Yes, reminds me of the cheap pseudonym problem on sites like eBay. Since there’s no penalty for crashing a new account, no one has a bad reputation (unless they’re stupid). If you get a bad review, just open up a new account.
There is a logical entailment chain that follows once one adds reputation as a necessary part of agentic authorization (or any internet digital identity-based interaction). Cheap pseudonymity is mitigated with sticky (persistent) reputation. But a sticky reputation is not ephemeral, so the identity underlying it can't be either; otherwise, the sticky reputation has nothing to stick to. And a sticky reputation is based on verifiable, non-ephemeral issuances (claims) about reputation, which are verifiable only when the underlying identity system is also non-ephemeral. So, to have trustworthy authorization requires a persistent identity system. And if one wants a decentralized persistent identity system, then that entails certain properties. and so forth.
Exactly. Building a reputation system and realizing this was one of the problems that led me to URK-based identity schemes back in 2004 and that led to IIW. :)
Love the inclusion of reputation formally as an enforcement mechanism. And the description of reputation as a risk management type of enforcement is correctly positioned in my view. One way to think about reputation is as a contextual predictor of future behavior that enables/disables a transaction.In this case, an authorization is a transaction. Enablement of a transaction is a generalization of which access control is a subset. Reputation modulates transactions i.e. access. Memory of past behavior is the best predictor of future behavior. I would add that the best reputation systems as predictors are nonlinear. Good reputations are costly and are hard to build but easy to lose when behavior does not live up to the reputation. This provides muscle behind the enforcement.
Could this third-party resource in your diagram be the connection back to a MyTerms contract? Or would the negotiation strictly be between agent A & B exclusively, where each agent must keep track of the other agents' compliance to the terms? Maybe this is a question for Justin over at the 7012 group.
The MyTerms contract would be part of the delegation, I think. What is allowed, what isn't. You may choose to only delegate to agents that promise to enforce your MyTerms rules. The 3rd party resource is just the bank, shopping site, or whatever that is providing the service.
How the enforcement of the terms would work without some type of third party seems difficult to weed out bad actors. Like the example from Junne, where an advertiser claims to sell good weed, but in reality doesn't. So, I think the reputation conversation and some way to provide one. But I'm not the smartest guy in the room, I just like to break things. at least I think.
Fabulous post but I don’t understand how reputation accumulates across different actors. Society is too vague. Does it mean a context for reputation across thousands of different actors? How does one actor gain access to the reputation logs of another actor?
Yes, reminds me of the cheap pseudonym problem on sites like eBay. Since there’s no penalty for crashing a new account, no one has a bad reputation (unless they’re stupid). If you get a bad review, just open up a new account.
There is a logical entailment chain that follows once one adds reputation as a necessary part of agentic authorization (or any internet digital identity-based interaction). Cheap pseudonymity is mitigated with sticky (persistent) reputation. But a sticky reputation is not ephemeral, so the identity underlying it can't be either; otherwise, the sticky reputation has nothing to stick to. And a sticky reputation is based on verifiable, non-ephemeral issuances (claims) about reputation, which are verifiable only when the underlying identity system is also non-ephemeral. So, to have trustworthy authorization requires a persistent identity system. And if one wants a decentralized persistent identity system, then that entails certain properties. and so forth.
Exactly. Building a reputation system and realizing this was one of the problems that led me to URK-based identity schemes back in 2004 and that led to IIW. :)
Love the inclusion of reputation formally as an enforcement mechanism. And the description of reputation as a risk management type of enforcement is correctly positioned in my view. One way to think about reputation is as a contextual predictor of future behavior that enables/disables a transaction.In this case, an authorization is a transaction. Enablement of a transaction is a generalization of which access control is a subset. Reputation modulates transactions i.e. access. Memory of past behavior is the best predictor of future behavior. I would add that the best reputation systems as predictors are nonlinear. Good reputations are costly and are hard to build but easy to lose when behavior does not live up to the reputation. This provides muscle behind the enforcement.
Could this third-party resource in your diagram be the connection back to a MyTerms contract? Or would the negotiation strictly be between agent A & B exclusively, where each agent must keep track of the other agents' compliance to the terms? Maybe this is a question for Justin over at the 7012 group.
The MyTerms contract would be part of the delegation, I think. What is allowed, what isn't. You may choose to only delegate to agents that promise to enforce your MyTerms rules. The 3rd party resource is just the bank, shopping site, or whatever that is providing the service.
How the enforcement of the terms would work without some type of third party seems difficult to weed out bad actors. Like the example from Junne, where an advertiser claims to sell good weed, but in reality doesn't. So, I think the reputation conversation and some way to provide one. But I'm not the smartest guy in the room, I just like to break things. at least I think.
Fabulous post but I don’t understand how reputation accumulates across different actors. Society is too vague. Does it mean a context for reputation across thousands of different actors? How does one actor gain access to the reputation logs of another actor?
They don’t. Everyone keeps their own reputation. We think of reputation as something global. But it’s not really. Is local.