An Extended Service-Oriented Architecture for Consumer-Centric E ...
Recommend Documents
The International Arab Journal of Information Technology, Vol. 3, No. 1, January 2006 .... The e-learning model in SQU is at its initial stage, and is allowing the ...
the architecture of a translation system, we present a module for ... Due to the high complexity of this task, the sys- ..... Contradictions to Generation Constraints:.
rectly affecting the data management in e-Health environment. The former, the .... security key and certificate management for the participating devices. Getting ...
systems and discusses the security issues it leads to and provides a specific framework .... security key and certificate management for the participating devices.
The lack of native support from database vendors for third party replica- tion forces .... Custom interfaces to extract write-sets for different replication strategies.
Recently, third party solutions for database replication have been enjoying an ... Database replication has been a common feature in database management.
EXTENDED ENTERPRISE ARCHITECTURE FOR NATIONAL PARK ... The interconnection of planning systems, monitoring sensors, visualization tools, and ...
Email: {pj101, robertl, pern, martens}@ics.kth.se. Abstract. The discipline of enterprise architecture advocates the use of models to support decision-making on ...
contemporary information systems provide clear effi- ciencies that ... accounting for situational constraints such as in
Department of Information Technology and Operations Management, College of Business, Florida Atlantic University,. 777 G
The high level of automation of contracting processes allows companies to realize new business and organizational models that lead to improved market com-.
Section 3 describes our vision of a Knowledge-based e-Science infrastructure. A blueprint architecture is presented in Section 4. Afterwards. Section 5 gives an ...
board Inc., n.d.), Swift Author (Gemini Inc., n.d.),. Macromedia ... recent examples of the application and inte- ... there been proposed any standard development.
Abstract: We introduce the DR-CONTRACT architecture to represent and reason on e-Contracts. .... Law field, and Governatori and Rotolo (2004); Governa- tori et al. ..... of a contract, while the canonical form is the closure of all fragments of a ...
course on computer ethics within an e-learning environment. ..... architecture towards teaching computer ethics online. Although many experts are doubtful about.
an electronic services ontology besides the usual domain ontology and sources de- ... e-service as an integrated provider-independent offer available on a given e- ... ered by the MKBEEM platform that âbest matchâ the ontological formula.
10) Against fields of endeavor (Koohang & Harman, 2005). ..... Joshua, Obille, John, & Shuaibu, 2016 rcommended Customized platform int their papper.
promote the utilization of hybrid set-top boxes for the reception of broadcast and broadband digital TV and multimedia applications with a single user interface.
an electronic services ontology besides the usual domain ontology and sources de- scriptions layers. .... Each content provider agent is identified by its name.
must filter out irrelevant data (for example, mouse move- ments are ... API to the learning management system (LMS). SCORM ..... tity providers (currently Facebook and Google). .... Rifón. Reverse oauth: A solution to achieve delegated au-.
distribution, leading to a revolution in the television market. In fact, the combination of .... architecture is the part handling user application interfaces, so the closer to the .... so that each Bluetooth MAC address is assigned a user identifier
The Extensible Security Adaptation Framework (Esaf) separates the ... Autonomous systemComputer securitySystem architectureAdpative systemMiddleware ...
An Architecture for Toolbox-based Software Architecture. Reconstruction Solutions. Ana Dragomir, M. Firdaus Harun, Horst Lichter. Research Group Software ...
Aug 30, 2011 - objects with a small effort. Finally ... To test DigiHome, we have employed two MacBook Pro laptops, ... This is a good char- .... In CoBIs [28], business applications are able to access functionalities provided by the sensor.
An Extended Service-Oriented Architecture for Consumer-Centric E ...
propose for e-commerce in one business domain for one service provider. ... strengthened by browsing, the consumer can access Registry in which ECSs are ..... to recognize that many consumers want to remain anonymous and their right to ...
An Extended Service-Oriented Architecture for Consumer-Centric E-Commerce Kaiyu Wan1, Vangalur Alagar2, and Naseem Ibrahim3 1Xi’an
Jiaotong-Liverpool University, Suzhou, PRC University, Montreal, Canada 3Albany State University, Georgia, USA
2Concordia
ABSTRACT This paper investigates the trust aspects propounded by the three Economic Theories, Transaction Cost Economics (TCE), Information Economics (INE), and Socio-Economics (SOE), and justifies their embedding in a serviceoriented architecture (SOA) for consumercentric e-commerce. The embedded trustworthiness features are consistent with the Economic Theories, and most importantly the services during their publication, discovery, and execution are bound by trustworthiness assertions. This approach provides a sound basis for asserting that services in the extended SOA model are trustworthy. The proponents of the economic theories, after a scientific study of the relationship between buyers and sellers, conclude that trust adds economic value. Both value and trust become a shared virtue of partners engaged in e-business transactions. This motivates us to place the consumer centrally in the value enhancement process of the service provider, thus making the e-service architecture consumer-centric. We give a detailed description of the service model and the architectural elements, explain service provision and service composition features within this architectural framework.
Keywords: Extended SOA, E-Commerce, Trustworthiness, Service Model, Service Delivery
1 INTRODUCTION Traditional e-commerce was business-oriented, mainly with a view to improving business efficiency, restructuring business organizations, and modifying business policies. In this view, the consumer was not treated as a first class citizen of the system. The current technology that drives the Internet, which is the medium of e-commerce transactions, has become quite powerful and sophisticated that the bargaining power of consumers has increased immensely so that they can choose what they want, and whenever they want. In other words, consumers are now active players in an e-commerce system. Consumer’s needs must be understood and fulfilled by the business in order to add economic value. Recognizing the fact that creating value is a fundamental goal of e-commerce, we propose in this paper a framework for consumer-oriented ecommerce system. In business, the relationship between buyers and sellers are scientifically studied by three Economic Theories (ET) [11], called Transaction Cost Economics (TCE), Information Economics (INE), and Socio-Economics (SOE). These three theories conclude that trust add economic value. We briefly discuss these theories in order to uncover the types of information (knowledge) that the business should exchange with the consumer in order to earn trust and add economic
value. The major contribution of our paper is an extension SOA for a consumer-centric e-commerce system in which trust aspects propounded by the three Economic Theories are integrated.
1.1 Basics of SOA Extension SOA is regarded as an emerging view of the future of distributed computing and enterprise application development. The basic building unit for SOA-based applications is service. According to Gartner [15] business services are autonomous, reusable, loosely coupled, and portable. We assume that the business enterprises use SOA principles for the creation of goods and services so that they can be depended upon by the consumer. The consumer-centric part is an extension of this business layer such that both the business layer and consumer layer are fitted into SOA principles. In the consumer-oriented part, the consumer is an entity and the output from business processes will become visible to the consumer. That is, the SOA capabilities are invoked by external consumer programs at this level. That is the services are published by the business, whereas services are discovered, selected, ranked, and composed by the consumer. Consumer activities are usually enabled by a published service contract. A service contract establishes the terms of engagement with the service, provides technical constraints and requirements, and provides any semantic information that the business owner wishes to make 74
public. We extend the concept ConfiguredServices defined by Ibrahim [16], and enrich it for e-commerce service specification. This extended notation is called Electronic ConfiguredService (ECS). It binds a e-commerce service functionality with non- functional, trustworthy, legal, and contextual aspects of service. The contract part of ECS also specifies the benefits to consumer. A contract can be negotiated between the vendor and consumer until they reach an agreement, at which stage an Electronic Executableservice (EES) is created. Consequently, our approach is both serviceoriented and consumer-centric.
1.2 Trust vs. Trustworthiness The basis of exchange of goods between business partners must be trust [12], which builds confidence. The essence of trust is that the confidence it builds will make consumers comfortable in believing the quality of advertised products, which they may ultimately purchase, sharing personal information with business firms with total confidence, and acting on their recommendations. In traditional commerce, trust is defined [3] as one party’s belief that the other party will not exploit its vulnerabilities. On the Internet this aspect of risk arising out of the possible exploitation is further strengthened, as aptly remarked by Friedmnan [10], “the greatest difference between trust online and in all other contexts is that when online, we have more difficulty (sometimes to the point of futility) of reasonably assessing the potential harm and good will of others, as well as what counts as reasonable machine performance. That is why people can engage in virtually identical online transactions, yet reach widely disparate judgments about whether the interactions are trustworthy.” The two terms ‘judgments’ and ‘trustworthy’ are quite significant. The term ‘judgment’ refers to the conclusion of a consumer after evaluation of a relation that exists between the consumer and the system behavior. The result of this evaluation leads to either trust or mistrust. In fact, the trust itself may belong to one of several levels, ranging from ‘most trusted’ to ‘least trusted’. The term ‘trustworthiness’ refers to the system property that denotes the degree of user confidence that the system will behave as expected [28,2]. The terms trustworthiness and dependability are used interchangeably [30]. Dependability is defined as ”the ability to deliver services that can justifiably be trusted” [2,19]. A comparison between the two terms presented in [2] has concluded that the two properties are equivalent in their goals and address similar concerns. Thus, the goals of dependability are providing justifiably trusted services and avoiding long outage of service that is unacceptable to the consumer. The expectation is that once trustworthiness is verified and the system is declared dependable the consumer judgments should be more favorable, in that consumers trust the system. That is, the consumer-centric ‘judgments’ are to be expressed and evaluated against the ‘trustworthiness assertions’ expressed by the vendor. If consumers have a say in the
definition of ‘trustworthiness’ then the judgements are likely to be more favorable. So, it becomes necessary for the vendor to determine the dependability criteria or the trustworthiness features at the time when consumer requirements, both functional and non-functional, are identified. Unfortunately, no e-commerce system vendor solicits requirements from consumers. Instead, they assume the requirements and put together a system, which ultimately causes ‘disparaging judgments’. So, in order to be dependable e-commerce systems should evolve to become more and more consumer-centric in which vendors collect consumer feedback and assimilate them in system requirements. Vendors should allow and facilitate the verification of their trustworthy claims by consumers before entering into a transaction. During a transaction vendors should provide sufficient information to users to convince them that their requirements (and concerns) are fully respected. The architectural design for a trustworthy consumer-centric ecommerce system discussed in this paper focuses on these issues.
1.3 Policies vs. Economic Theories An e-commerce system owned by a business is governed by a well-defined set of its institutional policies. In our design such policies are aligned with Economic Theories (ET) [11]. Since trustworthiness, as a system property, conforms to ET and the business policies are aligned to ET, the trustworthiness property also conforms to the business policies. Consumers must be made aware of these policies. This is an essential step to educate as well as convince the consumer that the system behavior is consistent with the announced policies, which in turn creates economic value. This means that ‘consumer level judgment’ on a e-commerce system will tend to be more rational rather than adhoc. As a result, the system level trustworthiness property and the trust coming out of ‘consumer level judgment’ have ET as the meeting point. The research reported in this paper is motivated by these thoughts.
1.4 Contributions A significant contribution of this paper is the embedding of the three Economic Theories [11] in a consumer-oriented ecommerce system. We analyze the three ETs and bring out their respective trust aspects, and then propose formal mechanisms to integrate them in an e-commerce framework. To our knowledge no work has been done along these lines for ecommerce design. Our goal is achieved through the following sub-contributions. 1. In Section 2 we review the three ETs and establish a relationship between the trust aspects in ETs to the trustworthiness property defined in [25] as a 75
compound property of safety, security, availability, reliability, and accountability. We define a consumer-oriented architecture (COA) in Section 3. We explain the steps of engagement between the consumer and the system, and the trust fulfillment activities that add economic value. In Section 4 we present the design of the browser and its interfaces. The browser is one of the main components of COA and is the vital window to the consumer for viewing the list of published services. The browser design fulfills the requirements for the trust aspects of ETs. In Section 5 we explain the design of the Service Registry and the structure of ECS. The context formalism of Wan [32,33] is used in the contract part of ECS to enforce context-dependent trustworthiness evaluation of e-commerce transactions. In Section 6 we emphasize the need to create flexible contracts and discuss a short hand notation for crafting flexible contracts. In Section 7 we extend the COA with a Mediator at the service layer. In this extended architecture, called COAWM, the mediator will analyze the semantic dependencies of services in creating complex services at service execution times. The dynamic service composition method is both new and novel. In Section 8 we conclude the paper with a discussion on the significance of our work and give a summary of our ongoing work.
2 TRUSTWORTHINESS OF A SYSTEM AND
being an open ubiquitous system we may add accountability to this list of attributes. Below we relate these five attributes of trustworthiness to the nature of trust in the three Economic Theories. The theory of TCE states that every transaction between buyers and sellers in a marketplace has a quantifiable direct and indirect cost, as well as an unquantifiable cost. The direct cost is the cost involved in negotiations, contract drafting and service implementation. The indirect cost may include cost of information dissemination, and monitoring the different transaction phases. The unquantifiable cost is usually the “cost of disadvantage” in the event of broken links, broken promises and missed deadlines. The TCE theory postulates that the following trust building behaviors will offset the cost of disadvantage. – Information should be disseminated to consumers without interruption in a proactive manner. This in turn requires system availability, and reliability in information communication. – The communicated information must be correct and current. That is, integrity of information must be assured. Sometimes, information must be disseminated in total confidence, which in turn requires the presence of security and privacy features. – Information that corrupts the behavior and quality of service of the system, as well as the environment where the information is delivered, must be avoided. That is, safety is an important feature of information dissemination. – The different phases of transactions must be monitored. This requires the validation of business policies, including security and safety policies, in every transaction.
TRUST ASPECTS OF ECONOMIC THEORY In business, the relationship between buyers and sellers has been studied [11] in the three broad areas Transaction Cost Economics (TCE), Information Economics ( INE), and SocioEconomics (SOE). Each theory brings out the nature of relationship between buyers and sellers that defines the business model and explains the nature of trust that is relevant to that theory. In software dependability research, the emphasis is that software developers are required to define a dependability criteria as a system goal at the requirements analysis level and then convincingly verify that this criteria is met in the final product. The Microsoft White paper [24] has suggested that the trustworthiness of a system is a compound property made out of the four important attributes safety, security, availability, and reliability. An e-commerce system
In summary, the trust attributes related to TCE theory are safety, security (integrity included), availability, accountability (transaction monitoring), and reliability. This concurs with the trustworthiness definition given earlier. Since the TCE theory explicitly mentions contract drafting, it is imperative to have a formal service contract behind every ecommerce transaction. Contracts specify not only milestones and deadlines (explicit advantages), but consequences ( disadvantages ) for not meeting them. When a stated promise is fulfilled it is natural to expect both parties to raise their mutual trust levels. When a stated promise is not fulfilled, both parties are bound by the exceptions stated in the contract. Once both parties agree on those exceptions it is expected that their mutual 76
trust levels will not be lowered. The only situation when mistrust arises is when the exceptions are not followed by the signatories of the contract. It is with this view that we introduce flexible contracts in this paper for e-commerce transactions, and use it as a mean of calibrating the trust levels between vendors and consumers. Thus in our model both trust and value creation processes are integrated and mutual.
have behavior models, context models, and an adaptation strategy to sense and react to consumer contexts. Thus, it seems possible to achieve the effect of “direct contact” in the virtual medium. An investigation into building such agents is far beyond the scope of this paper. We include in our architecture features that fulfill the information dissemination aspect of INE theory.
The INE theory postulates the existence of an asymmetric relationship between sellers and buyers, and analyzes its impact with respect to market performance. The asymmetry arises from the fact that sellers (service providers) have the knowledge about their goods and services, whereas the buyers (service requesters) may have little or no knowledge on what to expect from the buyers. Since the consumer has to determine which ones have value, the sellers should try to perform knowledge-intensive functions to educate the consumer. All aspects of business services may be hard to describe textually, and often visual display of information may not convey the underlying semantics of products and services. So, sellers should employ sophisticated technology-based tools to convey the knowledge to consumers in order that they may be able to evaluate the value potential of offered services.
The theory of SOE studies the role of social networks and cultural aspects in influencing market behavior. SOE concludes that trust arising out of social and independent business research affiliations plays an important role in business evolution. Consumers may seek recommendations from social groups [22,23], and consult independent experts and trusted authorities (such as Better Business Bureau) to guide them in choosing best vendors. A service provider may be ranked by independent trusted authorities and by consumers. To satisfy the requirements from SOE theory, in our architecture we include two kinds of recommendation lists in a ECS. Thus, in a Electronic ConfiguredService (ECS) two kinds of recommendation lists appear. One list is from the trusted authorities and experts who have evaluated the announced service. The other list is from the consumers. The service provider will ensure that these trust recommendations are both truthful and verifiable.
The INE theory postulates that feeding more information to buyers may not help to sell products in an asymmetric relationship. The theory suggests that in order to overcome information asymmetry, information must be filtered, screened, and delivered directly to buyers before selling products. Another important implication of INE theory is that even if user-friendly interfaces to the web pages of sellers are added, as suggested by MoTEC model [7], it may not help disseminate information to buyers because of the steep learning curve required by consumers in understanding the product metrics from the web pages. In other words, the learning curve required by consumers must be made “less steep” through “long term” contacts and tutorials. In essence, INE theory emphasizes trust building through direct interaction. At first, it seems that this theory may not be helpful for e-commerce because e-commerce medium is only virtual. We reckon that the INE theory can be integrated within e-commerce by introducing contextawareness and Personal Agents (PA). The PA at a vendor site will build consumer-centric behavior models and using contextawareness they will project different views of products and services to consumers in different contexts. The PA will
3 CONSUMER-ORIENTED
ARCHITECTURE
FOR E-COMMERCE Figure 1 shows the consumer-oriented architecture that we propose for e-commerce in one business domain for one service provider. This architecture is easy to generalize for different domains. An e-commerce marketplace architecture is obtained by instantiating this generalized architecture for all the service providers in the marketplace. For our discussion, the architecture shown in Figure 1 is sufficient. The business firm’s Service Creation Facility (SCF) creates and manages the services offered by it. We assume that SCF is constructed under SOA principles, and has rich interfacing to the Consumer-oriented Architecture (COA) built on top of it. SCF is a black-box for COA and the consumer is represented by the unit Consumer, a first class entity of COA. Any SCF can be plugged into COA, as long as the interfaces to
Fig.1. Consumer-oriented Architecture Model for E-Commerce
COA are respected. With loose coupling between SCF and COA, the mechanisms for service creation, the supplier side and management issues governing SCF services can be changed without changing the interfaces of SCF. Similarly, more features may be added to COA without impacting the SCF. The Browser in COA is a window to the knowledge-base of SCF. Consumers use this interface to gain general information on services, semantic definition of critical terms used in services, affiliations of the business firm, and policies governing the business model of the firm. A comprehensive description of consumer activities enabled by the browser is given in Section 4. Once the consumer’s intent to buy is strengthened by browsing, the consumer can access Registry in which ECSs are published by the firm. The Registry contents may be updated by the firm without interrupting the consumer activity. In Section 5, we discuss the structure of ECS and consumer activities related to the Registry. Before service selection, a consumer may contact the Authentication Authority (AA) to verify the claims made by the service provider in the ConfiguredService selected by him and be assured that they are correct. The Negotiation unit is responsible for creating a flexible contract, the one that will
bind the consumer and the service provider during and after the execution of the contract. We discuss flexible contract creation in Section 6. The Execution unit is responsible for checking consumer credit, interacting with bank for credit card transaction, and advising the SCF management on service delivery. Our intent in making the Execution unit a part of COA, not a part of SCF, is to emphasize two aspects. One aspect is that the personal information of a consumer shared with SCF management is related only to enhancing INE trust aspects. The second aspect is that the consumer shares her personal information related to service execution with Execution unit, thus assuring confidentiality and privacy of the consumer during service execution and delivery. We do not discuss the details of execution activity in this paper. Based on this architecture we list below the engagement steps and in each step we make the protocol precise. We emphasize that in each step the trust relationship is fulfilled in order to earn economic value. 1. Step 1: Motivate and Strengthen the Intent to Buy: Consumers are given a chance to learn about the specification and quality of the product they want to buy and services associated with the purchase of the product from service providers. They may
compare the reputation of service providers, seal of quality on products, service quality recommendations, business policies and contractual obligations of different service providers before they intend to transact with a specific service provider. Consequently, the intent to transact with a service provider arises only after they trust what they have browsed in the service provider’s Browser. In order to increase the consumer’s intent to buy, a service provider must faithfully follow INE and TCE principles in product and service descriptions and convince the consumers that they are trustworthy. We explain in Section 4 the steps to follow by the service providers in order to convince the consumers of their trustworthiness and influence them decide to make a transaction with them. The consumers, following the SOE theory, should seek recommendations about service providers. 2. Step 2: Sustain the Interest with ECS Description: The consumer chooses a service provider, registers with the service provider, and gives some personal information and preferences. As part of registration process, the consumer profile is collected in order to be served in a trustworthy manner. The registered customer is authenticated by the service provider, and is allowed to browse the Registry. The service provider offers a suitable interface to the Registry through which the consumer can access all the ECS that are relevant to her preferences. The level of formality is such that the consumers can understand without ambiguity the published ECS list in order to choose the one that best suits them. So, each ECS description should be precise, should concern one product or one service, and should include the quality attributes pertaining to trustworthiness of the product. The consumer is to be given an opportunity to verify the claims made in the ECS contract. Moreover, the consumer is given sufficient evidence in order to trust the service provider, especially in safeguarding the personal information and the preference profile. Consequently, the service providers will be following TCE principles in defining their ECSs. We explain in Section 5 the steps to be followed by the service providers in order to sustain the consumer trust already earned, and persuade the customer to make a transaction with them.
3. Step 3: Offer Flexible EES: In many situations consumers might require some modifications to the contract binding the service they intend to buy. An example of modification is that the place of delivery may have to be changed. Motivated by INE principles, we discuss a precise short hand notation for drafting flexible contracts. This notation is quite expressive, yet information content is kept to a minimum. Exceptions for automatic renewal, modification, and termination of contracts can be part of flexible contracts. We explain in Section 6 the nature of flexible contracts and their conformance to the three ET principles. In order to provide consumers a rich repertoire of services, such as complex services and ranking of services obtained from competing service providers, we extend the COA architecture with Mediator in Section 7.
4 BROWSER DESIGN - STRENGTHENING INTENT TO BUY The Browser in the COA must give essential and sufficient information on the service provider and its services in order to attract and motivate consumers to shop with it. Information flooding must be avoided, as recommended by INE theory. It is necessary and sufficient to state the product and service domains, types, and policies governing the purchase of products. A mission statement emphasizing consumer-centric business model of the service provider and policies that embrace TCE trust principles must be made available to consumers. As part of the mission statement, privacy and security policies must be included. This will reduce the fear of risk from consumer and will infuse some confidence which in turn will strengthen the consumer intent to buy. As an example, to emphasize the service provider’s integrity the memberships in Better Business Bureau or National Chamber of Commerce or the preferred status earned for servicing security-critical systems might be displayed in the interface. A seal of trust awarded by a Trusted Authority, and trust recommendations from the customers of the service provider on product and service quality should also be displayed by the service provider. This is in line with SOE theory to improve the acceptance level of prospective consumers. Based on this discussion the interface types for the Browser activities are suggested, and
are shown in Table 1. Each column in the table is an interface type, and the attributes of a type are listed in its column. An attribute qualifies some semantic content related to the interface type. In e-commerce there is a need to distinguish between the terms product and service, although service providers in some domains might use the terms interchangeably. In a serviceoriented system, services are central. A product may be associated as part of service delivery. However, in the context of e-commerce systems it is conceptually clearer to distinguish between products and services. When we buy books on-line we are buying (physical/tangible) products. When we are buying life insurance or health insurance or ordering cable service we are buying services. In life insurance business ‘whole life insurance’ and ‘term life insurance’ are also called ‘products’,
although these are not tangible products. A product may provide many services, of which some are dependable while some are not. As an example, the ‘calling service’ in a cell phone may be dependable, whereas ‘the call forwarding service’ may not be dependable. Thus, a product may be rated as ‘trustworthy’, although some of its services may not be trustworthy. In contrast, a service is either dependable or is not dependable - it cannot be both. Thus, in discussing trustworthiness we need to make a clear distinction between products and services: when dealing with services trustworthiness refers to the ‘quality of the service itself’, and while dealing with products trustworthiness is a combination of the quality of the product and the services provided by the product. To keep this distinction, we have introduced Product or Service as an interface type.
Table 1. Browser Interface Types Product or Service Domain Type Description Interfaces SFunctionality
An interface is an instance of an interface type. A service provider may create many instances of an interface type. As an example, a service provider who sells three kinds of Cars may employ three interfaces of type Product, with one interface devoted to one kind of Car. A travel agent may offer many types of services, such as individual bookings on airlines, group travel arrangement, and a comprehensive travel package that includes air, hotel, local transportation and travel insurance. So, a Travel Agent may not have an interface of type Product, however may have many instances of Service type interfaces. For each one of the other three interface types the number of interface instances should be as many as Product (Service) type interfaces. A service provider may not necessarily use all the interfaces or all the attributes of an interface.
The design of the service interface types is inspired by the INE theory. An interface of type product or service has many properties. The Domain attribute qualifies the semantics of the domain to which the product or service belongs. The Type attribute qualifies the specific nature of products or service in the Domain that the service provider sells. The Description attribute gives a precise summary of each product or service type associated with Type. The Interface attribute provides links to product or services registries containing semantic information on the entities included in the product or services types. The SFunctionality attribute is used only for services and it specifies information about the functionality a service provides. The PServices attribute is used only for products and it lists the services provided by a product. The Contract attribute discusses the types of contracts that can be used to 80
obtain a service or a product. The Context attribute specifies the contextual information in which the vendor will provide the service or deliver the product. As an example, a service provider who sells Life Insurance (LI), Automobile Insurance (AI), and Travel Insurance (TI) will specify the geographical region in which these services are provided. To inform the consumer on the types of services, the service provider will employ three interfaces of type Service. Let us call these
respectivelyLIP,AIPandTIP. In the interfaceLIP, the Domain attribute will be Life Coverage, the Type attribute will be the set{WholeLife,TermLife}if the service provider sells WholeLife, and TermLife ser vices, the Description attribute is used to provide a precise summary of each service type in Type, and the Interface attribute is a pair of links to the definition and explanation of entities described in the two service types.
Table 2. Life Insurance Service Interfaces - An Example
Table 2 shows the sample interface description of a service provider sellingLIP,AIP, andTIP. The Description field will give a definition of the service type, and the Interface field is a link to a more detailed description of the service. Consequently, their details are left out from the Table. An example of the WLDescription for LI is a definition of WholeLife insurance: “A life insurance contract with level premiums that has both an insurance and an investment component. The insurance component pays a stated amount upon death of the insured. The
investment component accumulates a cash value that the policyholder can withdraw or borrow against.” The consumer can navigate through WLink field to learn more about this product.
Policy Interface Type An interface of this type announces the business mission and the policies to be followed in achieving the goals stated in the 81
mission, because consumers have a right to know the business policies that affect their transactions. Security policy might state (1) certified methods used for encrypting data, (2) the extent of access rights consumers have and how they are enforced, (3) mechanisms for ensuring authenticity, identity management, and confidentiality in transactions, and (4) the principle behind ensuring privacy of individuals in a transaction. Safety policies are important for safetycritical products and services, such as those in nuclear engineering or medical devices domain. A policy should clearly identify the safety features of the product, legal obligations of the service provider and consumer in entering a transaction, and consumer obligations in operating the product or receiving the service. Policies related to reliability and availability of products (services) must include exception clauses stating the measures to be undertaken when the stated claims are not met. Accountability policy should state ‘who (the role, rather than the exact identity of the person) in the organization is responsible for maintaining the quality of a specific product (service) type’. By disclosing these policies to the consumer the TCE theory is fulfilled, and hence the expectation is to earn trust of the consumer to compensate the ‘cost of disadvantage’.
Affiliation Interface Type An interface of this type announces the affiliation (membership) of the service provider with national and international organizations, such as Trade Group, Chamber of Commerce, and Trusted Authority. Links to the official sites of such organizations help consumers understand the wide range of recognition and networking of the service providers. This interface type is suggested by the SOE theory governing the peer review process.
Trust Recommendation Interface Type An interface of this type announces the awards received by the service provider from its peers, and trust recommendations from its clients. The Award attribute will list the products and services that received awards, the organization that conferred the award, and the periods when the awards were conferred. The Consumer Recommendation attribute will list the products and services recommended, and the scores (rankings) of each recommended item. When there is a correlation between Award and Consumer Recommendation the consumers will be convinced that these recommendations are genuine, a strong motivating factor in enforcing their intent to buy. This interface type is suggested by the SOE theory governing the consumercentric social process.
5.
SERVICE REGISTRY – PROMOTING TRUSTWORTHINESS CLAIMS
A consumer who is convinced by the authenticity of information displayed by a service interface gets the intent to shop with that service provider. This is one of the hypothesis of the theory of reasoned action (TRA) [26]. Given the information on affiliation and trust recommendation in the service provider website, it is reasonable to assume that the consumer might have contacted the relevant affiliations and trusted authorities before strengthening her intent to shop with the service provider. So, it is essential that service providers provide value-added information in Step 2 to sustain the interest of consumers and fully convince them to enter into a transaction with them. We suggest the following trustenhancing activities of service providers to achieve this goal.
a.
Consumer Registration
Service providers should influence the consumers to register with them and explain the benefits of registered customers. A registered consumer can build a profile consisting of products and services that interest them, with very little personal information. A registered consumer’s user name and password should be authenticated every time the consumer accesses the service provider site. The service provider must provide assurances that the consumer profile and personal information are protected, and explicitly mention the technology used by them to enforce security and privacy policies. Although assurances might have been included in the Policy interface of the service provider’s website, in order to sustain consumer trust it is advisable to provide the link to the website of the security technology provider, so that consumers might have a basis for trusting the service provider’s claims. It is important to recognize that many consumers want to remain anonymous and their right to privacy must be respected. An inappropriate handling of privacy issue or insufficient security in protecting the profile might result in the downfall of the service provider’s planned business ambitions. The service provider should explain to consumers the primary benefits of registered customers. One of the benefits should be the automatic periodic delivery of information to the consumer on those products and services that the consumer has included in her profile. It should be emphasized that the relationship between the service provider and consumer is just as in publish/subscribe design paradigm [13]. Such a loose coupling and profile-based information filtering enable free flow of relevant information from service provider to consumer without adding any pressure on the consumer to act on the information provided. Such freedom enables the consumer to analyze similar products across different service providers. Additionally, the service provider may provide information on discontinued products and services, as well as information on new products and services. Although information on products and services are available in the service provider website, without registering it is necessary for a consumer to navigate through a large volume 82
of information and filter out the relevant ones. So, another important benefit is that the registered consumer receives only relevant information. Based on such periodical updates, the consumer may update her profile, which in turn helps the service provider to refine the information content for future delivery. This feedback loop between the consumer and the service provider introduces more symmetry in their relationship, which incidentally balances the otherwise asymmetric relationship propounded by the INE theory. Another advantage of the feedback loop is the information with the consumer is always current and almost complete.
b.
Structure of Service Registry
The Service Registry (SR) component in the architecture is the database of services and products. The SR at a service provider site is accessible only to the registered consumers at that site. A registered consumer is given read only access to the SR and may view its contents in accordance with the consumer preferences in her profile. The service providers should assure the reliability of the information in the SR and make it available with least amount of interruption. The service provider is accountable for the integrity of the published information. Thus, TCE trust principles are followed in setting up and operating the SR. The information in the SR is structured hierarchically, as shown in Figure 2, with the root being the RegistryNode. The RegistryNode has a finite number of children, where each child
node is a Domain. The name assigned to a Domain node typically signifies the specific domain of knowledge, such as Health Care, or Insurance, about which the services and products are available in its subtree. A Domain node may have a finite number of children, where each child node is either a Domain (sub-domain of its parent node) or a leaf node with an ECS. The service provider may impose some restriction in accessing knowledge at certain levels or along certain paths of the hierarchy. In doing so, the service provider would like to protect sensitive knowledge from being browsed at an early stage by all registered consumers. To enforce such controlled access, the service provider might assign priority levels to registered consumers, use the priority levels as roles and adopt Role Based Access Control mechanism. As an example, the service provider may institute the priority levels{Platinum,Gold,Silver,Bronze}, enumerated in decreasing order of priority, and award points to the registered consumers on the basis of shopping volume. Each node in the hierarchy is associated with a role name, sayr1, meaning that the subtree at that node can be navigated only by a registered consumer with roler,r≥r1. Thus, information domains as well as information on products and services within a domain can be protected. The service provider might institute a policy by which a consumer with a real intent to buy or a consumer with a high recommendation from a trusted agency (which the consumer should allow the service provider to get directly) can be given a one-time role that would allow the consumer navigate the necessary parts of the registry.
Role(s) Domain n
Role(s) Domain 2.k Role(s) ECS n
RegistryNode
Role(s) Domain 2
Role(s) Role(s) Domain 2.2
ECS 2
Role(s) Role(s) Domain 1
ECS 1 Role(s) Domain 2.1
Fig.2. SR Structure
The interface types described in Table 1 serve all consumers. However, for registered consumers these interfaces automatically get plugged into the SR. Consequently, registered consumers get to view a rich and refined view of products and
services. If a consumer selects a product then all services provided by this product are displayed. Alternatively, if a consumer requests a service, then every ECS whose functionality match the requested service will be 83
displayed. Since the SR is accessible only in this manner consumers have a choice, either to enter through a product interface or enter through a service interface. In either case, the information accessible to the consumer will be complete, precise, and semantically meaningful. Thus, fragmentation is avoided and consumers do not waste time in unnecessary navigation of irrelevant information.
Structure and Semantics of ECS A ECS consists of a service description part, and the contract part binding that service. The three attributes of service part are Functionality, Data and Nonfunctional properties. The contract part has three main sections defining trustworthiness claims, legal rules, exceptions, and benefits (LEB), and context information. The Functionality in ECS is stated by including the service (product) name, a precondition for accessing it and a postcondition that should become true after service execution. The Data section in ECS includes the information regarding the product or service and the service provider. As part of Nonfunctional properties the service provider may include price per volume, loyalty program features, and packaging and delivery fees. In the trustworthiness claims section of the contract part of ECS, the service provider will include information that is relevant to enhance consumer trust in the product (service) and the service provider’s integrity. The trustworthiness claims on the service include one or more of safety features, security features, reliability features, guaranteed availability features, and accountability features of the product. Safety defines the critical conditions that are guaranteed to hold in the product (service). Security is a composite of data security and confidentiality, as demanded in financial transactions. Reliability is the accepted mean time between product (service) failures. Availability may be announced either as the maximum repair time for a product or the minimum uninterrupted service time for a service. Accountability reveals independent authorities (contact numbers/emails) who can be contacted for verifying the claims of the service provider. Legal rules, exceptions, and benefits are closely related and hence they are put together in the contract section. Legal rules are part of business policies that constrain the contract. They are often tailored to specific attributes, such as membership fee, refund, interest charges, administrative charges, termination of contract, discount policy, and contract renegotiation. An exception is an event that interferes with the normal execution of service. For online services, Internet disruption during service execution is an exception because it interrupts the service execution. Policies governing the exceptions are often
specializations of the general policies stated in Policy interface. Consumercentric privacy requirements and privacy laws of the location of service delivery are also included in this section. Benefits are economic values created by a congregation of service providers, and these benefits are passed on to consumers in order to earn their trust and sustain their clientele. When two service providersSP1 andSP2 have a trade alliance, the consumer who buys a service fromSP1 may be given an incentive to buy a service fromSP2, and vice versa. Service providers will announce such incentives in this section. The context part includes the context info pertaining to the service provider and context rule relevant to the consumers. In the context info part the service provider announces the registered location of business, a time stamp of service publication, and its expiry, if any. The context rule defines a situation that should be true of the consumer in order to receive the service. Typically, the time frame for service delivery, regional restrictions and consumer constraints for service provision are situations. A situation is encoded as a predicate logic formula. It will be evaluated in the consumer context and service delivery context. If the result of evaluation is true then the service delivery begins. If the result of evaluation is false or the formula cannot be completely evaluated because of incomplete context information of the consumer, the service delivery is abandoned and the user is informed of the reason for service failure. We provide two examples to illustrate the subtle differences between a product ECS and a service ECS. Table 3 shows the ECS for renting a truck (product), and Table 4 shows the ECS for buying a life insurance ( service ).
c.
Essential Properties of ECS
We suggest that a ECS be drafted in order that completeness of functionality, correctness of trust claims, and conformance of legal rules in the context of service provision are verifiable. With a mathematical apparatus, such as set theory and logic, it should be possible to formally specify a ECS. For example, if the service functionality is written in predicate logic, the data section may be cast as an aggregation of standard data types, the non-functional properties, trust attributes, and LEB part can be written as logical expressions. The context information in ECS is written in the notation introduced by Wan [32], and a situation is a predicate logic expression. Because of this underlying formalism it is possible to rigorously verify the claims made in a ECS.
Verifying Completeness In general, assuring completeness of information is hard. We are insisting only on functional completeness, in the sense that
the preconditions and postconditions are sufficiently wellstated. The non-functional properties should be described with quantifiable attributes of significance to the service. If incompleteness is suspected or observed the service provider should add more non-functional properties to enable the consumer understand the service functionality. Incompleteness is not an error, and can be remedied. The information defined in the Data section should enable the validation of contract both at service selection and service execution times.
Verifying Trust Claims In order to verify Product Trust, the consumer should be able to access the manufacturer’s specification of the Product, and the history on the use of the Product. Verifying the trust claims
is a time consuming and difficult task for the consumer. To earn consumer trust, the service provider must facilitate this task, either through links to third party Trusted Authorities or to automated tools. It is ideal if the service provider submits the product/service along with the trust claims to an independent Trusted Authority who has the resources and technical skills to verify the claims. After assessing the risks, the trusted authority might issue a recommendation, which the service provider might announce under Trust Recommendation interface, and link the Trust Claims in the contract to this announcement. The consumer should trust the Trusted Authority in order to be convinced of the Provider Trust Recommendations. The consumer should also get recommendations from social networks, as suggested by SOE theory, and compare it with Provider Trust Recommendations. In essence, the Trust Claims must be verifiable by consumer appointed agents in order to earn the trust of the consumer.
Table 3. Truck Rental ECS
Function:
Service
Name: Rent Truck Pre: valid(credit card)∧valid(driving license) Post: Confirm∧ Deliver Product Type Data: Size: 12 ’ Capacity: 45o cu. ft. Gross Weight: 9000 lbs Clearance: 8 ’ Interior Size: 10’ x 5.6’ x 4.6 ’ Fuel Tank: 35 gallon Transmission: Automatic Passenger Capacity: 5 Payload Weight: 4000 lbs Examples: ¡link to truck images¿ MPG: 8-12 Provider Data: Company Name: U-Rent-A-Truck
Data: Non Functional: Normal Rental Cost: 25$ per day
Product Trust Contract: Trust Attributes: Safety: automatic seat belt, alarms, power brakes Security: finger-print locking, auto shut, dual faced mirrors Reliability: new car, no breakdown record Availability: guranteed availability if reserved with credit card, emergency road service Accountability:h24-hour phone numberi Service Trust: Security: Secure credit card transaction ¡security standard link¿ Availability: replacement of vehicle if breakdown, open all days Provider Trust Client Recommendation: The service provider rating (average) 4 / 5 Organizational Recommendation: The provider is highly recommended by AAA Collision and Liability insurance: not covered, in case of accident full replacement cost (LEB) will be charged to the credit card Legal: Parking Violations: must be paid by the renter before returning the car Renewal of Contract: contract is not automatically renewable; a new contract must be signed (may be done over the phone) Return of Vehicle: may be returned to another location, with 25% fee Exceptions: Fuel: gas tank must be full at return time, otherwise $5 per gallon is charged for filling up the tank Driving Regulation: cancellation of driving license due to violation of local rules of driving region automatically cancels the contract Discount: 15% for AAA members and Military Personnel free accommodation: 1 week rental allows one night free accommodation at XYZ motel:hECS Benefits: - linki discount shopping: 15% discount on Home Renovation StoreABC:hABC - linki Context Info: Context Provider: LOC[ :Toronto] Execution: [Date::
