2 The “NOW” of Trustworthiness
Before going into details of contemporary cutomer-related positioning of trustworthiness it may be profitable to shortly repaint the actual IT market diversity.
Commercial-off-the-Shelf (COTS) applications enjoy the biggest population of users. In this category we find, among the others, software that supports individual tasks or set of tasks like text editing, media processing and playing, individual accountancy or finance, some data processing and simple database applications. Using such a software usually does not require specific IT knowledge but rather some self-learning how to use it and eventually adapt to our needs.
Commercial Modular Systems (CMS) are built from pre-developed modules or subsystems for a known user, having large, configurable yet finished set of functionalities. In most cases functionalities are linked together into “services”. The user population is mostly corporate and as such requires intensive training before becoming fully operational and productive. The training may be divided into end-user type, which is service-oriented, and technical-user training which goes into category of operation and maintenance. In both cases the training is done by the supplier or his delegated representatives (certified companies). One of the most known examples would be ERP-type of IT systems.
Individual On-demand Systems (IOS) are developed to meet individual and unique requirements of the known user. The system may offer functionalities, services or both. As in case of a CMS, the user population is mostly corporate and in consequence also requires intensive training. The training types are similar too, i.e. may be divided into end-user and technical-user training, but are done by the supplier only, as he usually is the only source of knowledge available to the user.
What do all these applications/systems have in common?
· The user owns them (or at least the license to use them).
· The user knows who build them.
· The user knows whom to pursue (or sue) if something goes wrong.
· The trustworthiness in this context is manageable, as the responsibility can be pinpointed to a known entity.
The last statement is a bit of wishful thinking, for actual legal and market ramifications make fight of an individual consumer against an IT giant very difficult at best. Although, the framework is there, which means that there is a known entity (a supplier) who can be reached and made accountable for its actions. Except, we are not there yet. This aspect becomes even more disputable if the recent developments in IT domain are taken into consideration. For some years now there are two buzzwords that excite both suppliers and IT consumers, not necessarily for the same reasons: service oriented architecture and cloud computing.
Service Oriented Architecture (SOA) is essentially a collection of services. These services communicate with each other in order to establish the cooperation that can involve two or more services coordinating some activity in order to “do a job”. The technology of Web services is the most likely connection technology of service-oriented architectures. The idea by itself is not necessarily very new, as its younger, less “fancy” predecessors like DCOM or CORBA are well known for a few decades now. User's position in regard of trustworthiness is in such a case “undefined” at best, as there is no“named entity” that could eventually be linked to the service as a whole. In other words—who to blame within a given SOA structure for eventual loses that the consumer has suffered.
Cloud computing is a general term for anything that involves delivering hosted services over the Internet. These services are broadly divided into three categories: Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS). IaaS is simply a virtual server instance with unique IP address and blocks of storage on demand that can be used by the customer as it suits him. PaaS represents set of software and product development tools hosted on the provider's infrastructure that allow the customer create his own application or even system. SaaS is a vendor-supplied hardware and software product infrastructure that interacts with the user through a front-end portal. User's position in regard of trustworthiness in these three categories of services seems to be a bit more controllable as there is a “vendor” or “supplier” who can theoretically be linked to the given service, but in fact the user may easily fall into a modern version of a classic “dot.com” pattern. All these “vendors” and “suppliers” are no more than virtual entities, hidden somewhere in the “cloud” of Internet, never seen, never talked to, practically out of any direct control.
So what could or would be a 21st century IT user's perception of trustworthiness in an era of cloud computing or SOA? It can be analyzed in a rather speculative way from the perspective of trustworthiness attributes discussed earlier in this paper, although the obtained results most probably would be too general for a particular IT consumer. Instead, it would be recommended, that the user, before deciding whether a given application/service/system potentially exhibits required trustworthiness, analyze as precisely as possible the known trustworthiness attributes by answering the few related to them questions listed below:
· Quality. Of what? Service, system, SOA sub-services, PaaS?
· Reliability. Same as the above.
· Credibility. Whose credibility? Supplier’s, vendor’s, system’s?
· Dependability. Same as the above.
· Completeness of required functions. In an era of SOA and cloud computing are we still talking about “functionalities”?
· Proper quality-cost ratio (so the software was nor overpaid). How easy will it be to be verified in my particular case?
· Post-sale maintenance and service. What and how should and can be done in my particular case?
· Pre- and post-sale training. Same as the above.
· Documentation. Who, what and how should deliver?
· Responsibility for the product. Who represents the “product”?