A Classification Taxonomy for Reputation and Trust Systems Applied to Virtual Organizations

. Online interactions between unknown parties are increasingly common. This is particularly exemplary in Virtual Organizations (VO). A VO is understood as a permanent or temporary alliance of enterprises that share their resources and skills to achieve specific business goals (collaboration opportunity). In this sense, the lack of trust between partners is seen as an hindrance to the VO’s operation. Thus, reputation systems can be applied to trust establishment and management among VO’s partners. Therefore, this paper presents a taxonomy to classify and compare trust and reputation systems applied to VO’s context. The taxonomy is based on literature studies regarding characteristics observed through a systematic review process. In order to evaluate the proposed taxonomy, it was applied to trust and reputation systems obtained through a systematic review process. Finally, according the presented results, it is possible to note a gap concerning reputation systems applied to the context of VO and Cloud Computing integration.


Introduction
Nowadays, the interactions between people, enterprises and unknown services that have not previously interacted, is becoming more common in the online environments [1]. Some examples of online environments include the social networks, peer-to-peer networks, forums, and the collaborative networks, such as, the Virtual Organization [2].
A Virtual Organization (VO) is understood as an alliance of heterogeneous, geographically disperse, and independent entities (enterprises), that share common risks and skills to achieve a business goal [3]. The interactions are supported by the Internet, and the VO's can use the resources provided by the cloud computing to support the business and transactions [4].
In this sense, the interactions in online environments can be supported by the application of trust and reputation concepts. In VOs the entities share, combine, and integrate information in an environment, where the lack of trust and security represents a major issue [4]. Also, one of the obstacles during collaboration opportunity attendance is the establishment, management, and the lack of trust between involved parties [5].
In general, trust is a single measure that is understood as a numerical value composed of indicators, which represents the confidence level about an entity, and others use that value to their decision-making processes [6]. To manage and establish trust, the reputation systems are used. For example, if an entity needs to interact with another one, then it uses the reputation for decision-making and for establishing a trust relationship [7].
The reputation concept are closely related to the trust [8]. However, these concepts present different meanings. According to Resnick et al. [9], reputation is a collective measure defined as a value generated through an aggregation methodology of a feedback collection and/or values related to the historical performance.
Thereby, the reputation assists people when choosing trusted partners in a virtual world (e.g., e-commerce), who are honest in real world. In an environment guided by reputation, people encourage trustworthy behavior, disregarding the participation of immoral or dishonest people [7].
Considering the trust and reputation issue, the main objective of this paper is to present a taxonomy to classify and compare the reputation systems and trust models applied to the VO's context. This taxonomy is based on reviewing studies present in the literature and through the characteristics obtained by a systematic review process. The proposed taxonomy comprises seven characteristics: information type, network or architecture model, value representation, aggregation methodology, information source, VO's phase, and VO's application.
Through the application of the proposed taxonomy in articles obtained by means of systematic review process (related to reputation systems and trust models), it is intended to identify gaps, how the systems are applied in the VO, and whether they are related to business partners, cloud or grid providers. Furthermore, it is possible to compare novel approaches in a qualitative way related to existing ones.
The remainder of this work is organized as follows. Section 2 presents the general background. Section 3 elaborates on the systematic review process. Section 4 addresses the proposed classification taxonomy. Following, Section 5 presents and discuss the results of the taxonomy application in the reviewed works obtained through a systematic review process. Section 6 shows related work. Finally, Section 7 presents conclusions and future work.

Virtual Organization
Nowadays the enterprises work in a collaborative way dealing with the competitiveness and the market dynamicity. The enterprises join in a collaborative network to achieve common business goals in order to have a greater flexibility and agility [10].
A Virtual Organization (VO), a collaborative network, is a temporary or permanent cluster of entities (enterprises) that share their skills, resources, and competences to attend a specific business goal (collaboration opportunity) [3]. Their activities are supported by a communication infrastructure, such as, the Internet. In this way, VO is understood as a single entity through the union of the core competences of its members [11]. According to Camarinha-Matos et al. [3], a VO has its life-cycle, composed of four phases, Creation, Operation, Evolution, and Dissolution.
In Creation step the business partners are selected, contracts are signed and the VO is launched. In Operation phase occurs the exchange of information between partners to achieve a common business goal. Evolution step can occur during the VO's operation motivated by small changes in the demand, roles, principles, and affiliations. Finally, in Dissolution, the VO ends its activities, by two ways, motivated for the achievement of the proposed objectives in VO's creation or due to several issues during the VO's operation.
Newest concepts on infrastructure and communication technology, such as, grid and cloud computing, brings a new approach to the VO and its operation. Therefore, the VO can use these concepts, for example, network, processing, storage, and systems made available by cloud computing to achieve a collaboration opportunity with greater quality of service [4].

Trust and Reputation
Trust is a multidisciplinary concept used in several areas, such as, psychology, sociology, e-commerce, and in computing [6]. According to Gambetta [12], trust is understood as a particular level of probability, where a member evaluates other member or a group of members, who will perform a particular action, before it can monitor such action and in a context in which this affects their own action.
In a computational implementation, trust is understood as a numeric value that indicates the trustworthy level of an entity/agent/resource, that others members can take into account in order to interact or not [6].
Through the concept provided by Gambetta [12], some trust characteristics can be identified, such as: subjective, context-dependent, and dynamic over time, and new observations. Thus, the reputation concept is closely related to the trust [8]. Therefore, they present different meanings, while reputation is related to a collective measure, that is, several evaluations of diverse members regarding someone, the trust is understood as an individual opinion for someone else [13].
In this sense, the reputation is defined as a value generated through an aggregation methodology of feedback data collection and/or values related to historical performance [1]. This value can be used to assist a trust relationship establishment.
These concepts, trust and reputation, share common characteristics, for example, context sensitive, multi-faceted, and dynamic [14]. Context Sensitive is explained by the scenario where Alice trusts Bob as her medic, but she distrusts Bob as her mechanic to repair her car. Therefore, in the "medic" context Bob is reliable, however in the "mechanic" context Bob is not trustworthy [14]. Multi-Faceted means that the concepts can be composed by different set of indicators. Finally, these concepts are dynamic, that is, their values may increase or decrease with further experiences, and in some cases the recent values have greater importance than old values [6].
Finally, reputation systems are responsible for collecting feedback, aggregating these feedbacks or other data and returning the calculated reputation. Besides this, the reputation value can be used as an indicator to support decision-making process, when a participant trusts or distrusts in someone else [15].

Systematic Review Methodology
This Section describes the methodological procedure used to obtain the characteristics of the proposed classification taxonomy and to identify reputation systems and trust models applied to the VO's context. Following this methodological procedure, a systematic review process was realized.
A systematic review is a research type that uses as a source of data the literature on a particular topic. In addition, it provides means to identify, evaluate, and interpret the relevant literature to one or more research questions [16].
Therefore, the systematic review method proposed by Kitchenham and Chartes [16] was applied. Thus, it was searched for articles written in English, full papers (more than four pages -not abstract/proposal paper), published between 2005 and 2016, and using the following academic search engines (ASE): IEEEXplore, ScienceDirect, ACM-DL, and Springer Link. The search process was guided by the following combination of words: ("Reputation" OR "Reputation System" OR "Trust System" OR "Trust") AND ("Virtual Organization" OR "Virtual Organisation") Using ASE's search engines and with the application of the aforementioned filters, it was resulted in 261 articles to the analysis process. From these works, 63 articles are in IEEEXplore, 18 articles are in ScienceDirect, 24 articles in ACM-DL, and 156 articles are indexed by the Springer Link.
Following this, the TOPIC (title, abstract, and keywords) of each one article was analyzed and verified whether it was related to VO's and presented or applied a reputation system, trust model or trust indicator in this context. This process was resulted in 21 articles for the review and identification of classification characteristics, which are presented in Section 4.
The proposed classification taxonomy, depicted in Figure 1, has seven characteristics: information type, network model or network architecture, trust or reputation value representation, aggregation methodology, information source, VO's phase, and VO's application.
Reputation systems and trust models can use different information types in order to support the decision-making process. According to Tavakolifard and Almeroth [15], these types are defined as: implicit and explicit. The implicit is used in social networks, such as Facebook and LinkedIn, and does not characterize a reputation system because, the reputation or trust level are obtained through a friendship analysis [1]. Conversely, the explicit are reputation systems and trust models particularly developed for those environments, in which there is a need to establish trust relationship, access control, among other characteristics [1].

Fig. 1. The Proposed Taxonomy
The network model or architecture determines how the values are collected and stored in a reputation/trust system, where the two main types are: centralized and distributed [1]. The centralized model has a centralized element, called Trusted Third Party (TTP) [4], which is responsible to receive the members' feedback and provide the trust or reputation value.
The distributed model is commonly used in Peer-to-Peer (P2P) networks, where each one participant stores the feedback regarding the interaction with others [34]. For example, a participant C wants to interact with A, but they have not interacted previously, then participant C asks her community about A reputation's, so the participant B responds to A the reputation of the participant C.
Other network model is the hybrid one, that combines the characteristics of the two aforementioned models. The hybrid model presents a centralized reputation mechanism for the service provider's reputation and other distributed mechanism that refers to each one member in the community, that owns their data repository and stores information regarding the interactions with others [35].
The trust or reputation value representation is discussed in several ways, such as: categorical, continuous, binary, range or interval, and customized. Categorical is represented by a set of linguistic variables, such as unreliable, reliable, extremely reliable, among others. Continuous is understood as integers or fractions in a scale interval. Binary values assume only two values [7] or accept only positive and negative evaluations [22].
The aggregation methodology refers to the trust or reputation calculation method based on the historical collected data [15]. Some aggregation forms are defined as: • Sum or average: this method performs the sum of the positive and negative transactions amount to calculate the reputation of an entity; • Fuzzy Models: the values are represented by means of fuzzy variables, in which the membership functions describe the trust or reputation level of a participant. Through the application of fuzzy rules, inference and defuzzification, the value is calculated [36]; • Probabilistic Models: the trust or reputation value is calculated by means of probability density functions, where the score is updated and calculated with the combination of historical values with new evaluation values [7,18,23]; • Stochastic Models: in this classification characteristic, the events are modeled using Markov's chain and the reputation or trust is calculated using a stochastic method, for instance, Bayes theorem [17]; • Hybrid: the trust or reputation values is calculated by using one or more models (customized or not), such as, in Bilecki and Fiorese [8] the data envelopment analysis (DEA) is used to calculate the confidence in a cloud provider. Also, it is possible to classify the trust and reputation systems according to the information sources or indicators used in the aggregation methodology. According to Sabater et al. [6], they can be classified as: • Direct Experience: obtained by means of direct interaction between the participants, for example, a participant A interacts with B and at the end A gives an evaluation about B. The evaluation can be a value in an interval [7] or a set of values [37]; • Indirect Experience: obtained through the participant community, because it comes from other participants who interacted with such participant [6]. For example, the PeerTrust [38] uses several information sources to calculate the reputation of a participant: direct experience and indirect experience, for example, context community factor, and the amount of transactions; • Customized Indicators: other set of indicators are used to calculate the trust or reputation. For example, Bilecki and Fiorese [8] used the Quality of Service (QoS) indicators to calculate the amount of trust in cloud providers. In addition, other indicators that represent the performance of an enterprise can be used (e.g., financial, logistical, among others) [17]. The characteristic VO's phase refers to the VO's phase in which the reputation system or trust model is applied. It can be applied only in the VO's creation phase [7,8] assisting the decision-making process in the search and selection step. Also, it can be applied in the VO's operation and/or dissolution [4] or even in other VO's phases existent in its life-cycle [3], such as, VO's evolution which can be assisted by the reputation value, for example, a change of business partners guided by reputation.
A significant and decisive differential for VO's is the use of resources made available by the information and communication technologies [39]. Therefore, at using these resources, the VO's application characteristic aims to classify the articles that apply the reputation or trust in the context which uses cloud computing [8,30,31] or grid computing [4,23] resources. Finally, in order to apply the proposed taxonomy, the Section 5 presents a comparative table using the proposed taxonomy and the obtained results.

Results and Discussion
The proposed taxonomy was applied to the result of the systematic review process presented in Section 3. Thus, the results of the application are presented in the Table  1, showing the differences between the analyzed works.
The comparative table classified the articles by the publication year and the characteristics present in the taxonomy, such as: • , and agents (AG). The information type between analyzed articles was predominantly explicit, because they are reputation systems, trust models, among others, developed directly for the application in environments where the need, for example, is to establish a trust relationship [1].
Comprising the value representation, seventeen articles presented the trust or reputation value in continuous format, that is, included in a predefined range [8,17], while only two works presented the binary method, and one article was not identified (NI) [2]. The binary format is used in PathTrust [7] to represent feedback, which can be positive or negative, and in Arasteh et al. [24] trust value under binary is used in the access control.
The most used network model is the centralized, showing that the reputation or trust system application in VO has been performed in a centralized way, unlike other environments such as P2P networks. In some cases, such as [5,8,11,23,[30][31][32], it was not possible to identify the network model, due to some works are classified as trust models.
With regard to the aggregation methodology, the articles presented calculation methods based on the probabilistic, stochastic, average, sum and average, sum of factors, fuzzy logic and hybrid methods. In the sum of factors method, for example, Kaur and Sengupta [27,28] calculate the reputation considering the sum of transactions, direct experiences, user's satisfaction, credibility and the community and transaction context factor. Also, in Bilecki and Fiorese [8] a hybrid aggregation method is presented based on a non-parametric method, Data Envelopment Analysis (DEA), applied into a set of historical QoS data.
In terms of the information source, it is possible to note that many works use direct experience, that is, a participant interacts with other and evaluates him. Also, the in formation source is presented in a customized method, such as, STORE [17] that uses several business performance indicators to compose the trust indicator, and Javaid et al. [20] use several indicators to compose the reputation, such as, collaboration, operational resources, operational costs, feedback, among others.
Comprising the VO's phase characteristic, the most part of the analyzed works address the VO's creation/formation phase, supporting the search and selection process [7]. Also, others articles address the Dissolution phase, collecting new evaluations referring to new transactions. The VO's application characteristic refers to the object the reputation/trust system is applied for. Thus, the most part is related to the VO's business partners and fewer works present the application in a VO that uses the resources provided by grid or cloud computing.
So, the most relevant characteristics were summarized in the Table 2. According to the summarized results it is possible to note that the most of analyzed works present Through the application of the proposed taxonomy, it is possible to note that the reputation or trust systems and models are mostly applied at the level of business partners, and to calculate/evaluate the trust or reputation, the feedback ratings (direct experience) are mostly used. However, in addition to feedback rating, other indicators can be used together to assess the reputation/trust value of members, for example, STORE [17] uses the business performance indicators.
Also, there is a gap in the reputation systems/trust models applied in a cloud based VO, that is, a VO that uses the resources of a cloud provider to achieve a common business goals. In this sense, three articles are applied into this context. In [30], trust is used for resource scheduling in a cloud based VO, in [31] a trust model is presented and in [8] a confidence indicator coping with cloud providers is presented.
The gap in the cloud based VO's indicates that there is a growing trend and a newest application area. The first work was performed in 2012 [30] identified by the systematic review process. In addition, further studies are necessary in a cloud based VO's addressing the reputation and trust concepts, and its application in this context, just as the adaptation or study in virtual organizations of other reputation/trust systems that are intended for cloud computing and are applied in other contexts, such as, a platform to recommend cloud services based on reputation for clients [37].
All in all, it was not possible to identify a reputation system applied in a cloud based VO, to manage, update and establish the trust from business partners to a cloud provider.

Related Work
Wang and Vassileva [14] present a survey about the application of the trust and reputation concepts in the web service search process. This work generated a taxonomy that allowed the classification of these works, by means of three characteristics: centralized or decentralized, person/agent or resource, and global or customized [14].
Tavakolifard and Almeroth [15] present a taxonomy for trust and reputation systems in general with some characteristics, such as information type, value type, among others. In addition, it is presented several challenges as future work, which are related to issues existent in these current systems that are related to feedback generation, distribution and aggregation.
Hendrikx et al. [1] present a survey and a classification taxonomy applied to reputation systems in general. This work address a taxonomy with common characteristics, such as, information source, context, representation, aggregation, network model, among others and also presents a set of uncommon characteristics, such as, node organization (structured and unstructured), interoperability (open and proprietary), control (rules and incentives/penalties), among others.
Dellarocas [40] presents a survey with challenges and future directions in the research and development of the trust and reputation systems. Also, it is presented some issues related to implementation, use, and evaluation of these mechanisms.
Resnick et al. [9] introduce the reputation concept and its application through reputation systems. This work describes some issues in the application of reputation systems, such as, how the feedback is collected and distributed, and the reputation should help to distinguish between trusted and untrusted people/enterprise/partners, among others.
Therefore, through the related works it is possible to note that none has presented a taxonomy and classified the reputation systems or trust models that are applied in Virtual Organization, considering their life-cycle's phases, which technology is used or where it is applied (business partners, cloud or grid providers), among other factors, such as: customized information source, hybrid network model, and hybrid aggregation method.

Conclusions and Future Work
This paper presented a classification taxonomy for reputation systems and trust models that are used in Virtual Organization. The taxonomy was based on some related work available in the specialized literature and other articles obtained through a systematic review process.
The proposed classification taxonomy is based on seven characteristics: information type, network model, value representation, aggregation methodology, information source, VO's phase and VO's application. Through the proposed taxonomy it was possible to classify and compare the works involving trust and reputation systems that are applied in Virtual Organization context.
In order to apply the proposed taxonomy, a systematic review process was carried out, comprising 286 articles that after some filtering processes remained for analysis and classification 22, which were related to reputation systems and trust models applied in VO's.
Through the results of the application of the proposed taxonomy, it is possible to note that the reviewed papers present reputation systems, trust models, trust indicators and the use of trust in access control in a VO's context. Also, it was possible to identify relationships between the characteristics, gaps in the analyzed systems. The mostly reviewed works calculate the reputation/trust value for business partners and are more applied in the VO's formation phase, where it supports the decision-making during the search and selection of these partners guided by reputation/trust value.
Through the reviewed works and the taxonomy's application, it was not possible to identify a reputation system that is applied in a cloud based VO's to manage, update and establish the trust from business partners to a cloud provider.
Besides that, it is possible to identify a growing trend in cloud based VO's indicating that it as a new area (systematic review process identified first work in 2012 [30]), that need further studies in several concepts such as trust, reputation, access control, among others and their applications in this context.