Galexia

Submission - Joint submission to the 2007 Review of the Electronic Funds Transfer (EFT) Code of Conduct to ASIC (May 2007)

QUATRO

The QUATRO approach to Transparency and Usability of Web Authentication[52] specifically proposes trust marks as a form of website authentication.

QUATRO uses machine-processable labels expressed as Resource Description Framework (RDF) metadata. Essentially, website administrators link all the content on their site to an RDF content-label. The label makes assertions about the content on the website (for example, an absence of a specific type of objectionable content).

QUATRO employs two tools to assist web users to verify the legitimacy of the RDF trust mark.

  • ViQ
    The first is a browser extension known as ViQ. When ViQ is installed, it forwards the URL of any websites visited by a user to a special proxy server known as QUAPRO (using SOAP XML messages). QUAPRO then visits the URL and looks for a link to an RDF content-label. If an appropriate content label is found, QUAPRO ascertains from the label the specific labelling authority from whom further information is available to support the claims made in the trust mark regarding the content on the website. QUAPRO then contacts the labelling authority’s database to verify the legitimacy of the trust mark. This information is then forwarded to ViQ, which adds icons to the browser to indicate the level of trust that should be attributed to site’s RDF content label; and
  • LADI
    Another tool to verify the legitimacy of trust marks is known as LADI, which is a search engine wrapper. When a user enters a search query, each URL returned by the search engine is forwarded by LADI to QUAPRO. As with ViQ, QUAPRO will then visit each URL and look for a link to a content-label, and determine the labelling authority that can verify the label’s validity. This information is then forwarded back to the LADI client, which annotates the search results displayed in the user’s web browser accordingly. If the user decides to visit a specific website contained in the search results, LADI then requests QUAPRO to consult the labelling authority to ascertain the label’s validity.


[52] Archer P, The QUATRO approach to Transparency and Usability of Web Authentication, W3C Workshop on Transparency and Usability of Web Authentication, March 2006, <http://www.w3.org/2005/Security/usability-ws/papers/04-quatro-trust/>.