Syntax of CTL cc,α

Definition 3.4.2. The syntax of CTLcc,α_{is defined as follows:}

ϕ ::= p| ¬ϕ | ϕ ∨ ϕ | EXϕ | EGϕ | E(ϕ U ϕ) | CC | α

CC ::= ξCC(i, j, ϕ, ϕ)

α ::= F uξ(i,CC)| Caξ(i, CC) | Reξ(j, CC) | Deξ(i, k, CC) | Asξ(j, k, CC)

where:

− ξ ∈ {W, S} refers to weak and strong. p, ¬, ∨, E, A, X, G, and U are defined in

Definition 2.1.1 in Chapter 2.

− i and j ∈ A are two agents. W CC, SCC, F uW , F uS, CaW , CaS, ReW , ReS, DeW, DeS, AsW , and AsS stand for weak and strong conditional commitments

and their fulfillments, cancelations, releases, delegations, and assignments, respec- tively.

The syntactic grammar rules of CTLcc,α _{have in principle three different but integrated}

parts: propositional part, temporal part, and communication part.

Propositional part: The propositional part is in fact a propositional logic and consists of

a set of atomic propositions and a set of Boolean connectives. Propositions are declarative statements that can be evaluated into true or false and represent essentially facts. Each fact is declared using the perfective aspect in the English language. For example, with respect to the NetBill protocol, atomic propositions will represent statements such as “the requested goods have been delivered”, “the agreed payment has been made”, and so on. Propositions with explicit time and propositions with explicit data, such as “the requested good is delivered by 5:30PM”, and “the agreed payment is 500$” can also be approximated. Also, we denote the set of atomic propositions that hold at a given state s by V(s). We in turn use it to implement our methodology of representing declarative statements that include facts and facts with explicit domain variables (e.g., amount of money) as atomic propositions. Other Boolean connectives can be abbreviated in terms of the above as usual (see Definition 2.1.1 in Chapter 2).

Temporal part: The temporal part: 1) allows us to represent and reason about temporal

qualitative requirements and to reason about the satisfaction of propositions in the past and future modes; and 2) uses the quantifiers to restrict the execution of paths. The reading of the formulae EXϕ, EGϕ, and E(ϕ U ψ) and the abbreviations of other temporal operators are introduced in Definition 2.1.1 in Chapter 2.

Communication part: The communication part focuses on modeling interactions among

agents using social commitments and their actions modalities. By using these modalities to express interaction requirements, the resulting properties are called communication prop- erties. The formula W CC(i, j, ψ, ϕ) (respectively, SCC(i, j, ψ, ϕ)) is read as “agent i weakly (respectively, strongly) commits towards agent j to consequently satisfy ϕ once the antecedent ψ holds”. Since the antecedent ψ and the consequence ϕ in the context of commitment modality can be any arbitrary CTLcc,α_{formula, so they would be conditional}

commitments as well. Commitment antecedents can also express the past using the until operator in the usual way (see for example our formalization to the scenario presented in Example 3.2.3). Moreover, as we mentioned earlier, the main difference between our two types of conditional commitments (weak and strong) is that a weak commitment can be ac- tivated even when the antecedent is false in all accessible states, while a strong commitment does exist solely when there exists at least one accessible state satisfying the antecedent. In other words, an agent can strongly commit only when there is a possibility that the an- tecedent could be satisfied given that the model is known at design time, thanks to the fact that the model has finite states. The insurance company’s compliance with the commitment mentioned in Example 3.2.2 would be modeled as follows:

AG 

SCC (Ins, Pat,A(¬Claim(Reimbursed) U (Claim(Approved) ∧ ¬ Claim(Reimbursed))), EXEFClaim(Reimbursed)

It means the insurance company always strongly commits to reimburse a covered patient’s claim for a health procedure merely if the patient obtains an approval for her claim from the company prior to the health procedure; an antecedent which is possible to hold. The physician’s compliance with the commitment mentioned in Example 3.2.3 is expressed as follows:

AG 

SCC (Phy, Pat,¬ E(¬HeartReport(Signed) U HeartReport(Trouble)), ¬ E(¬Lab(Test) U Lab(Evaluate))

It means the physician always strongly commits to a patient when the patient has any sign of heart trouble after signing up with her, then she will be immediately referred to a laboratory for tests in order to evaluate the results. This technical difference is cleared in Definition 3.4.3.

In the duplex party action formulae, F uS(i, SCC(i, j, ψ, ϕ)) (respectively, F uW (i, W CC(i, j, ψ, ϕ))) is read as “agent i has fulfilled her strong commitment SCC(i, j, ψ, ϕ)

(respectively, weak commitment W CC(i, j, ψ, ϕ)) towards agent j”; CaS(i, SCC(i, j, ψ, ϕ)) (respectively, CaW (i, W CC(i, j, ψ, ϕ))) is read as “agent i has canceled her strong commitment SCC(i, j, ψ, ϕ) (respectively, weak commitment W CC(i, j, ψ, ϕ)) towards agent j”; and ReS(j, SCC(i, j, ψ, ϕ)) (respectively, ReW (j, W CC(i, j, ψ, ϕ))) is read as “agent j has released agent i from her strong commitment SCC(i, j, ψ, ϕ) (respectively, weak commitment W CC(i, j, ψ, ϕ))”. In the triplex party action formulae, DeS(i, k, SCC(i, j, ψ, ϕ)) (respectively, DeW (i, k, W CC(i, j, ψ, ϕ))) is read as “agent i has del- egated her role to agent k in her strong commitment SCC(i, j, ψ, ϕ) (respectively, weak commitment W CC(i, j, ψ, ϕ))”; and AsS(j, k, SCC(i, j, ψ, ϕ)) (respectively, AsW (j, k, W CC(i, j, ψ, ϕ))) is read as “agent j has assigned her strong commitment SCC(i, j, ψ, ϕ) (respectively, weak commitment W CC(i, j, ψ, ϕ)) to agent k”. For the readability purpose of the actions syntax, a redundant argument is added to represent the agent that has the right to perform the action under the assumption that the debtor agent creating a commit- ment can fulfill, cancel, and delegate the commitment, while the creditor agent can release, and assign the commitment directed to it.

Baldoni and colleagues [8, 9, 11] introduced a declarative language called 2CL to define constraints among commitments through a set of operators capturing patterns often used in interaction protocols. Internally, the constraints can be of different kinds: 1) some ex- pressing temporal requirements on the satisfaction of antecedents and consequences; and 2) some other just capturing a relation among commitments. The grounded semantics of these constraints are defined by expressing their equivalent LTL formulae. Our language cap- tures the temporal requirements between the antecedent and consequence of commitments, as shown above. Also, we can capture temporal requirements in an orthogonal direction about different commitments using the CTLcc,α _{temporal operators (e.g., the U operator),}

while the relationship among different commitments can be defined using Boolean CTLcc,α

connectives. In terms of interacting agents’ flexibility, everything that is not impressed by constraints is left free to the agents so as to define as propositions.