Social Protocols: Enabling Sophisticated Commerce on the Web
Audience: Students of MIT's 4.195: Designing Electronic Commerce and
Online Government
Goal: Present ideas about social protocols while reviewing W3C
Activities. XML, RDF, and P3P.
Anecdotes:
5 Key Points
- web interactions can be as sophisticated as those found in the real world
- but the web requires mechanisms of trusted abstraction, assurance, redirection, and
visual cues
- the key components of this are meta-data, negotiation, and signatures.
- social cues are meta-data! <exclaim>
- meta-data is RDF, based on XML, they need to know these hot tech.
Abstract: Social Protocols: Meta-data and Negotiation in Digital
Commerce
On the foundations of basic network, meta-data, and negotiation protocols, a
"new" set of protocols, "social protocols," are being built. They are
in fact applications of meta-data and negotiation in order to mimic the social
capabilities people have in the real world: capabilities to create rich content, make
verifiable assertions, create agreements, and to develop and manage trust relationships.
Furthermore, governments realize that a significant portion of their constituencies and
markets are moving on-line. Consequently, as the sophistication of one's interactions on
the Web increase through the development of social protocols, so does the regulators'
interest in extending their "real world" mandates on commerce and culture to the
Web. Mr. Reagle will detail the development of "social protocols" and their
ability to create and maintain spontaneous, emergent, social structures versus their
ability to propagate "real world" norms on the Web.
Outline:
Name of the course is "designing electronic commerce and online government"
- Two things in the course title that I think are interesting, design and government, but
let me start with government.
- Rather than the proper noun of "government" I would have stated designing
"governance." Your Overview states, "explore the
increasing use of the web as an interface between business, government and the
people." I would not say that Web is an interface to these things, rather the Web is
a platform for these things to develop. It is difficult to design a government
per-se, rather, one should examine the technical decisions one makes that affects the flow
of information, the nature of communication, and ultimately "governance."
- Governance the exercise of (governing) aggregating preference expression and enabling
social decision making. Social protocols are one area in which the sophisticated but taken
for granted methods of personal communications and deicision making can take place.
- The question then becomes, how do we design our protocols to allow for individual and
community preferences to be expressed on the Web.
- The Policy question is who's preferences prevail in the real world versus the Web world?
Is your clickstream your vote?
- But, before I get into all of that, let's look at "social protocols"
- Introduction, what is a social protocol
- Methods of exchanging social cues, and negotiation: Anecdote about interacting with
others (talking to Richard at CFP)
- Real world examples
- Definition
- <smile> (emoticons) XML markup that is a social cues, so is CSS (visual cues)
- Generations of Protocols
- Meta-Data and Negotiation
- Example of a Social Protocol, P3P
- Intent of Use, v. Government Use
- where have governments been trying to regulate?
- Given the ability of users to configure, negotiate and be informed, Governments will of
course try to control and regulate both of those things
- the reason PICS was controversial is because it enables "social decision
making" that can be co-opted by governments. (list examples: linking DSig to crypto)
Agenda
- Social Protocols Introduction
- 3 Generations of Protocols
- Metadata
- Negotiation and DSig
- P3P and PICS as Social Protocols
- Social Protocols and Policy
Motivation
- CFP two weeks ago, someone asked me what I do, I said "policy analysis," they
said, "you don't look like a policy analyst, where's your suit?"
- the real world has mechanisms for exchanging meta-data about real world objects
(people), and data (the things people state)
this includes the social cues and body language that we take for granted
- Web interactions can be as sophisticated as those found in the real world
Social Protocols
- "technical protocols" typically serve to facilitate machine to machine
communications.
- "social protocols" mediate interactions between humans,
or computer agents acting on behalf of human concerns.
- enable the creation of rich content, verifiable assertions, decisions, and agreements --
to develop and manage trust relationships
- often driven by explicit policy requirements
- the web requires mechanisms of trusted abstraction, assurance, redirection, and cues
- the key components of this are meta-data, negotiation, and signatures.
Real World Examples
In today's world we use a number of "tools" to create and maintain
relationships:
- value added services
- information seeking and filtering (NYT, CNN)
- assertion systems that are verifiable or even legally binding
- actionable policies (2 out of 3 bank officer signatures required for loans > 50K)
- price lists (LL Bean catalog)
- contractual agreements (employment contract)
- relationship and trust management systems
- reputation and brand creation (seal of approval)
- trusted third parties (letters of credit)
Three Generations of Protocols
Web protocols can be broadly classified into three "layers":
- architectural protocols: HTML and HTTP
- meta-data, negotiation, and signature protocols: annotations, PICS (as spec'd),
XML/CSS/RDF and JEPI/PEP
- social protocols: PICS (as applied), P3P
2nd Generation: Meta-Data Protocols
Meta-data: "data about data" (Web resources).
All of these systems provide some "data about data."
- SGML/XML (structure meta-data)
- CSS/Aural-CSS (presentation meta-data)
- PICS (numerical annotation meta-data)
- RDF (assertions/descriptions meta-data)
(Any data that has a referent is meta-data. The definition of meta-data and semantics
are dependent on the application and respective position of other layers.)
Platform for Internet Content Selection (PICS)
- a machine understandable Web annotation system
- an assertion system
- multiple "rating" systems (referred to as assertion systems, schemas, or
vocabularies)
- multiple distribution mechanisms, including third party label bureaus
XML and RDF
XML is document structure/syntax
- used for creating structured elements beyond those provided in HTML:
<Author>John Smith</Author>
- one could create an emoticon DTD, with documents having actual <smile>,
<frown>, and <grin> tags!
- this could be complemented by style sheets (including aural) which present further
information on how those tags should be rendered (bright, loud, muted, etc.)
XML and RDF
RDF is meta-data about Web resources (anything referable by a URI)
- assertions about other documents
- has options for explicit semantics (the meaning of the tags and assertions)
<RDF:Description ID="John_Smith">
<BIB:Email>john@smith.com</BIB:Email>
<BIB:Phone>+1 (555) 123-4567</BIB:Phone>
</RDF:Description>
2nd Generation: Negotiation & DSig Protocols
Negotiation protocols allow two agents to flexibly communicate about how they wish to
interact.
- Joint Electronic Payment Initiative (JEPI)
- negotiate which payment system to use between a client and server
- Protocol Extension Protocol (PEP)
- allow client and server to negotiate about how to use HTTP extensions.
DSig
- couples an assertion with a cryptographic signature block
- bridges the gap between second and third generation. First it is an assertion system,
but the semantics of the assertion and the associated "trust" models can be
tailored towards specific applications.
- signed PICS labels, and signed RDF
Third Generation: Social Protocols
Social protocols are the application of second generation protocols towards problems of
social relevance like content regulation, IPR, and privacy.
W3C is developing tools necessary for creating rich content, managing trust
relationships, and making verifiable assertions.
These tools enable others to build new applications, offer sophisticated services and
to build Web markets.
Platform for Privacy Preferences (P3P)
Sites make assertions about their privacy practices.
Users express their privacy preferences over those practices.
Negotiation between the site's supported and user's desired practices results in an
agreement.
The interaction between the site and user is flexible. Users can find the level of
privacy most appropriate for their sense of privacy and the type of interaction they wish
to have with that site.
P3P Scenario
- A user sets generic preferences, upon which her agent (browser) automatically acts.
She can now browse the Web seamlessly.
- She encounters a site with "exceptional" practices outside her generic
preferences.
Perhaps a sports news site wants to collect her favorite teams for a customized news
page.
- The user is prompted if she wishes to consider other alternatives, consent to the
exceptional practice, or to go elsewhere.
She can develop a one-to-one relationship with a site she trusts.
To simplify the experience, users also have the option to download recommended settings
from a trusted source.
The users could go to a trusted organization that present practices they feel, if
followed, will keep users safe.
Design of Social Protocols and Policy
- social protocols should enable end-user configuration and preference expression
- enable the emergence of self forming content, trust, and economic communities
- government may wish to extend their own concepts of community on to the Net
- design - two models of technology policy
- specifying an instance - everyone fights over what X is.
- configuring an option - the platform supports W, X, Y, and Z.
- W3C chose strategy #2 and also promoted "good" engineering design principles
to the user interface level: abstraction, modularity, and extensibility.
Regulation by Specifying an Instance
Engineering principles which served the Internet well (such as decentralization) also
made it difficult for governments to regulate.
In the CDA hearings, the DoJ certainly tried strategy #1 with the argument (based on
Dr. Olsen of BYU) that IPV6 would support an adult/minor tag in each datagram, but failed.
PICS, based on principles of decentralization and user control, was seen as a better
alternative
However, now there is fear that PICS builds censorship into the Net.
Regulation by Configuring an Option
I talked about social protocols over a year ago on "Internet Control" and
concluded with:
"A social protocol is not so much an 'Internet Control,' but a way of using
meta-data and negotiation to control the interactions one has with others on the
Internet/Web."
In the PICSRules debate, critics missed the true danger: regulations on the UI. As
you promote configuration and preference expression to the UI (good things), governments
may shift their strategy from infrastructure to UI.
- servers will not use PICSRules, but clients will -- that was the point
- easy to require a content or privacy configuration be available or activated in an
extensible configuration architecture.
Social Protocol Regulation Dilemma
Is there a way to limit protocols intended for self-emergent communities from being
co-opted by external communities?
- value exchange mechanisms: include VATs and taxes in the transaction
- trust mechanisms: require algorithms and escrow into the DSig/trust relationship
infrastructure
- privacy mechanisms: require EU specific configuration files
- easier when there is no relation to the external community, harder when there are
dependencies.