply SSL selectively to those pages which require encryption (eg. payment pages) while leaving other pages (eg. product information pages) unsecured" [VeriSign, 1998].

It can be said that Trust has been established at the point of purchase once web users accept the trustworthiness of the web information, and are convinced either that there are no risks present or that assurances outweigh the risks.

The certified server and the web information should be considered as separate entities. An authentic server only shows web users that it (eg. the URL of the web server) is truly the server it claims it is. The CA certified the server does not provide a complete guarantee of the web information it contains, ie. the CA of the server has no total control over what web information is put on the server and who has control of the web information in operational aspects. This is particularly true when an organisation does not run its own web server (ie. outsources its web server to another company).

What is the alternative?

A Set of Trust Attributes

Trust information is metadata. Metadata is a simple way of providing information about a web resource, eg. a web document. The main function of the Trust Metadata (ie. a set of Trust Attributes) is to specify information on the trustworthiness of a web document, providing the Trust Attributes (covering different aspects of a web document) have been defined properly, ie. sufficient information has to be extracted from all aspects of a web document in the heterogeneous Web environment.

Trust metadata can be simple or complicated depending on how we would like to define it. "Trust is in the eye of the beholder", ie. different beliefs and cultures may lead to different sets of trust attributes.

In simple terms, to trust a web object (eg. a web document) is similar to developing trust in strangers. We want to know about their past, present, their associates, and the environment they live in by questioning themselves, referees, their families, friends, and people we trust, to see if they know about the strangers. And we hope that we ask all the right questions to each group of people and get complete, accurate answers back, which then can be processed without an error or obstacle.

On the web, the whole process of establishing trust must be done within a few seconds. Otherwise, business providers may find no one wants to do business with them. In addition, if the method of providing Trust Attributes (which form Trust Metadata) is too complicated to implement and too difficult to use, then it will deter its use. Therefore, a simple and friendly method is very important.

What Trust Attributes are needed to gather all the trust information? In principal, Trust Attributes should be able to describe most aspects of a web document and the environment in which web documents reside. The Trust metadata should assist better interpretation of individual trust attributes and provide meaningful information on the trustworthiness of a web document. There is a basic set of attributes, such as signed or unsigned web documents, and signed or unsigned servers (eg. a web server).

Based on the Dublin Core web resource descriptors, we suggest the following Trust Attributes be used in Trusted W3 Model to describe a web document from the Trust perspective [Yang et al., 1999a]. The objective of Trust Attributes is to provide information about not only the contents of a web document, but also ownership, and certification information. Trust Attributes can be categorised into three groups as follows.

a. Web Object Content:

b. Relationship Between the Web Object and its Owner:

c. Relationships Between the Web Object and the CA:

These proposed Trust Attributes are tentative. Some refinements will be needed to enhance the Trust metadata of a web document and to reflect any changes of the heterogeneous Web environment. There may be more attributes that could be added to this initial set of trust metadata, eg. a number of different URLs refer to the web document or a number of visitors, which may provide some information about web documents that are trusted by many other web users.

In general, the following conclusions might be drawn:

4. Current state

Based on our proposed W3 Trust Model, the initial implementation has been completed. However, the implementation only provides a basic demonstration of how the W3 Trust Model works in action.

5. Future work

The proposed W3 Trust Model provides a mechanism of the evaluation of trust and transitivity of trust through carefully constructing a trust metadata tree using online service "relevance" assessments, verifying certificate(s) and logically combining the calculated values. There are a number of areas in which the W3 Trust Model will be further developed. These areas include:

The W3 Trust Model does depend on online service providers' Web contents being compliant with a metadata standard. Given wide use of XML in eCommerce environment, the potential benefits of using XML and RDF may be explored for standardising trust metadata.

The proposed Trusted W3 Model provides a coherent, heterogeneous trust Web environment by establishing:


[DC, 1998] Dublin Core Metadata initiative, current version Oct 1998.

[DSig, 1998] W3C DSig Project, "DSig 1.0 Signature Label Specification", current version 1998.

[EFEREE Project, 1998] EFEREE Project,, current version 12 November 1998.

[ICRA, 2001] Internet Content Rating Association,, current version June 2001.

[Khare, 1998] Roht Khare, "Digital Signature Label Architecture",, current version October 1998.

[Marchiori, 1998] Massimo Marchiori, "The limits of Web metadata, and beyond", W3C, MIT Laboratory for Computer Science, 545 Technology Square, Cambridge, MA 02139, USA.

[McCullagh, 1998] A. McCullagh, "E-Commerce: A Matter of Trust", the Proc of the Information Industry Outlook Conference, Canberra, 7 Nov 1998.

[MCF, 2001] Meta Content Framework,, current version June 2001.

[McKnight, 1999] D. Harrison McKnight,

"The meaning of Trust",, current version 20 January 1999.

[NFIC, 1999] National Fraud Information Centre (NFIC), "Internet Fraud Statistic Reports",, current version 2 May 1999.

[USA, 2001] "U.S. government's central website for information about identity theft",, current version June 2001.

[VeriSign, 1998] VeriSign, "Server ID Centre", URL at, current version 7 March 1998.

[Yang et al., 1998] Yinan Yang, Lawrie Brown and Jan Newmarch, "Issues of Trust with Public Key Certificates", Published at the AUUG’98 Conference Proc, p77-93, 14-18 Sept 1998.

[Yang et al., 1999a] Yinan Yang, Lawrie Brown, Jan Newmarch, and Ed Lewis, "A trusted W3 Model: Transitivity of Trust in a Heterogeneous Web Environment", the Proc of AusWeb99, June 1999.

[Yang, et al., 1999b] Yinan, Yang, Lawrie Brown and Jan Newmarch, "Tokens of Trust: Different Certificates for Different Trust Models", the Proc of the UniForum NZ99 Conference, April 1999.