Fine-Grained Recommendation Systems for Service Attribute Exchange Christopher Staite 1 , Rami Bahsoon 1 , and Stephen Wolak 2 1 School of Computer Science University of Birmingham, United Kingdom {C.Staite,R.Bahsoon}@cs.bham.ac.uk 2 Vodafone Group Plc, Newbury, United Kingdom Stephen.Wolak@vodafone.com Abstract. The effectiveness of service oriented computing relies on the trust- worthiness of sharing of data between services. We advocate a semi-automated approach for information distribution and sharing, assisted by a reputation sys- tem. Unlike current recommendation systems which provide a user with a gen- eral trust value for a service, we propose a reputation model which calculates trust neighbourhoods through fine-grained multi-attribute analysis. Such a model allows a recommendation relevance to improve whilst maintaining a large user group, propagating and evolving trust perceptions between users. The approach is demonstrated on a small example. 1 Introduction We address the problem of maintaining privacy where services interact with users. We suggest a recommendation system in order to assist sharing decisions and suggest semi- automation of sharing. Current services maintain user profiles locally, which causes data to become out- dated. The onus is on the user to provide a cross-service link between their profiles and manage authentication credentials. As a response, centralised Single Sign-On (SSO) services emerged permitting a single login. Popular implementations include Shibbo- leth [1] and OpenID [2]. This mechanism provides an easy framework for identifying users, but does not facilitate centralised profile storage. Several systems attempt to centralise the storage of profile information. The most common is browser automatic form filling, which stores previous values. Although this assists profile creation, it does not allow services to access recent data. Other imple- mentations such as SAML [3], OAuth [4] and OpenID Attribute Exchange [5] provide an interface to a central data repository. These permit centralised profile maintenance, assisting users on devices with restricted input abilities. Sharing profile data between services raises many privacy questions, including: What trust should a user impart on a service? Which services should be allowed access to which parts of a users profile? How should data be transmitted between services? Where should the profile be stored? How can a user be assured that their data will not be used against the users’ will? How can a service be sure that the user is not giving inaccurate information? L. Baresi, C.-H. Chi, and J. Suzuki (Eds.): ICSOC-ServiceWave 2009, LNCS 5900, pp. 352–357, 2009. c  Springer-Verlag Berlin Heidelberg 2009