Project Overview


Open Philosophies for Associative Autopoietic Digital Ecosystems (OPAALS) Network of Excellence, was funded by the European Union’s 6th Framework Programme of research. The main claim that OPAALS made is that in order to achieve sustainable digital business ecosystems of SMEs and software components we needed to understand in depth the collaborative processes and ICTs that underpin the continuous creation, formalisation, and sharing of knowledge in the form of business models, software infrastructure for e-Business transactions, and new formal and semi-formal languages.

The first 18 month phase concluded in November 2007. The main tasks for TSSG in OPAALS in the first phase was to develop a framework for collaborative knowledge sharing between ecosystem participants and define distributed accountability, identity and trust models for autopoietic P2P environments and community networks. The second 18 month phase concluded in May 2009. During this phase TSSG was concerned with the refinement of the initial models for distributed identity, trust and accountability and in the initial implementation of those models.

Project Achievements

TSSG was involved mainly in WP3 for this period, focusing on the development of distributed identity, trust and accountability. OPAALS was also concerned with the desigm and implementation of an Open Knowledge Space (OKS) as a reference implementation for digital ecosystems. TSSG  had a considerable influence on the design of the OKS. We have worked closely with University of Surrey on the implications of identity and trust in such an infrastructure. Surrey are concerned with RESTful interfaces to this OKS as well as a distributed transaction model, which they have been developing throughout the lifetime of OPAALS. With regard to implementation of the models developed, the identity model software is available as an s open source Java project called IdentityFlow. The implementation of the other models are available by open source projects.
The work performed and the achievements can be seen from three perspectives, publications, project deliverables and software delivery.

Malone, P. and Jennings, B., “Distributed Accountability Model for Digital Ecosystems”, 2nd IEEE International Conference on Digital Ecosystems and Technologies, Phitsanulok, Thailand, February 2008.

Fu, H., “Scalable Conceptual Hierarchy Based Algorithm for Knowledge Sharing in Digital Ecosystem”, 2nd IEEE International Conference on Digital Ecosystems and Technologies, Phitsanulok, Thailand, February 2008.

McGibney, J. and Botvich, D., “A trust based system for enhanced spam filtering “, Journal of Software (JSW), vol. 3, no. 5, pp 55-64, May 2008.


D4.1 – Distributed Identity Model
An initial identity model based on SAML assertions and a distributed Identity Provider framework. The technical challenges in defining a distributed identity solution lie primarily in the requirement that no single point of failure exists. Traditional digital identity solutions (e.g. digital certification) rely on the existence of a centralised authority in the validation of identities. Our approach was to define a technology agnostic model which allowed for the assertion of identities through a distributed trust infrastructure, without the need for a centralised authority and also capable of incorporating legacy identity solutions which ecosystem entrants may already have in place in their infrastructure.

D4.5 – WP 4 Final Report
This deliverable provides a summary of the work performed in WP 4 during Phase I of OPAALS.

D3.8 – Final Accountability Model

The model has been refined since D4.2 and the original protocol has been developed into two protocols for both public and private accountability. The document also demonstrates how the work integrates with the Trust and Transaction models from WP4. Finally an implementation outline is provided.

D3.9 – Final Identity and Trust Models

The document provides a theoretical summary of identity in a DE and an update of our identity model, based on further research and feedback from the implementation process.

We define how identity is built on trust, and how identity and trust are mutually generative, which anticipates the integration of the identity and trust models.

We give the latest state of identity operations, which form the basis for the implementation work in to be reported in D3.11.

We also give an a pertinent use case of a sign-on operation for a JXTA environment.

We further develop the rating agencies model which enables entities to establish trust relations based on objective and verifiable data. In this way we provide a more complex trust model for digital ecosystems.

The document also addresses algorithms for the evaluation of trust for trust based on direct experience as well as trust based on referrals.

We provide concrete integration points with the Distributed Accountability and Distributed Transactions models. We provide scenarios to show how an implementation of our Trust Model is used to evolve trust in both a transaction context and in a Rating Agencies context.


Open source development is consistent with the spirit of the OPAALS project and helps facilitate the development of identity model implementations by making the source available to a wider community.

The software is written in Java with Servlet/JSP extensions as an example web interface to accept Actor Connections (SOAP/web services could be used, or an alternative mechanism).
A sourceforge.net project called Identityflow , has been started to host the project. The project contains a home page outlining a description of the project and useful links to project resources, a CVS repository containing code that is under development, a Maven 2 repository containing custom dependencies required to build the code, and immediately deployable software releases containing the identity model software implementation and demonstrations. The software currently consists of five sub-projects: Identity Model SAML, libraries for integrating the OpenSAML libraries with the identity model; Operation Builder, libraries for building Operations; Operation Request Handler, libraries for intercepting and handling incoming connections, including Servlet/JSP integration; Single Sign-On Operation, an implementation of an SSO Operation based on SAML profiles and HTTP GET/POST bindings; and Actors using SSO Example, which is a demo illustrating the use of the provided SSO Operation to identify a user agent to a service provider.