1 Introduction

In the era of Information, by transformation of Internet into Internet of things and Semantic Web, cooperation of human and computers is the prime solution for social challenges. The main purpose of Semantic Web creation was to assist not only the human interactions with machines but also to help the machines interactions with each other. In fact, the Semantic Web can be viewed as a network of linked information, which facilitates machine processing globally. Semantic Web also can be considered as sets of relationships between entities on the Web, these connections can also be seen as graphs where the predicates are taken as edges and classes as nodes [1].

From the beginning, it was clear that the reliability and security of information in an immense and open information space such as Web would become a challenge. Almost unsupervised and uncontrolled, it is the nature of Web that allows one to say anything over a certain subject on the Web, and this makes the Web a unique source of information. However, it is the user’s responsibility to distinguish right from wrong. On the other hand, in an agent based environment, where computers have to make choice over multiple and alternative sources to the requested queries, this would be achieved through harder and computationally intense processes [2]. Therefore, necessity of a mechanism to provide secure data interaction, identify the trueness of content and trustworthiness of the origin is obvious.

Getting information from Web become common every day, and users acquire their information through various sources ranging from personal Web pages, governmental institutions to scientific portals, human users tend to make decision regarding to trust a source using different methods, such as relying on their previous experiences or other user’s opinions, but as we know the Semantic Web seek different goal and that is to give computer agents the ability to interact with the Web content and other agents, make decisions over choosing the right service or information provider. In this case, how will be a computer agent able to trust an information source? How can it identify the correctness of acquired information? And how it can achieve a secure communication?

This paper provides an overview on the research works related to the Semantic Web security and trust layers of the Semantic Web stack. Section 2 studies various definitions of trust and reputation. Section 3 categorizes trust from different perspectives. Section 4 reviews the prominent approaches in the distributed trust. Section 5 presents different trust and reputation test beds. Section 6 introduces open challenges. Section 7 concludes the paper.

2 Definitions

This section reviews the definitions two preliminary concepts, namely trust and reputation.

2.1 Trust

Trust carries different meaning depending on the context and the area it is used. In computer network it refers to mechanisms that insure the security and access control. In distributed systems and agent based systems it is considered as a tool to measure reliability. In game theory and policies, it is viewed as the rate of correct decisions made by system under uncertain condition [3]. Trust can be clustered in two main categories, namely reliability trust and decision trust, each with different descriptions. When person A asks person B to perform a certain task, the reliability (probability) of trusted person B as seen by trusting person A depends on the performance of expected tasks [1].

Trust in decisions is the degree that trusting party is willing to depend on trusted party under certain circumstances to acquire sense of security, even against the possibility of odds. Decisions made under this class, depends on the degree of risk accepted by trusting party and the previous negative or positive experiences it had toward trusted party [2]. Trust is also defined as the firm belief in the competence of an entity to act dependably, securely, and reliably within a specified context [3].

Trust is not a new topic in computer systems, but it is among the vital issues within the computer science scope. Figure 1 shows the amount of published articles related to trust topics in Semantic Web as reported by the Google Scholar.

Fig. 1
figure 1

The number of publications regarding semantic web trust layer

2.2 Reputation

General thoughts regarding a person or thing are called reputation. Reputation can be based on accumulated ratings or scores given by community members to a person. Different approaches can be implemented in order to calculate rating of an entity, such as average; for example, it is possible to calculate the average of reputation scores given by community members toward the attitude of an entity. Usually members of certain group receive almost the same rating from other users, when a group is well known in certain subject, all the members of that group usually receive the same credit as their group [4].

In addition, reputation can be considered as the personal beliefs or experiences of an entity regarding to performance of other entity over certain subjects. In this case, reputation ratings should be based on firsthand experiences or based on a weighted measure divided by the total amount of references provided by single individual such as the approach used by Google’s page rank. A reputation approach can be either centralized and be given by an authority, or it can be distributed and based on knowledge of crowd [5].

3 Categorization of the trust

This section categorizes the trust and the providing approaches, based on three perspectives.

3.1 Policy-based trust

The only vertical layer of Semantic Web stack, which is called digital signature, utilizes the XML digital signature ability such as signed references, info’s and digestion values to mark any Web content. Along with proof, logic and trust layer itself; these layers are responsible for trustworthiness of Semantic Web processes [3]. As the structure of XML Documents are like graphs, the main challenge is to designate which parts of the documents be accessible by which users through enforcing policies on users and documents. In other words, Semantic Web agents are required to ensure the safety of information and Web services from unauthorized access. To satisfy this need, there are broad range of security policies, such as authentication, data integrity and privacy, access control, authorization and confidentiality existing.

XML nature of Semantic Web gives it the advantage of using meta data instead of data itself. There are many advantages in using information regarding data instead of whole data itself. One is the relatively small size of meta data, in addition to the ability to make data more discoverable. Besides many benefits of meta data, it has disadvantages. It can be created by number of resources, such as automated tools, data owner itself and other users on the Web, therefore because of non-uniform trustworthiness of meta data generators on the Web, it is imperative for each user to understand the trustworthiness level of each Meta data in order to get the full advantage of it [2].

Currently, our Web is equipped with variety of tools to ensure security of information exchange. Tools such as digital signature, public key, Web certificate and encryption. Several security standards have been introduced to guarantee safety of contents exchanging in Web of trust between business partners. For example, WS-security policy introduced by W3C for XML-based Web services, which describes ways of attaching signatures and encryption headers or security tokens to a SOAP message, or SAML policy provided by OASIS security services which is providing a means to authorize and authenticate, but it is unable to give any suggestion regarding trust [6].

Kerberos ticket issuing system, which is originally created by MIT for project Athena, is one of the widely used trusted third-party authentication technologies. WS-trust as an extension to previously mentioned WS-security, designates the ways of acquiring trust through authorization, identity proof and entity performance [7].

Another challenge in establishing trust is to provide a means to reveal credential but prevent loss of privacy and control over information. To deal with this issue, different mechanisms and policies are introduced, such as TrustBuilder which was designed to provide mechanism for credential tradeoffs in a way that would not be causing loss of privacy [8]. As trust decisions are type of actions that require acceptance of certain amount of risk of revealing credentials in return to getting advantage of earning trust. Other system suggested to facilitate negotiation of credential exchange is called PeerTrust, which is a more recent policy and trust negotiation language [9, 10].

The prominent standards and technologies to implement policies are depicted in Table 1.

Table 1 Prominent trust policies and systems

3.2 Reputation-based trust

The purpose of reputation-based trust is to make trust decisions through personal- or others-experiences or in some cases through combination of personal and global experiences. In reputation-based trust, members in the community judge about other members in their network based on their transactions, quality of product and service consistency [17, 18]. In other words, members of community would implement a collaborative sanctioning in a team effort to give incentive to poor quality service providers in the network to provide better services. A trust-based network can be considered as a graph in which the members are nodes with weighted edges according to amount of trust performance perceived from other users by members. Through trust network, users will be able to trust the resources directly by personal experiences or indirectly by other trusted users using trust propagation methods [19, 20].

Reputation network can be viewed from different viewpoints. It can be divided into centralized and distributed architectures. In centralized reputation system, information related to quality and performance of any member is collected from other users who had direct experience with that particular node in network. Then a central authority usually called reputation center collect all the ratings and calculates a score for every member of the node and publicize the scores. Members of community can use the distributed reputation score in their decisions of making transactions with other members in network. The idea behind this system is that, transactions with members with higher reputation score usually yields better results [2]. Figure 2, shows the schema of a centralized model.

Fig. 2
figure 2

The schema of a centralized model

In a distributed system, there is no reputation center, instead there are multiple reputation bases where each member can submit its experience regarding other members, or even members can get information they need related to a certain member of community from different user who had previous experience regarding that particular member. A peer-to-peer system is an example of distributed system [21].

In some of the research works, the distributed architecture is divided into two subcategories, namely global and local. Within global model, reputation is based on degree of popularity of members of society. Each member of society creates a profile for every other member of network after the first interaction and saves the experiences regarding each transaction. One may make decision about trusting a source using other neighbor’s experience profile. However, because of the nature of Web, distinguishing between right information from wrong is rather a sophisticated process. Therefore, as calculation of reputation based on total score given by users of network might not be completely correct, one might try to trust to scores calculated by certain nodes in the network, those nodes that may also act as authority nodes on society, may get their competencies through their high social network scores. The more links a node has, the better it can be trusted. The EigenTrust algorithm is an example for global trust performance ranking [22]. Figure 3, shows the schema of a distributed model.

Fig. 3
figure 3

The schema of a distributed model

In a local model, the idea is based on transitivity nature of reputation, although under conditions in this model trust is personal and varies from node to node, but in any case a node didn’t have any information regarding a new trustee, it can rely on closed trusted nodes experience. If someone doesn’t have any information regarding someone else usually his/her trusts to his friends and relatives more than unknown people or sources. According to small world hypothesis, there would be a path from trustor to trustee through chain of trusted close friends [3, 23].

In the following, some of the reputation calculation models are reviewed:

Subtraction or ratings average One of the simplest ways of reputation calculation is the subtraction of aggregation of positive and negative ratings given by users. These methods are also known as simple summation and average methods. The advantage of this method is its simplicity, but it also suffers from imperfect reflection of user’s opinion regarding a particular member or information resource due to its primitive mathematics [19]. An advanced version of this method is calculation of average of ratings or weighted average of ratings based on certain factors each with a weight assigned to them [1].

Bayesian model This model gets positive and negative ratings and using probability density function (PDF) tries to update the trust scores. New scores are calculated using previous scores and new ratings. This method can be advantageous because of its theoretical bases, but also has the disadvantage of being so complex for to understand it [1]. Formula utilized to calculate interaction based trust during exploratory stage is:

$$Tinter(A,B) = \frac {\text{number of correct replies}} {\text{total number of replies}}$$

Opinion model In this method, it is suggested to use belief as a representative for reputation. Here, there are only two possible conditions: If agents are trustworthy or not (A,Ac), and the trustworthiness of an agent T(A) would be calculated through subtraction of accumulation of beliefs (M(A), M(Ac)).

$${\text{T}}\left( {\text{A}} \right) = {\text{M}}\left( {\text{A}} \right)-{\text{M}}\left( {{\text{A}}^{\text{c}} } \right)$$

where M(A) & M(Ac) \(\in\) [0, 1] and T(A) \(\in\) [− 1, 1].

Because opinions can also be mapped into Beta PDFs and hence the opratores are the same as bayesian method, therefore this model can be named both opinion- and bayesian-based [3].

Fuzzy logic based model In this method, using linguistically fuzzy concepts repution of members of network is indicated, meaning that the amount of membership function illustrates almost how much agents are fit into concepts of trustworthiness. Reasoning in this method is done through fuzzy logic and fuzzy measures [2].

Flow model In flow method, reputation is calculated using the transitive itraton through chain of members in the network. Some of models assume a constant reputaton weight for how trust network which can be distributed between members of network, even or unevenly. Each member reputation can only be increased at the cost of other members, since the total weight of network is constant. Therefore, the degree of increase and decrease of each node reputation is a function of input and output flow of the reputation score within the network [2]. Table 2, summarizes the reputation calculation models and their prominent examples.

Multi context models Since Trust and reputation are multi-context in nature, therefore creation of multi-dimensional models to calculate trust and reputation has importance. Multi-dimensional models have modular structure, agents created in such an architecture are capable of utilizing several logics in a way that increases its representational power to maximum [21]. Some of well-known multi-dimensional models are REGRET, SPORAS and HISTOS.

REGRET model Within REGRET model it is possible to calculate multi-dimensional reputation systems, it is possible to take into account dimensions such as social, ontological hierarchy and individual dimensions. This model is actually the natural extension of previous widely used models and is flexible enough to be implemented on societies with different social structure, and agents that belong to more than one group at a time [21].

SPORAS and HISTOS models As an evolved version of online reputation models in which are utilizing simple summation and average methods, within SPORAS only the most recent rating between users is considered and also users with higher reputation values receive very smaller rating changes in compare to the users with low reputation values after each update iteration. Although SPORAS have the same characteristics of simple summation and average models but still has more robustness to user behavior changes and hence is more reliable. HISTOS was introduced as a response to lack of personalization within SPORAS model. HISTOS can deal with direct information as well as witness information [24].

AFRAS model The main Idea behind this model is to utilize fuzzy values for designation of reputation values. This method aggregates the old satisfaction value and new reputation values using weighted aggregation method. This calculation is done once the new fuzzy set in which shows the degree of satisfaction of the latest interaction between two nodes is created [24].

Table 2 Prominent examples of reputation calculation models

3.3 Content-based trust

Web contents are represented as axioms and ontologies within the Semantic Web. In the following, the possibilities of using content of Web transactions to gain trust are explored. Content of information exchanged on the Web was never considered in Semantic Web trust layer. This issue is solved by authentication, identification and proof checking. However, Semantic Web makes it possible to interact and utilize Web content directly. Thus, it provides a unique opportunity to use the content of Web resources as a means to judge regarding the identity of their creators.

While all other types of trust assessment methods are concerned with information provider’s legitimacy based on their reputation, behavior and implemented policies, content-based trust is more involved with the nature of the contents given on the Web. In real life, one may choose to trust information provided by a trusted resource, however if the information that is provided by many low trusted resources are the same and it conflicts with the information given by the trusted resource, then people might choose to believe the information comes from the many, even if they may not look legit. Therefore, it can be said that each of the reputation and certification is just one of the dimensions that would create a phenomenon called trust.

Various factors are suggested that affect user’s decision in choosing trusted resources, as follows:

  • Authority Trusted information providers for particular subject may not be trusted on other subject areas. People may trust information provided by world health organization about diseases, but economical information is provided by the same organization will not be trusted by the users [29].

  • Transitivity of legitimation Having relation with highly trusted and authorized entities on the network can transfer some of trust to other entities in relation with them. For example, certificates provided by universities to medical students [29].

  • Pedigree Contents generated by entities may receive credit and trust from their creators. Information provided by a scientific web site is more likely to be accepted by user in compare to anonymous resources [30].

  • Bias Sometimes information provided by resources may be incomplete or insufficient under certain condition, for example a drug production factory may ignore side effects related to certain treatment condition and focus on trial outcomes. Designation of bias requires expertise and profession [16].

  • Motivation in providing accurate information If there is motivation and interest in information provider to provide more accurate information, then it is more likely that users believe to that information [29].

  • Deceptive behavior Encountering with information resource with sinister goals is natural event on the Web, therefore users should be alerted about the fact that resources and their associates may not be what they appear to be [31].

Based on what mentioned regarding content-based trust, this method tries to introduce new metrics for trust, using the content of information provided by the trusted suppliers. In a Semantic-enabled Web, not only humans will need to make decisions, but also agents should be able to choose to trust certain resources while facing with many other alternatives. This process is happening by human users on everyday life. People choose resources and information in their everyday Web activities but the rationale behind their decision is unknown due to complexity of human behavior, therefore it would be advantageous for automated systems and agents to utilize the capabilities of Semantic Web and make trust judgments based on content of information provided by resources [32].

4 Trust in Semantic Web of things

Another environment in which trust bares importance is the distributed systems and to be more accurate Semantic web of things. While speaking about security solutions in the area of distributed systems, the terms trust model and trust management plays a key role. The difference between trust management and trust model is that the trust management can be considered as potential solution for a distributed system security concerns, while the trust model is a special perception from the trust management which explains the techniques and approaches. It is possible to explain the trust model of distributed systems in 6 phases, as depicted in Fig. 4.

Fig. 4
figure 4

Trust phases within distributed systems

In the literature, Li et al. [11] introduced a new language for management of trust based on behavior and constructed a hypothetical meaning for them. In addition, they illustrated that utilization of graphs in credentials are functioning accurately [11]. Ghorbanimoghaddam [33] highlighted the advantages of using trust in distributed systems and explored weaknesses of different related introduced trust methods. According to research works around On and OFF attacks, using an adaptive oblivious pattern instead of using oblivious factors themselves is more effective [33]. Nitti et al. [34] introduced a protocol for dynamic management of trust, a solution to deal with nodes that acting wrong and functioning dynamically. This protocol also was able to designate the suitable parameters for each conditions of network in which dynamically changing [34]. Liu et al. [35] first explored failure reasons of traditional security mechanisms in managing trust, and then introduced a holistic model to manage trust within distributed system such as the one used in distributed systems [35].

Table 3 summarizes the prominent works in the distributed environment for trust management within distributed systems.

Table 3 Prominent works in distributed trust

5 Trust and reputation test beds

In order to observe the performance and behavior of introduced trust and reputation models, it is required to test them within certain environment called testbed. Since each model tries to cover certain aspects of reputation and trust, therefore there is no test bed that offers an environment to compare all of presented models with each other hence making comparison process more twisted and complicated. Each proposed model is presented by particular testing environment exclusively designed to that model. There are test beds created based on prisoner’s Dilemma such as the playground designed by Marsh [41]. In this test bed agent have freedom of movement and interactions are saved using prisoner’s dilemma whenever agent make a move. Schillo et al. [42] suggested a disclosed iterated prisoner’s dilemma using partner selection and standard payoff matrix [42]. Castelfranchi et al. [43] in their research presented a test bed designed to observe the effects of interactions between artificial agent populations following different criterions for aggregation control purposes. ART test bed presented by Fullam et al. [44], as a respond to existing shortcomings among previously introduced test beds, within ART test bed researchers are capable of comparing different subjective metrics and conduct their research using flexible parameters [44].

6 Open challenges and issues

After reviewing the literature, we have recognized many open challenges and issues in the scope of this research. In summary, there are still the need for:

  1. 1.

    Performance improvement for Semantic Web trust algorithms.

  2. 2.

    Seamless integration and cooperation of various trust management models for achieving holistic trust management in Semantic Web.

  3. 3.

    Power efficient trust management models, as well as faster and less energy consuming mechanisms to support semantic enabled devices within IoT.

  4. 4.

    Approaches to overcome difficulties of transmission and computation of trust among different networks.

  5. 5.

    Privacy of the human and confidentiality of the business processes.

  6. 6.

    Autonomic trust management algorithms.

  7. 7.

    Trustworthy data fusion.

7 Conclusion

This paper tried to give an insight regarding different dimensions of Semantic Web trust layer. How intelligent agents should trust different resources on the Web when more than one choice is available depends on reputation metrics and calculation methods that mentioned here. How to decide whether the content supplied is relevant using the nature of Semantic Web is explored in this research. In addition, different policies that can be imposed on network to facilitate and secure information exchange has been reviewed. As for the distributed systems, in order to achieve robust trust management, trust properties should be improved. Valid ratings for comments provided by nodes, honesty of the provided recommendation by each node within semantic networks and evaluation of the past experience with a particular node that is intended to communicate with, could be solved utilizing fuzzy logic approaches, also the context aware approaches are good to deter malicious information within Semantic Web space. As a result, it seems that the combination of the context aware and fuzzy approaches could be useful in designing an effective trust management model in this scope.