I spent the day with Dan Lulich of iovation and gave a talk about reputation to some of the group. I had a good time and really enjoyed a day of talking about reputation with people who live it everyday. Here's a collection of random insights I had about reputation while preparing my talk and in discussions with Dan and others today.
- David Brin's book, Transparent Society, has a great discussion of the ways that transparency leads to accountability. The message seems to be that accountability costs privacy. There are ways of using reputation that protects privacy, but still offers accountability.
- Paul Resnick's paper on the Social Cost of Cheap Pseudonyms concludes that a strategy of not trusting strangers is the best we can do (the paper presents a game theoretic study that supports that finding). A general purpose (i.e. not site specific) reputation system provides a user a way of avoiding being a stranger--when you can take reputation data with you, you're no longer an unknown quantity. Reputation systems let individuals avoid the cost of cheap pseudonyms.
- One of the costs of cheap pseudonyms is that negative reputations don't stick. A system that can effectively link pseudonyms can avoid this cost by ensuring that negative reputations follow entities even when they use a new pseudonym.
- I've noted before that presenting credentials out of context is a method for transfering trust. Reputation systems are specifically designed to link credentials and provide ways of using them out of context.
- User-centric identity systems are often sold on the idea that the user gets the benefit of single sign-on, but as I pointed out above, there are other user benefits besides that. In addition, because user-centric ID systems separate claim acquisition and presentation, relying parties can benefit from the decreased liability of managing user authentication data.