Traditional trust relationships between business parties were based on legitimate physical identities (eg. shopfront). This physical manifestation is in contrast to an E-Commerce environment on the Internet, where business providers and consumers identify each other by their Web sites, email addresses or some electronic means (eg. a public key, or certificate). These changes have brought about a new set of electronic threats and risks, such as fraud [2], misuse of personal data (eg. credit card number), and deliberate misinformation (ie. the content of Web documents), Web spoofing (ie. mimic legitimate businesses to unlawfully obtain consumers' credit card numbers), eavesdropping (eg. identity theft [3]), and repudiation.

These risks represent elements of uncertainty in the E-Commerce environment, which can produce devastating results (eg. financial losses). To limit or better deal with these elements of uncertainty, Trust has been identified as an important concept in E-Commerce. From a different viewpoint, some works have examined the meaning of Trust [4]. Different Web communities may have different conceptual interpretations and definitions of Trust. However the meaning of Trust in the context of E-Commerce is still very recent, and is evolving along with the Web environment and technologies.

From an E-Commerce perspective, Trust can be seen as a counterweight to elements of uncertainty. E-Commerce Trust can be tentatively defined as: a culturally (ie. Web communities) subjective view and perception (and expectation) of honesty and lawfulness by others.

There are a number of Public Key Infrastructure (PKI) trust models using certificates [5] which provide authentication of identities of business parties, from which an initial trust relationship can then be established. However, there is a lack of coherent assessment of Trust in Web contents within a heterogeneous environment, ie. where there is a combination of a hierarchical PKI trust environment and a Web referral environment.

Previously [1], we have proposed a Trust MetaData, which provides a mechanism to assess the trustworthiness of Web content within a heterogeneous environment. We believe that the trustworthiness of Web contents will be addressed using the Web classification mechanism, ie. Trust MetaData. The proposed Trusted W3 Model provides a coherent, heterogeneous trust Web environment by establishing:

- a realistic way of assessing the trustworthiness of Web contents; and

- a mechanism to address the Transitivity of Trust in a Web referral environment.

This paper will examine: the conceptual viewpoints of Trust Attributes of Trust MetaData; a technique of weighting, assigning and combining trust values on each Trust Attribute; and case studies of Trust MetaData in different scenarios of heterogeneous Web environments.

There are number of Public Key Infrastructure (PKI) trust models using certificates [6] to provide an authentication framework to certify the true identities of the sources of Web objects (eg. a Web server), but they do not address Web contents in a Web referral environment. In the X.509 [7] compliant PKI hierarchical trusted model, Trust is transferred along a set of certificates - which thus forms an unbroken chain of Trust, ie. Transitivity of Trust is created by constructing a chain of certificates. This chain of certificates can be of arbitrary length. The Root Certification Authority (CA) is regarded as the most trustworthy. Everyone must know the public key of the root CA used.

However, in an E-Commerce environment, there is a potential risk involving intentional or unintentional misinformation in a Web content (eg. [8] [9] [10]). Web users would like to have some assurance not only of the true identity of a Web merchant through a PKI certificate (eg. a Web Server ID), but also of the trustworthiness of Web information (ie. the content). The Australian Securities & Investments Commission's recent $4m dollar scam [8] has revealed that some Web users are vulnerable to deliberate misinformation on the Internet.

The Bank of America is highly aware of the commercial value of Trust in an E-Commerce environment, and publishes a statement on their Web site for its own legal protection: "Please note that since we cannot control information on other Internet sites, we are not responsible for the content of sites linked from www.bankofamerica.com." [11]. This example demonstrates the complexity of an E-Commerce environment, the inability of a legitimate Commerce Service Provider's (CSP) to control Web content in a Web referral environment.

To mitigate the risks in an E-Commerce environment, the best option for consumers is taking preventative measures rather than taking legal action after the damage is done. These preventative measures include dealing with trusted parties (ie. legitimate CSPs), evaluating the trustworthiness of Web information, or establishing a trust relationship with the CSP before a trade.

In the X.509-compliant trust model, there is an implication that the level of trust provided by certificates is the same regardless of the distance (ie. length of certification chain) from the root CA, as long as the root CA's public key can be obtained.

Realistically however, it is difficult to construct constant Trust (eg. 100%) in an E-Commerce environment. In a heterogeneous Web environment, there are a number of unclear and undefined elements in organisational and operational areas. These elements can be identified in a static Web document and Web-linked documents, which may degrade the levels of Trust in a heterogeneous environment.

In principle, Trust information is metadata. Metadata is a way of providing additional information about some Web objects (Web server, Web documents, which consists of a single and/or a number of Web pages). Trust MetaData can be simple or complicated depending on a number of factors which may influence Web users' views of the Trust and Transitivity of Trust. These factors include different beliefs (eg. presumption of innocence versus presumption of guilt), cultural background, Web communities (eg. library community, health community, financial community), and the legal systems in which the CSPs operate. As a result of differences of emphasis on the various aspects of Trust, it will be difficult to make one solution fit all requirements.

Based on the Dublin Core Web resource descriptors [12], we have proposed Trust MetaData [1], which attempts to describe different aspects of Web documents and the environment in which they reside. Trust MetaData is categorised into three groups. Each group contains a number of Trust Attributes. In different combinations of certification environments, each group of Trust MetaData provides information about the Web object from the following different trust perspectives: Web contents (group1); relationships between the Web object and its owner (group2); and certification information of the Web object (group3).

To better measure the probability of risk, a numeric value is assigned to each Trust Attribute, which enables trust to be translated to a numeric trust value. The collective trust values of the Trust Attributes from each group will contribute to the Overall Trust Value.

A Trust Attribute acts as an atom of Trust. Each Trust Attribute has some "weight" of trust value, which assists better interpretation of the trust perspective of a Web document. In a heterogeneous Web environment, there are a number of uncertainty elements in each Trust Attribute, both tangible (ie. facts) and intangible (ie. practical experiences).

For example, VeriSign [13] charges US$9.95 for a Personal ID for authenticating an email address. The certificate carries a certain trust value. The CA has only verified the requestor's email address, so only a 60% trust value will be assigned to the Attribute, ie. the email address. Why does the personal certificate carry only 60% not 100% trust value? Because some elements of uncertainty should be included in assessment of trust value:

- unlawful acts: the email address may be sold to unauthorised person;

- insecure practices: some people may share their PCs and allow others (eg. work colleagues, partners, and friends) to use the email address.

Based on the possibility of a misused email address, the Overall Trust Value (between 0% - 100%) for the email address will be assessed according to the probability of "uncertainty elements" occurring. These elements of uncertainty play an important role when assigning a trust value.

Transitivity of Trust is an important concept for a Trusted Web environment, which attempts to maintain an established Trust level through a Web referral environment. It allows a certain level of trust to travel to a defined number of sites or different hosts within the site. The Trust MetaData provides a mechanism to enable Transitivity of Trust.

When a web site refers to other sites, there are a number of "fading factors" in a heterogeneous environment. These "fading factors" represent those "grey" areas of organisational and operational responsibilities and elements of uncertainty from human and non-human causes. Some examples of "fading factors" are as follows:

- The complexity of CA policies: CA policies guide the operations of a CA. Any misinterpretation of CA policies or Certification Practice Statement (CPS) may also result in a loosening of the binding between a CA and its subordinates.

- Formal vs. informal certification: some PKI trust models certify each other's keys and own keys (eg. PGP). This informal certification may have less trust-value than formal hierarchical certification because of the complex legal binding provided by the hierarchical certification.

- Certified vs. non-certified server: a non-certified server should be given less weight of trust.

- The position of the node within the hierarchical PKI structure: the distance to the Root Certification Authority. The further from the root CA, the less trust-value might be contained, ie. the longer the chain, the more fading factors are accumulated, which might reduce the overall assessment of trust.

- Changing management of an organisation: its current organisational and operational policies and procedures may be different from previous management [14] [15].

- Possible operational error: some errors may be caused by human and/or non-human efforts. The competence of employees might also be important for a CA's standards of compliance, or some disgruntled employees or contractors might commit fraudulent acts.

Some attributes are transferable along with its trust value (eg. if the same Author wrote different Web documents which are linked to each other, then the weight trust of the attribute of Author remains the same). Some may not be transferable along with its trust value (eg. two Web documents which do not have the same Identifier). Some may be partially transferable (eg. a Web server may be certified, which is also linked to a non-certified Web server, but with the same Subject), so its trust value may be reduced according to its conditions.

For example, Bank of America's Web server has been certified by a trusted third party (ie. a certification authority, CA), but the server may refer to another Web site which is not certified. This raises the issue of transitivity of trust. Should Web users place the same amount of Trust on a non-signed Web site or should the non-signed Web site have reduced the trust value? It really depends on what Trust Attributes have changed from the signed site to the non-signed site. Based on this information, Trust Attributes may change their trust value. Once the Overall Trust Value of a static Web document has been calculated, it may have to be reassessed when a site is referred to. Therefore, the Overall Trust Value may differ between these two servers.

These fading factors represent a hidden probability of risk and should not be ignored in assessing Trust. In other words, these fading factors might loosen the binding between linked sites, organisations or CAs. Therefore, the "fading factors" should be considered in assessing the Transitivity of Trust in a Web referral environment.

The Overall Trust Value of Trust MetaData represents the final assessments of both tangibles (eg. Web content) and intangible (eg. behaviour) elements of truthfulness and lawfulness about a Web object. This Overall Trust Value is the final counterweight to balance risks with gain in an E-Commerce environment.

From the user's point of view, the newly referred Web site needs to be re-assessed to ensure all fading factors are included and reflected in the newly generated Overall Trust Value. According to different situations, the Overall Trust Value may affect your decision-making process, eg. emailing your home address, or providing your credit card numbers. If you have 90% Overall Trust Value, (ie, 10% risk) you may be in a good position to put a deposit on a car on the Internet. However, it may not be good enough to purchase a house. But if a drug dealer tries to launder money, then the 50% probability of risk may still be safer than storing the drug money at home. Therefore, in the real world, elements of uncertainty should be considered in establishing a trust relationship in a heterogeneous Web environment.

From the Web service provider's point of view, maintaining the highest Overall Trust Value should be a priority when constructing a trusted referral Web environment. This not only relates to approved sites (eg. certified sites) but also reputable sites, ie. with high operational standards (this will be covered in terms of organisational policies and operational procedures).

The higher Overall Trust Value you obtain from the assessment process, then the more confidence you have in the honesty and lawfulness of parties over the Internet. The elements of uncertainty and fading factors realistically exist and affect almost every decision process. In an E-Commerce environment, the important thing is to try to achieve maximum probability of Trust by factoring all possible uncertainty elements into the Overall Trust Value.

There are many possible methods of assigning a numeric value to each Trust Attribute and combining them to form the Overall Trust Value of Trust MetaData. In this preliminary test of the concept of the Trust MetaData, consideration has been given to choosing a method of assigning and combining trust values which can be closely related to a real E-Commerce environment. The probability of fraud is the main concern for calculating trust value in the proposed Trusted W3 Model. In other words, each Trust Attribute is assigned a trust weight according to the "probability of fraud". The resulting Overall Trust Value should be in the range of 0% and 100%.

Based on the principle mentioned above, there are two logical approaches to calculating the trust value from Trust Attributes. First, the base line of trust value (ie. the initial trust value) of a Web content can start at 100% trustworthiness, (ie. the probability of fraud is 0%), and then subtracting trust values from it according to the collected Trust Attributes along with the identified elements of uncertainty, namely a top down approach. An alternative is to set the initial Overall Trust Value at 0% trustworthiness, (ie. a probability of fraud is 100%), and then adding trust values to it according to the collected Trust Attributes along with elements of uncertainty, namely a bottom up approach.

There are two situations which need to be considered: assessing Trust of a static Web document (ie. without considering links to other sites) and assessing the Trust of Web-linked documents. In a static Web document, at the starting point a numeric value is assigned to each Trust Attribute (namely the trust value) and the Overall Trust Value can be generated based on each trust value. In Web-linked documents, the Overall Trust Value of the starting Web page is used as a base line of the Overall Trust Value. Then each different site is visited, the new Overall Trust Value is recalculated, taking "fading factors" into account.

However, there will be some exceptions to what the Overall Trust Value of Trust MetaData provides. For some countries, any government sites (ie. gov.yy) may have a high trust value regardless of its contents or Web information. And some Web users may not be concerned about the trust value of the Web content at all if someone else's money is at risk of fraud.

Based on the proposed Trust MetaData, the following is a preliminary case study on how to calculate a numeric value of Trust MetaData to demonstrate the possible use of Trust MetaData in E-Commerce environment. We will also examine a number of scenarios in which Trust MetaData may be interpreted.

The static value is defined as the numeric result of calculation on trust value based on a single Web document, ie. this static value will include the identified elements of uncertainty of Trust Attributes of the Web document. The dynamic value is defined as the numeric result of calculation when a Transitivity of Trust occurring, ie. a Web documentA refers to documentB. The dynamic value will include the identified fading factors in its calculations.

When a Web document (A) refers to another Web document (B), there are a number of possible Web certification environments: Web documentA and Web documentB are residing on the same site (ie. the same DNS), either on the same host or a different host (ie. machine), eg. "www.acme.com.au" refers to "www.acme.com.au/benefits". Web documentA and Web documentB are residing on different sites (ie. different DNS).

In other words, the referral environment can be constructed to form one of following scenarios in which each trust value of Trust Attributes may vary according to different certification environments.

(Table1)

When Web documentA refers to Web documentB, the Overall Trust Value may be changed. In other words, the identified fading factors will affect the assignment of trust value on each Trust Attribute which forms the Overall Trust Value of Web documentB while Transitivity of Trust is occurring.

In this preliminary test (ie. first stage test), a primitive method has been used employing two commonly used techniques: the Delphi estimating technique and the practical estimating method. Practical estimating method has been used to assign trust value to each Trust Attribute of the best, medium and worst cases, and the Delphi estimating technique has been used for Web-linked documents in Transitivity of Trust to demonstrate a possible way to represent E-Commerce Trust with a numeric value. From the preliminary case study of Trust MetaData in the certification environments, there are a number of interesting findings.

In the best case scenario (eg. [13]), a certified server links to a certified server (S-S), and the site has very few links to other sites. All three groups (refer Section 3) of Trust MetaData are rated well. And these referral sites have also rated well on trust value in all groups. Therefore, each Trust Attribute of each group may be able to maintain its trust value because there are fewer fading factors accumulated. The Overall Trust Value of Trust MetaData is about 80%; in other words, Web users have 80% confidence in the Web document of the site at the time. All information provided by three groups of Trust MetaData has shown that the Web document has satisfied an 80% Trust assessment. However, there is still a 20% hidden risk, so Web users can make a purchase decision based on an awareness of 20% risk.

In the worst case scenario, a non-certified server links to a non-certified server (N-N), and the site has more links to other sites. There is not much information about the site, such as a company profile or other identifiable information about the company (eg. an ACN for Australian company). The trust value on group2 and group3 (refer Section 3) are very poor, ie. each Trust Attribute of each group may be low or none, and group3 of the Trust MetaData may contain no trust value. The Overall Trust Value of Trust MetaData is about 30%.

However, there are some exceptional cases. There are some well-known Web sites from which Trust MetaData cannot extract enough information to assess the trust value [16]. This raises a number of possibilities to extract metadata, such as from internal and external Web documents, which is outside the scope of this paper (This will be addressed by authors in a subsequent paper).

There are some limitations in this preliminary test, although the primitive/basic way of generating numeric trust value gives a simple flavour of how trust value is associated with its Trust Attributes. It has demonstrated a very simple and basic possibility of measuring the Trust of Web documents in an E-Commerce environment. And the preliminary test has shown some positive results which reflect real life examples on how to assess the trustworthiness of Web information. In other words, some real best case and worst case evaluations are mapping very closely from these methods of assessment of Trust. Other alternative methods of assigning and combining for Overall Trust Value will be investigated further with much larger scale samples.

From the preliminary case studies, it is evident that in non-standard metadata information within Web documents it is more complex to both assign trust value to a Trust Attribute and combine each trust value to form an Overall Trust Value in Trust MetaData. And in the evolving E-Commerce environment, there are more existing factors which may need to be considered in assessing and interpreting the Overall Trust Value. In addition, new factors may also surface as E-Commerce technology matures(eg. XML [17], and RDF [18]) and Web communities develop an increased awareness of trustworthiness.

In a broader context and on a larger scale, ie. the Internet, the elements of uncertainty realistically exist and affect almost every decision process. The Trust MetaData acts as a counterweight to balance risks with gain. It provides an assessment of the trustworthiness of a Web object by factoring all possible uncertainty elements into the Overall Trust Value. The higher Overall Trust Value you obtain from the assessment process, then the more confidence you have in the honesty and lawfulness of parties over the Internet. Based on this assessment, Web users can make an informed decision in an E-Commerce environment.

The trustworthiness of the content of a Web document can be seen as a first barrier for Web users considering a purchase. Web users would like to have some assurance as to the trustworthiness of a Web object, and the level of Web security. The trustworthiness of Web information (ie. Web content) is attracting increasing attention among Web users in an E-Commerce environment.