Essentials:
    Overview
   Design
Packages:
    Nym
   Reputation
   RCE
   Query
   Communications
   Store
Resources:
    Download
   Browse CVS
   Javadoc
   Mailing Lists
   Talon
   Bugzilla

Sierra
An OpenPrivacy Reputation Management Framework

Reputation

Webster defines "reputation" as:

  1. The general estimation in which a person is held by the public.
  2. The state or situation of being held in high esteem.
  3. A specific characteristic or trait ascribed to a person or thing: a reputation for courtesy.

OpenPrivacy defines a new first class object named Reputation based on this concept. Applications create Reputations and consume external Reputations in order to make decisions.

Every Reputation:

  1. ... has an associated Nym which created it (generally a Public Key)
  2. ... must be a signed by the Nym.
  3. ... points to a Reference ( which typically is a URI ) to which applies.
  4. ... must contain a Payload which describes the opinion of the Nym about the Reference.
  5. ... should also contain meta-info which can be used by an RMF for optimization. This could contain the creation date, expiration date, etc.

Therefore a Reputation could be represented as:

Reputation = [[Nym, Reference, Payload+] Signature]

A Reputation is backed by a Nym. This makes it possible to for the creator to gain/loose reputation based on what they have said. This also allows future messages which originate from them to obtain a default Reputation. It is generally a good idea to use only a few Nyms, this way a user or application will gain Reputation. If a user wishes to preserve his privacy he can create a new Nym for each new Reputation.

The Signature allows for the message to be verified that it did actually originate from that Nym. This is important, especially in distributed applications as a forged message would damage the reliability of such a system. If there were no Signatures users could fake messages from others to increase their own Reputation.

The Reference is used to establish a relation between this Reputation and another object. Generally a Reference is a URI which points to another another object. Using a URI allows a Reputation to point to objects even outside of cyberspace. If you wanted to you could create a Reference which points to your house noting how nice the hardwood floors were. A Payload can also hold additional meta-data such as the Reputation's creation time, expiration date, etc. Payloads are flexible so that a developer can insert whatever information they want based on application requirements.

Components:


    Reputation:

    Contains all information for a Reputation request. This is an interface for
    an object which is the central piece of data within the Sierra Reputation
    Management System.

    The Signature allows for the message to be verified that it did actually
    originate from that Nym.  This is important, especially in distributed
    applications as a forged message would damage the reliability of such a
    system.  If there were no Signatures users could fake messages from others
    to increase their own Reputation.

        +addPayload (Payload) : void
        -------------------------------------------------------------------------
        +getNym () : Nym
        -------------------------------------------------------------------------
        +getPayloads () : Enumeration
        -------------------------------------------------------------------------
        +getReference () : Reference
        -------------------------------------------------------------------------
        Return a unique, possibly verifiable, hash for this Reputation.
    
        Depending on the principal, this will return a hash/signature value for
        this object. In most real world situations, this will be computed from
        the private key of the Nym which created it. If based on a
        private/public key pair this must be computed before it is sent to
        another RMS.
    
        There are numerous methods of generating a hash:
    
        * From a private key and validated by a public key.

        * MD5 version of the raw data. The server has no way to validate the
        intgrity of the message with this option.

        * If done with a Java Virtual Machine.. a hashCode(). Note that this
        method is not secure but should work in debug environments (where it
        should remain).
          
        NOTE that if this object is modified it's SignatureValue needs to be
        updated. It is important that this is updated everytime you pass it
        around within the system. Your local application can modify a Reputation
        object as much as it wants but if it wants to pass this to another
        application running as another Nym or possibly another server it needs
        to update the signature value.

        +getSignatureValue () : SignatureValue
        -------------------------------------------------------------------------
        Get the URI for this Reputation. Should be:

        reputation://[SERVER]/NYM/HASH
    
        The SERVER is optional.
    
        The NYM and HASH information needs to be ascii armored.  

        +getURI () : URI
        -------------------------------------------------------------------------
        +removePayload (Payload) : void
        -------------------------------------------------------------------------
        +setNym (Nym) : void
        -------------------------------------------------------------------------
        +setReference (Reference) : void
        -------------------------------------------------------------------------
        +setReference (URI) : void
        -------------------------------------------------------------------------
        +setReference (String) : void

    Payload:

    Payloads are used to hold information about the Reference.  Generally these
    are just chunks of data about the Reference which are relevant to the given
    context.  

    Example: 

    For the given Reference: "http://www.openprivacy.org" 
    Payload of "this is a really good web site".

        Get the current identifier for this payload.  This is just a URI that
        uniquely identifies this type of payload.  This does not have to be
        specified but has been added to the Payload component so that all
        Payloads have support for

        +getIdentifier () : URI

    Reference:

    A Reference is a pointer to an object (an edge pointing to a node). This is
    generally a URI or a URL. 

    A Reference represents an edge between two nodes in a graph.  Since this
    edge may contain additional data it shouldn't be limited to just URI data.
    Developers can extend the Reference component to include their own meta data
    which could also include metadata or edge capacity information. 

        +getURI () : URI
        -------------------------------------------------------------------------
        +setURI (URI) : void

Sierra has additional documentation for this package.

Sierra implements the OpenPrivacy Reputation Management Framework