In an a priori anonymous digitized world, notions such as authenticity and trust are of paramount importance. Unfortunately, the exact meaning of such key terms has never been consistently defined, and they are often used in an ambiguous way. In this paper, we introduce a new model for representing these fundamental notions in the context of rating systems in e-business applications as well as for public-key certification. When applied to existing systems, its goal is to shed light on the implicit assumptions actually made by the participants. As an example, we show that for the rating system used in eBay, there are a number of such implicit assumptions on which the drawn conclusions depend. A second example is PGP, where it turns out that the meaning of the (syntactically well-defined) certificates is not entirely clear.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	The official ebay website. http://www.ebay.com, April 2006.
	2	Thomas Beth , Malte Borcherding , Birgit Klein, Valuation of Trust in Open Networks, Proceedings of the Third European Symposium on Research in Computer Security, p.3-18, November 07-09, 1994
	3	Kemal Bicakci , Bruno Crispo , Andrew S. Tanenbaum, How to incorporate revocation status information into the trust metrics for public-key certification, Proceedings of the 2005 ACM symposium on Applied computing, March 13-17, 2005, Santa Fe, New Mexico  [doi>10.1145/1066677.1067037]
	4	Matt Blaze , Joan Feigenbaum , Angelos D. Keromytis, KeyNote: Trust Management for Public-Key Infrastructures (Position Paper), Proceedings of the 6th International Workshop on Security Protocols, p.59-63, April 15-17, 1998
	5	Peter Pin-Shan Chen, The entity-relationship model—toward a unified view of data, ACM Transactions on Database Systems (TODS), v.1 n.1, p.9-36, March 1976  [doi>10.1145/320434.320440]
	6	Charles J. Colbourn, The Combinatorics of Network Reliability, Oxford University Press, Inc., New York, NY, 1987
	7	R. Haenni. Using probabilistic argumentation for key validation in public-key cryptography. International Journal of Approximate Reasoning, 38(3):355--376, 2005.
	8	R. Haenni, J. Jonczy, and R. Kohlas. Two-layer models for managing authenticity and trust. In R. Song, L. Korba, and G. Yee, editors, Trust in E-Services: Technologies, Practices and Challenges. 2006 (to appear).
	9	R. Haenni, J. Kohlas, and N. Lehmann. Probabilistic argumentation systems. In D. M. Gabbay and P. Smets, editors, Handbook of Defeasible Reasoning and Uncertainty Management Systems, volume 5: Algorithms for Uncertainty and Defeasible Reasoning, pages 221--288. Kluwer Academic Publishers, Dordrecht, Netherlands, 2000.
	10	J. Jonczy and R. Haenni. Credential networks: a general model for distributed trust and authenticity management. In A. Ghorbani and S. Marsh, editors, PST'05: 3rd Annual Conference on Privacy, Security and Trust, pages 101--112, St. Andrews, Canada, 2005.
	11	J. Jonczy and R. Haenni. Implementing credential networks. In iTrust'06, 4rd International Conference on Trust Management, pages 164--178, Pisa, Italy, 2006 (to appear).
	12	A. Jøsang. An algebra for assessing trust in certification chains. In NDSS'99: 6th Annual Symposium on Network and Distributed System Security, San Diego, USA, 1999.
	13	A. Jøsang, S. Marsh, and S. Pope. Exploring different types of trust propagation (accepted). In iTrust'06: 4rd International Conference on Trust Management, Pisa, Italy, 2006.
	14	Sepandar D. Kamvar , Mario T. Schlosser , Hector Garcia-Molina, The Eigentrust algorithm for reputation management in P2P networks, Proceedings of the 12th international conference on World Wide Web, May 20-24, 2003, Budapest, Hungary  [doi>10.1145/775152.775242]
	15	Reto Kohlas , Ueli M. Maurer, Confidence Valuation in a Public-Key Infrastructure Based on Uncertain Evidence, Proceedings of the Third International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography, p.93-112, January 18-20, 2000
	16	R. Kohlas and U. Maurer. Reasoning about public-key certification: On bindings between entities and public keys. IEEE Journal on Selected Areas in Communication, 18(4):591--600, Apr 2000.
	17	Raph Levien , Alexander Aiken, Attack-resistant trust metrics for public key certification, Proceedings of the 7th conference on USENIX Security Symposium, p.18-18, January 26-29, 1998, San Antonio, Texas
	18	G. Mahoney, W. Myrvold, and G. C. Shoja. Generic reliability trust model. In A. Ghorbani and S. Marsh, editors, PST'05: 3rd Annual Conference on Privacy, Security and Trust, pages 113--120, St. Andrews, Canada, 2005.
	19	J. Marchesini and S. W. Smith. Modeling public key infrastructures in the real world. In D. Chadwick and G. Zhao, editors, EuroPKI'04, 2nd European PKI Workshop: Research and Applications, LNCS 3545, pages 118--134, Canterbury, U.K., 2005. Springer.
	20	Ueli M. Maurer, Modelling a Public-Key Infrastructure, Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security, p.325-350, September 25-27, 1996
	21	U. Maurer. New approaches to digital evidence. Proceedings of the IEEE, 92(6):933--947, 2004.
	22	Michael K. Reiter , Stuart G. Stubblebine, Authentication metric analysis and design, ACM Transactions on Information and System Security (TISSEC), v.2 n.2, p.138-158, May 1999  [doi>10.1145/317087.317088]
	23	J. Shi, G. Bochmann, and C. Adams. A trust model with statistical foundation. In FAST'04, 2nd International Workshop on Formal Aspects in Security and Trust, pages 145--158, Toulouse, France, 2004.
	24	Philip R. Zimmermann, The official PGP user's guide, MIT Press, Cambridge, MA, 1995