Re: [Asrg] What is Reputation Service

On 1/26/2011 11:24 AM, Dotzero wrote:
> On Tue, Jan 25, 2011 at 8:56 PM, John Leslie<john(_at_)jlc(_dot_)net>  wrote:
> !
> > > But that isn't really reputation in the traditional sense of the word.
> >    I suppose when you use a word, you are entitled to mean "just what I
> > choose it to mean -- neither more nor less." Nonetheless, I contend
> > this is, exactly, "prediction of the likelihood of near-future behavior."
> >
> >    In the Internet, reputation can change in a few milliseconds.
> And this goes straight to one of the big issues with any discussion
> that uses the term "reputation". I'm going to disagree with you John
> when you argue that everyone gets to define what reputation is in
> their own way. If this were the case then any discussion of reputation
> is meaningless. We need a common definition. Do you get to choose what
> you mean when you say IP Address?
Everybody gets to define what a reputation means to them.  It does in 
the non-online world, the on-line world should be no different.  Other 
than that, you rely on the dictionary for what a reputation _is_, which 
leaves virtually infinite scope for details.
Reputation: A vague notion of something that may imply whether you want 
a given email or not, which could be based on, but not limited to, 
goodness, badness, neutralness, desirability, lawsuit-happiness, subject 
matter, shoe size or hair color in perhaps more than one not-necessarily 
orthogonal dimension, and generally not necessarily conformant with 
anyone else's notions, criteria or implementation.
> What you or anyone else gets to define for yourself are the attributes
> that surround your use of the word reputation. That is, the
> implementation that utilizes reputation.
There's a confusion between the term "reputation" as embodied by what we 
normally mean by what a 3rd party could theoretically supply, and that 
potentially very broad combination of things that's used to derive a 
consolidated "reputation" at the time that a singular implementation 
making a real-time decision about a given email will use.
My real-time decisions, for example, depend on a complex combination of 
3rd party yes/nos, 3rd party "maybes/maybe nots", "what it looks like", 
corporate policy, phone calls from management, rumors and lies, and just 
plain curmudgeonly curmudgeonness.
And we wouldn't have it any other way.

There's no point in discussing the latter, because people will do what 
they gotta do/feel like.  Nor should we constrain them.
Secondly, I don't think there's much point in proscribing what the 
former is based upon/means, because there are as many ways as there are 
3rd parties that it can be done and what a given "reputation" actually 
means precisely.  It will always be up to the user (the receiver) to 
decide what secret (or not-so-secret) incantations, sacrificial goats 
and transformations of such "reputations" that will go into the final 
decision.  The provider should explain what they're trying to impart 
(which may vary from one provider to another), but of necessity, the 
quality, coverage and semantics will differ between providers.
Just as they do, for example, between the SBL and XBL and PBL.  Each has 
different semantics, and recommended usage of the three _differ_.
Do we want to standardize reputation service protocols?  It'd be nice, 
but it may well be a complicated spec in order to preserve the semantic 
nuances of the provider's offerings.  Better to define a generic 
protocol that provides for the user being able to parameterize what a 
given reputation stream means to them (hopefully with the guidance of 
the provider).  You'll even need to be flexible in what the "entity this 
reputation is about" means.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg