The user's ability to express trust preferences in TAS3 is accommodated by allowing the user to specify the "trust rating" or "trust score" that is required for entities in order for them to be involved in processing operations involving his personal data. If the trust ranking of a chosen entity falls below the level specified by the user before the process is completed, the user will be notified and given the opportunity to terminate the process.
Example: A user may specify that head-hunters are authorized to access his e-Portfolio for placement purposes, but he trusts only head-hunters with a sufficiently high trust rating. This condition then applies cumulatively along with the user's specified privacy preferences. So head-hunter X may initially have been authorized to access the user's e-Portfolio as far as the trust and privacy preferences were concerned (because the user has specified that his e-Portfolio may be accessed by head-hunters for placement purposes). If the trust rating of the head-hunter drops during the process (because other users give negative feedback on him), the head-hunter fails to meet the required trust rating and is denied access [CH12][SEW13]. The user is then notified and may decide between choosing another service provider, changing the further processing logic, or terminating the process.
For this purpose, the user is provided with a feedback mechanism, in which he can share experiences with regard to particular service providers. The resulting feedback in turn affects the overall "trust rating" of the service provider in question.
See deliverable D5.4 (expression of trust preferences into policies), D5.2 (trust management based on user feedback), D2.1 (subrole of auditor); upcoming deliverables in WP 6 will include the contract related to reputation based service providers and any oversight processes/policies to help assure correctness and fairness; upcoming deliverables in WP 3 (especially D3.3 , D3.1) provide the ability to apply and dynamically adapt trust policies and feedback in a process-specific context, this is handled in policies and supported by process-controlled user interactions.