University of Hertfordshire Research Specialism Coursework Name : Student id : Course Code : 7COM1084 2022 The paper that I have selected for this specialization report is “An Incentive Mechanism for Managing Obligation Delegation” Introduction Delegation is the authority provided to managers to assign responsibility to others in workplace. It is transfer of obligation but not the rights of the obligation. The person who is making the delegation is called as delegator and the person who is receiving the delegation is called the delegate. Delegation transfers the responsibility and authority for performing a particular duty to another person or a party. A policy based approach is being used in the modern information system to manage sensitive information (Dugger 2021). Obligation is most important to specify the security control in using a particular control (Pretschner.A 2006). To avoid violation of obligation it is necessary to fix a deadline for the fulfillment of the obligation. Sometimes agents may violate their obligation that might be due to various reasons which lead to the system fault finally like dysfunctioning or insufficient authorization to access the resource (Irwin.K, Assigning responsibility for failed obligation 2008). So it is necessary to first identify the clear responsibilities of the agent who are being involved in the obligation when the obligations are delegated to one or more agents. Delegation of obligation is considered as a means of providing opportunity for obligations. But the opportunity provided is wasted if the person or the agent who received the delegation does not fulfill the obligation eventually. To motivate the person or agent to complete the delegation received a mechanism of providing credit is being introduced which will be used to increase the trust score of the particular person or agent if he completes the obligation. Open Research Question There are various reasons behind the delegation of an obligation. A user might be assigned few obligations which should be completed before a certain deadline. But due to some other work commitments the user might have obligated the work to another person who is a similar competence with less constraint. The delegation of obligation mostly focus on the operational semantic of the delegation and monitoring whether the delegated obligation is fulfilled. It is also necessary to identify the responsibilities of the person involved in the obligation (Ben-Ghorbel- Talbi.M 2011). When allowing the occurrence of delegation there is an opportunity that the delegator’s assigned with the obligation might discharge from their duty. There is no clear idea about why delegated obligation should be fulfilled by the delegate for the purpose of other unless there is any benefit for them. It a delegate does not fulfill the delegation all the complexities in managing the delegation will also become unnecessary. So it is necessary to provide some incentives for the delegates for completing their delegated obligation. It is necessary to identify how the incentivize delegates so that they will discharge their delegated obligation to their best is not investigated completely. The focus is currently based on identifying the methods of incentive that can be provided for the delegate. Some of the schemes are proposed based on trust computation method using the Beta distribution to compute the trust score of the user which will reflect when the delegates fulfill their obligations. What are the various possible ways that can be used by the delegator and delegate for updating the trust score when a delegated obligation is fulfilled or violated? A credit rewarding scheme for the delegate for fulfilling the obligations and the reward can be determined based on the trust score of the delegate. A delegator should pay credits to the delegate for completing the delegated obligation with the effort required this type of scheme will sometimes avoid situations where users are mostly seeking some delegate to assign their obligations to others. A set of eligibility criteria is required to be defined when delegated obligation arises for delegatee based on which they can bid the obligation. There are also various risk factors involved in selecting a delegate whether the delegatee will complete the delegated obligation. An incentive mechanism based on the cascaded delegation of obligation is also being identified. The various incentive methods that are identified to promote the fulfillment of the obligations by the delegatee should be evaluated based on which the incentive mechanism that best encourage the delegatee to complete the obligation can be promoted. In this paper the authors have run an simulated experiments based on multi-agent system and evaluated the model and the results showed that the incentive mechanism will promote the delegatee to complete the obligations. Existing and related work The main aim of this paper is to identify the best method to distribute the incentive for the delegatee for completing the obligation. Statistical distributions like Normal distribution, LogNormal, Gamma and Beta distributions are used in determining the ability of distribution in various fields of studies. Beta distribution is a model with 6 parameter (D.W.W.Ng 2018) and it can also be used in the evaluation of the prediction level of a model. Here the authors have used the Beta distribution on two parameters and expressed the probability density function which is defined in terms of factorial function when α and β are positive integers. The interval range [0,1] is used in the standard beta distribution for the current model there are one two outcomes one is success and the other is failure. Beta distribution is a conjugate prior to the binomial likelihood of the posterior likelihood of the Bayesian analysis. After running more experiments can compute posterior by adding number of success and failure of the various parameters with the prior distribution. This approach is used to identify the probability of users in fulfilling the obligations which have only two outcomes completed the obligation or violated the obligation. The intuition of the beta distribution comes on play when it is looked based on binomial distribution. The main difference between the binomial difference and the beta distribution is the number of success rate where beta distribution has more success rate (Kim 2020) so it is selected for the implementation of the incentive scheme. There are various policy designed for specifying obligation policies one of the most common approach that is used is the temporal logic that can capture the time constraints that is associated with the obligations (Chen.L 2012) . An approach that is similar to the one done by (Irwin.K, On the modeling and analysis of obligations 2006) where they used a simple data structure to capture the components of the obligation. Assumption was made on the existence of a clock and its ticks are indexed using natural number. A time interval, the obligation are defined as a tuple (u,a,i) where u is user, a is the action and i is the time t and the three states of the obligation are active, satisfied or violated. U represent obligation is fulfilled, if the obligation is not fulfilled it is represented as violated and active if it is neither satisfied nor violated. It is necessary to keep the system in a desirable state such that no obligations are violated. Since the system cannot enforce the user to fulfill the obligation and sometime some might be violated. The system should monitor the status of the obligation based on the fulfillment of the obligation reward and blame mechanisms are used in the incentivize. Research approach The authors have introduced an incentive scheme based on One Hop Delegation. The approach that is used to compute the obligation trust is based on the evidence of the user’s performance in fulfilling the obligations taken in the past. The evidence is based on the sequence of satisfaction of obligation and violation of the obligation is considered as bad experience of the user. The experience of the delegatee can be used to estimate whether will satisfy the future obligation based on the estimated probability. Beta probability density function is used by the authors to transform the sequence of the values that represent the good and bad experience of the user and based on the static probability distribution trust on the user’s obligation is decided. History of the obligation stratification of various events are used based on the values the trust on the obligation is computed. During some situation the user need to delegate the assigned obligation to some other user so that the obligation made by the user will not be discharged but it might be violated. A delegation protocol was also introduced by the author which is used to identify whether the obligation is performed by the user or it is been delegated to some other user in the group. The protocol is informally defined in this implementation. The various steps involved in the delegation of an obligation are first a user will start broadcasting the delegation request to a group the users in the group with similar competence level in handling the job responsibilities within an organization can respond. On receiving the delegation announcement the members in the group will wish to bid their eligibility and will submit the details of the current obligation trust. Then the user will select the one who most appropriately suit for the assigned obligation and then will send an award message for the successful completion of the bid and also inform the other users who have participated in the bid about their unsuccessful. Identification of the best delegatee for the assigned obligation is done by running the delegation protocol. The other process involved in this incentivizing scheme is updating the obligation trust. Which is done by exploring the discharge of delegated obligations by the user? It is not a straight forward assignment the rewards must be given to individual based on the delegation process that they are involved and the status of the completed process. A weighting function is introduced by the author to evaluate two users involved. It provide a good flexibility in designing a number of possible ways that can be used for updating the users negative and positive obligations for both the users based on various degrees. Three cases are examined by the authors to identify the best appropriate incentive scheme that can be used. Then the earning of reward credits is done based on the case study discussed in updating the obligation trust of the users in fulfilling the delegated obligation. It is necessary to identify that a user who fulfills the obligation trust and will to accept a new obligation is discharging from his duty within a deadline. Based on which the obligation trust should be decided. The authors also taken the idea of Principal-Agent model of (Holmstorm.B 1991) in proposing the incentive mechanism that is based on the trust of obligation of the users. If a user is assigning a delegated obligation to someone else then he has to pay delegatee some reward credit that is associated with the obligation and if other user is putting some effort in completing the obligation of another user then some credit associated with the obligation should be given to him. The basic idea behind this is to provide credit for those users who have high obligation trust and more credits. Three types or delegators are also identified based on the risk preference they are risk-averse delegator, risk-seeking delegator and risk average delegators. Then the eligibility of the delegates is introduced based on the credit reward. Even if a user is having high credit but having more active obligation and the deadline of the obligation get clashed then those kinds of users can be excluded. So new mechanism is introduced by the author for scheduling the each user based on the assigned obligation. A restricted window size is also introduced where the number of obligation that can be performed by a user is limited. Cascading of delegation of obligation is also done as a delegation chain. Personal investment More research is under modeling based on managing obligation. Incentive mechanism is one of the most useful mechanisms that make the user to fulfill their obligations. A study is done about various methods the explore the interaction of authorization and obligation. The problem of maintain the accountability of the obligation and the need of dependency and the privileges of resources to fulfill the obligation are studied by (Pontual.M 2019). Assumption is made about the action of the obligation in order to focus on the incentive scheme that he obligation are not subject to access control and assumed that they will be fulfilled. A model can be designed based on the accountability problem as a single framework. It helps to motivate the users to fulfil the obligation. Delegation obligation was considered as a recurring phenomenon by (Schaad.A 2002) as per their model if a user delegates an object assigned to him to another user then the delegating user will loses its assignment to the obligation and will create a new obligation and assigned to the user. It does not provide any incentive and monitoring schemes. Various schemes of providing incentives for the delegation of obligations can be identified and can reduce the violation of obligations by the user. Security implication on delegating an obligation can also be analyzed and provide proper authorization mechanism in accessing the delegation of obligation. Bibliography Ben-Ghorbel-Talbi.M, Cuppens.F, Cuppens-Boulahia.N, et.al. "Delegation of obligations and responsinility." 20th IFIP TC 11 international Information Security Conference. 2011. 197-209. Chen.L, Crampton.J, Kollingbaum.M.J, Norman.T.J. "Obligations in risk-aware access control." 10th Annual International Conference on Privacy, Security and Trust. 2012. 145-152. D.W.W.Ng, S.K.Koh, Shin Zhu Sim. M.C.Lee. "The study of properties on generalized Beta distribution." Journal of Physics Conference Series, 2018. Dugger, Ashley. study.com. 2021. https://study.com/academy/lesson/what-is-delegationdefinition-parties-duties.html (accessed Dec 14, 2022). Holmstorm.B, Milgrom.P. "Multitask principal-agent analyses: Incentive contracts, asset ownership and job design." Journal of Law, Economic and organization, 1991: 24-52. Irwin.K, Yu.T, Winsborough.W.H. "Assigning responsibility for failed obligation." IFIP Trust Management Conference. 2008. —. "On the modeling and analysis of obligations." ACM conference on computer communications. ACM, 2006. 134-143. Kim, Aerin. towardsdatascience.com. Jan 8, 2020. https://towardsdatascience.com/betadistribution-intuition-examples-and-derivation-cf00f4db57af (accessed Dec 15, 2022). Pontual.M, Chowdhury.O, Winsborough.W.H, et.al. "Toward pracitcal authoriation-dependent user obligation system." Symposium on information, Computer and communication security. ACM, 2019. 180-191. Pretschner.A, Hity/M, Basin.D. "Distributed usage control." Communications of the ACM, 2006: 39-44. Schaad.A, Moffett.J.D. "Delegation of obligations." International workshop on policies for distributed systems and networks. 2002. 25-35.