Showing papers on "Delegation published in 2004"

The UCONABC usage control model

Abstract: In this paper, we introduce the family of UCONABC models for usage control (UCON), which integrate Authorizations (A), oBligations (B), and Conditions (C). We call these core models because they address the essence of UCON, leaving administration, delegation, and other important but second-order issues for later work. The term usage control is a generalization of access control to cover authorizations, obligations, conditions, continuity (ongoing controls), and mutability. Traditionally, access control has dealt only with authorization decisions on users' access to target resources. Obligations are requirements that have to be fulfilled by obligation subjects for allowing access. Conditions are subject and object independent environmental or system requirements that have to be satisfied for access. In today's highly dynamic, distributed environment, obligations and conditions are also crucial decision factors for richer and finer controls on usage of digital resources. Although they have been discussed occasionally in recent literature, most authors have been motivated from specific target problems and thereby limited in their approaches. The UCONABC model integrates these diverse concepts in a unified framework. Traditional authorization decisions are generally made at the time of requests but hardly recognize ongoing controls for relatively long-lived access or for immediate revocation. Moreover, mutability issues that deal with updates on related subject or object attributes as a consequence of access have not been systematically studied.Unlike other studies that have targeted on specific problems or issues, the UCONABC model seeks to enrich and refine the access control discipline in its definition and scope. UCONABC covers traditional access controls such as mandatory, discretionary, and role-based access control. Digital rights management and other modern access controls are also covered. UCONABC lays the foundation for next generation access controls that are required for today's real-world information and systems security. This paper articulates the core of this new area of UCON and develops several detailed models.

The case for bureaucracy : a public administration polemic

Abstract: "The Case for Bureaucracy" persuasively argues that American public servants and administrative institutions are among the best in the world. Contrary to popular stereotypes, they are neither sources of great waste nor a threat to liberty, but social assets of critical value to a functioning democracy. In presenting his case, Goodsell touches on core aspects of public administration while drawing on important, recent events to bring case material and empirical evidence fully up to date. This new edition incorporates the events of 9/11 to explore their impact on future bureaucratic performance, speaking specifically to the massive reorganization under the new Department of Homeland Security. As well, Goodsell offers a complete assessment of the reinventing government movement and related reforms to show how far bureaucracies have come, while pointing to the challenges they continue to face. This title features the following: Updating worth highlighting: new data on public perceptions of bureaucracy; new section on the delegation of policy implementation to contractors and nonprofits; new statistics regarding quality-of-life improvements in American society since the 1980s; new profiles of real bureaucrats - and citizen interaction with them - giving bureaucracy a human face; new material on bureaucratic contributions to the political system that go beyond implementing policy; new coverage of the administrative consolidation following 9/11 and competitive outsourcing by the Bush Administration; new analysis of current reform proposals focused on market competition and business management practices; and, new proposals for ways to improve bureaucracy.

Policing the Bargain: Coalition Government and Parliamentary Scrutiny

Abstract: Policymaking by coalition governments creates a classic principal-agent problem. Coalitions are comprised of parties with divergent preferences who are forced to delegate important policymaking powers to individual cabinet ministers, thus raising the possibility that ministers will attempt to pursue policies favored by their own party at the expense of their coalition partners. What is going to keep ministers from attempting to move policy in directions they favor rather than sticking to the “coalition deal”? We argue that parties will make use of parliamentary scrutiny of “hostile” ministerial proposals to overcome the potential problems of delegation and enforce the coalition bargain. Statistical analysis of original data on government bills in Germany and the Netherlands supports this argument. Our findings suggest that parliaments play a central role in allowing multiparty governments to solve intracoalition conflicts.

Perspectives and challenges in e-learning: towards natural interaction paradigms

Abstract: The role of Information and Communication Technologies (ICTs) in educational development has been world-wide recognized as a priority in order “to reinforce academic development, to widen access, to attain universal scope and to extend knowledge, as well as to facilitate education throughout life” (Council of Ministers of Education, Canada, Report of the Canadian Delegation to the UNESCO World Conference on Higher Education, Paris, October 5–9, 1998. http://www.cmec.ca/international/unesco WCHE98report.en.pdf ). As a consequence, developments in ICTs have had a significant impact on conventional higher education, as the university of the 21st century takes shape. By analyzing traditional learning models as opposed to new e-learning paradigms, this paper provides a global overview on future learning systems, from both technology- and user-centered perspectives. In particular, the visual component of the e-learning experience is emphasized as a significant feature for effective content development and delivery, while the adoption of new interaction paradigms based on multi-dimensional metaphors and perceptive interfaces is presented as a promising direction towards more natural and effective learning experiences.

Cassandra: distributed access control policies with tunable expressiveness

Abstract: We study the specification of access control policy in large-scale distributed systems. Our work on real-world policies has shown that standard policy idioms such as role hierarchy or role delegation occur in practice in many subtle variants. A policy specification language should therefore be able to express this variety of features smoothly, rather than add them as specific features in an ad hoc way, as is the case in many existing languages. We present Cassandra, a role-based trust management system with an elegant and readable policy specification language based on Datalog with constraints. The expressiveness (and computational complexity) of the language can be adjusted by choosing an appropriate constraint domain. With just five special predicates, we can easily express a wide range of policies including role hierarchy, role delegation, separation of duties, cascading revocation, automatic credential discovery and trust negotiation. Cassandra has a formal semantics for query evaluation and for the access control enforcement engine. We use a goal-oriented distributed policy evaluation algorithm that is efficient and guarantees termination. Initial performance results for our prototype implementation have been promising.

Power, organization design and managerial behaviour

Abstract: This paper examines empirically the impact of authority structures on the use of accounting information systems (AISs) for decision control and decision management. The model is designed to enable an assessment of the relative impact of formal authority that stems from allocation of decision rights and informal authority that stems from individual power and influence. The study is based on data collected from physician managers in large public teaching hospitals in Italy. The results support the hypotheses and demonstrate the consequences of power on organizational functioning. Our findings indicate that the delegation of formal authority to physician managers not only has a direct impact on the use of accounting for decision control and decision management it also has an important effect on their cost consciousness.

A Protectionist Bias in Majoritarian Politics

Abstract: We develop a novel model of campaigns, elections, and policymaking in which the ex ante objectives of national party leaders differ from the ex post objectives of elected legislators. This generates a distinction between "policy rhetoric" and "policy reality" and introduces an important role for "party discipline" in the policymaking process. We identify a protectionist bias in majoritarian politics. When trade policy is chosen by the majority delegation and legislators in the minority have limited means to influence choices, the parties announce trade policies that favor specific factors, and the expected tariff or export subsidy is positive. Positions and expected outcomes monotonically approach free trade as party discipline strengthens.

The organization of supplier networks: effects of delegation and intermediation

Abstract: In a one-principal two-agent model with adverse selection and collusion among agents, we show that delegating to one agent the right to subcontract with the other agent always earns lower profit for the principal compared with centralized contracting. Delegation to an intermediary is also not in the principal's interest if the agents supply substitutes. It can be beneficial if the agents produce complements and the intermediary is well informed.

Delegating Powers in the European Community

Abstract: The theory of delegation developed by Epstein and O'Halloran for the US federal system is used here to generate original hypotheses on the politics of delegation in the European Community (EC). It is argued that two institutional features of the Community, namely the decision rules of the Council of Ministers and the possibility of relying on both the Commission and the member states for policy implementation are at the core of the choices of delegation of EC legislators. Using an original dataset of 158 major EC legislative acts, it is demonstrated that the Council delegates greater policy authority to national institutions if legislation is adopted unanimously or in issue areas that require specialized and technical knowledge, while it relies to a greater extent on the Commission when acts are adopted by qualified majority voting or require general managerial skills at the supranational level.Results also show that national administrators are the main providers of policy expertise, while the informational role of the Commission appears to be secondary, though not negligible. Finally, these findings qualify propositions on the relation between veto players and bureaucratic autonomy and on that between conflict within the legislature and delegation outcomes.

Security analysis in role-based access control

Abstract: Delegation is often used in administrative models for Role-Based Access Control (RBAC) systems to decentralize administration tasks. While the use of delegation greatly enhances flexibility and scalability, it may reduce the control that an organization has over its resources, thereby diminishing a major advantage RBAC has over Discretionary Access Control(DAC). We propose to use security analysis techniques to maintain desirable security properties while delegating administrative privileges. We give a precise definition of a family of security analysis problems in RBAC, which is more general than safety analysis that is studied in the literature. We also show that two classes of problems in the family can be reduced to similar analysis in the RT0 trust-management language, thereby establishing an interesting relationship between RBAC and the RT (Role-based Trust-management) framework. The reduction gives efficient algorithms for answering most kinds of queries in these two classes and establishes the complexity bounds for the intractable cases.

Lessons for an aging society: the political sustainability of social security systems

Abstract: What is the future of social systems in OECD countries ? In our view, the answer belongs to the realm of politics. We evaluate how political constraints shape the social security system in six countries - France, Germany, Italy, Spain, the UK and the US - under population aging. Two main aspects of the aging process are relevant to the analysis. First, the increase in the dependency ratio - the ratio of retirees of workers - reduces the average profitability of the unfunded social security system, thereby inducing the agents to reduce the size of the system by substituting their claims towards future pensions with more private savings. Second, an aging electorate leads to larger systems, since it increases the relevance of pension spending on the policy-makers' agenda. The overall assessment from our simulations is that the political aspect dominates in all countries, albeit with some differences. Spain, the fastest aging country, faces the largest increase in the social security contribution rate. When labor market considerations are introduced, the political effect still dominates, but it is less sizeable. Country specific characteristics (not accounted for in our simulations), such as the degree of redistribution in the pension system and the existence of family ties in the society, may also matter. Our simulations deliver a strong policy implication: an increase in the effective retirement age always decreases the size of the system chosen by the voters, while often increasing its generosity. Finally, delegation of pension policy to the EC may reduce political accountability and hence help to reform the systems.

Requirements Engineering meets trust management: Model, methodology, and reasoning

Abstract: The last years have seen a number of proposals to incorporate Security Engineering into mainstream Software Requirements Engineering However, capturing trust and security requirements at an organizational level (as opposed to a design level) is still an open problem This paper presents a formal framework for modeling and analyzing security and trust requirements It extends the Tropos methodology, an agent-oriented software engineering methodology The key intuition is that in modeling security and trust, we need to distinguish between the actors that manipulate resources, accomplish goals or execute tasks, and actors that own the resources or the goals To analyze an organization and its information systems, we proceed in two steps First, we built a trust model, determining the trust relationships among actors, and then we give a functional model, where we analyze the actual delegations against the trust model, checking whether an actor that offers a service is authorized to have it The formal framework allows for the automatic verification of security and trust requirements by using a suitable delegation logic that can be mechanized within Datalog To make the discussion more concrete, we illustrate the proposal with a Health Care case study

Reinvention of health insurance in the consumer era.

Abstract: The private health insurance industry in the United States has fundamentally changed its strategic focus, product design, and pricing policy as a result of the backlash against managed care. Rather than seek to influence the behavior of physicians through capitation and utilization review, the major health plans now seek to influence the behavior of patients through benefit designs that cover a broad range of services but with high co-payments, tiered network designs that cover a broad range of physicians but with variable coinsurance, and medical management programs that provide incentives for patients to better manage their own health care. Premium prices are carefully adjusted to cover the expected costs of care for each type of product and each class of patient, with a commensurate willingness to abandon enrollment where insurance premiums cannot outrun medical costs. The contemporary product and pricing policies reflect a retreat by the insurance industry from previous efforts to transform the health care system and embody a delegation to individual consumers of responsibility for setting priorities and making financial tradeoffs.

Centralized Pricing Versus Delegating Pricing to the Salesforce Under Information Asymmetry

Abstract: The issue of delegating pricing responsibility to the salesforce is of interest to marketing academics and practitioners. It has been shown by Lal (1986) that under certain situations with information asymmetry, it is more profitable for the firm to delegate pricing authority to the salesforce than to have centralized pricing. In this paper we re-examine situations where information asymmetry exists and analyze its effect on the decision of the firm to set a price or delegate pricing responsibility to the salesforce. Using contract theory, we find that when the salesperson's private information can be revealed to the firm through contracting, centralized pricing performs at least as well as price delegation. We derive the optimal centralized pricing contract under a set of standard assumptions used in the economics and business literature.

Role-based delegation model/hierarchical roles (RBDM1)

Abstract: The basic idea behind delegation is that some active entity in a system delegates authority to another active entity in order to carry out some functions on behalf of the former. User delegation in RBAC is the ability of one user (called the delegating user) who is a member of the delegated role to authorize another user (called the delegate user) to become a member of the delegated role. This paper introduces a new model, which we consider it to be an extension of REDM0 [BS2000]. The central contribution of this paper is to introduce a new model, referred to as RBDM1 (role-based delegation model/ hierarchical roles), that uses the details from RBDM0, which was described in the literature by Barka and Sandhu [BS2000] to address the temporary delegation based on hierarchical roles. We formally defined a role-based delegation model based on hierarchical relationship between the roles involved. We also identified the different semantics that impact the can-delegate relation, we analyzed these semantics to determine which ones we consider as more appropriate in business today, thus allowed in our model, and provided a justification to why those selections are made.

Model-Checking Access Control Policies

Abstract: We present a model of access control which provides fine-grained data-dependent control, can express permissions about permissions, can express delegation, and can describe systems which avoid the root-bottleneck problem We present a language for describing goals of agents; these goals are typically to read or write the values of some resources We describe a decision procedure which determines whether a given coalition of agents has the means (possibly indirectly) to achieve its goal We argue that this question is decidable in the situation of the potential intruders acting in parallel with legitimate users and taking whatever temporary opportunities the actions of the legitimate users present Our technique can also be used to synthesise finite access control systems, from an appropriately formulated logical theory describing a high-level policy

Delegating Decisions to Experts

Abstract: We present a model of delegation with self‐interested and privately informed experts. A team of experts with extreme but opposite biases is acceptable to a wide range of decision makers with diverse preferences, but the value of expertise from such a team is low. A decision maker wants to appoint experts who are less partisan than he is in order to facilitate information pooling by the expert team. Selective delegation, either by controlling the decision‐making process or by conditioning the delegation decision on his own information, is an effective way for the decision maker to safeguard own interests while making use of expert information.

Privatizing the State

Abstract: In the new global political economy, “privatization” names a transformation of the roles of public and private actors with the goal of reforming government policies and economic aid programs. It is an objective, a slogan, a fetish. But what does it signify? On the one hand, it refers to the process of changing industries, businesses, and services from governmental or public ownership to private agencies. But privatization now also extends to what are normally the prerogatives of national states: taxation, customs, internal security, national defense, and peace negotiations. In much of the literature, privatization is associated with the retreat, decline, or even demise of the state. Using Max Weber’s concept of delegation, or “discharge,” as a point of departure, Hibou and the contributors of this volume propose an alternative view, interpreting the contemporary restructuring of economic and political relations in much of the world as “the privatization of the state.” This book challenges received ideas about the process of globalization and its presumed homogenization by suggesting that rather than weakening the powers of the state, privatization actually strengthens it. With examples from Russia, Poland, China, Taiwan, Indonesia, North Africa, and sub-Saharan Africa, the book questions the supposed inefficiency of states in regulating capitalism and the role economic and financial knowledge play as substitutes for political and social analysis.

Strategic Delegation By Unobservable Incentive Contracts

Abstract: Many strategic interactions in the real world take place among delegates empowered to act on behalf of others. Managers make strategic decisions that affect profits; sales persons have power over setting prices; and lawyers and sports agents represent their clients in bargaining processes. One of the central messages of game theory is that this could be, at least partly, due to the strategic advantage delegation may provide to the delegating party. The idea that signing binding and publicly observable contracts with a third party may serve as a beneficial commitment device goes back at least to Schelling (1960), and has been put into use in many areas of economics.1 However, the observability of contracts appears to be a precondition for them to play a commitment role, and for this reason, almost all applications of strategic delegation theory are couched in terms of observable contracts. The formalization of this intuition is given by Katz (1991) who showed that if contracts are unobservable, then the Nash equilibrium outcomes of a game with and without delegation coincide. In particular, delegation through unobservable contracts does not change the predicted outcome of games with a unique Nash equilibrium. These observations, in turn, call the empirical relevance of the applied delegation studies into serious question since, in most real-world transactions, the signed contracts are unobservable to the outside parties. However, there are important strategic environments that fall outside the confines of Katz's analysis. First, Katz's model does not include the scenarios in which the outcome of the decision of delegating or not delegating is observable to the outside party. In contrast, in some models it is natural that the outside party observes the outcome of this decision simply because (s)he

The Rise of the British Regulatory State: Transcending the Privatization Debate

Abstract: This article reviews three recent books that explore the social and political foundations of the regulatory changes in the governance of British society and economy. Beyond privatization, there is increasing delegation to autonomous agencies, formalization of relationships, and proliferation of new technologies of regulation in both public and private spheres. Sociolegal, public administration, and political economic perspectives can help explore the forces that shape these new institutions. The notion of regulatory society accompanies the rise of the regulatory state.

Role-based cascaded delegation

Abstract: We propose role-based cascaded delegation, a model for delegation of authority in decentralized trust management systems. We show that role-based cascaded delegation combines the advantages ofrole-based trust management with those of cascaded delegation. We also present an efficient and scalable implementation of role-based cascaded delegation using Hierarchical Certificate-Based Encryption, where the authentication information for an arbitrarily long role-based delegation chain is captured by one short signature of constant size. This implementation also provides strong privacy protection for delegation participants.

Initiative, Incentives and Soft Information. How Does Delegation Impact The Role of Bank Relationship Managers?

Abstract: This paper empirically examines how changes in the hierarchical structure of a large organization can affect incentives. The empirical analysis exploits a change in the hierarchical structure of the Corporate Division of a private foreign commercial bank in Argentina between 1999 and 2001. Using detailed hand collected data on credit approvals, as well as perceived effort measures for each relationship manager from quality surveys done to borrowing firms, I test whether delegation of authority and reduction of oversight improves or decreases the provision of effort by account managers. Results suggest that 'empowering managers' increases the time relationship managers spend with their corporate clients, increases perceived effort and reduces the number of complaints the bank receives from its clients. Alternative explanations and several tests are constructed to examine the different channels through which effort measures could have increased other than the change in organizational structure. I then test whether the improvement is really because managers make better use of their decision making authority rather than they simply waste less time in filing reports to their superiors. I find that individuals who receive more authority use their soft information more compared to individuals to whom authority is only partially delegated. This suggests that delegation of authority increases managerial effort not only because management spends less time reporting to bosses, but also because they recognize that their effort will have greater impact on outcomes. Hence, transmission of, and reliance on, soft information are higher under decentralized than centralized structures. Finally, I test whether the change in structure was meaningful and productive from the bank's financial perspective. I find that cross-selling measures and bank's financial ratios increased after the organizational change.

Leader reliance on subordinates across nations that differ in development and climate

Abstract: How, where, and why do leaders follow the people they lead? An 84-nation analysis of survey responses from 19,525 managers shows that their reliance on subordinates depends on the level of wealth and development, and the harshness of cold or hot climates. In support of the thermal demands-resources theory [J. Environ. Psychol. (2004)], leaders in more developed countries, especially in countries with more demanding climates, rely more on subordinates as sources of information and as targets of delegation. Additionally, the more strongly positive links between national development and leader reliance on subordinates in more demanding climates are rectilinear for information reliance but J-curved for delegation reliance. The interactions of wealth-based resources and climatic demands generate an ecological leadership theory, which is summarized in four propositions. (C) 2004 Elsevier Inc. All rights reserved.

A smart-card-enabled privacy preserving E-prescription system

Abstract: Within the overall context of protection of health care information, privacy of prescription data needs special treatment. First, the involvement of diverse parties, especially nonmedical parties in the process of drug prescription complicates the protection of prescription data. Second, both patients and doctors have privacy stakes in prescription, and their privacy should be equally protected. Third, the following facts determine that prescription should not be processed in a truly anonymous manner: certain involved parties conduct useful research on the basis of aggregation of prescription data that are linkable with respect to either the patients or the doctors; prescription data has to be identifiable in some extreme circumstances, e.g., under the court order for inspection and assign liability. In this paper, we propose an e-prescription system to address issues pertaining to the privacy protection in the process of drug prescription. In our system, patients' smart cards play an important role. For one thing, the smart cards are implemented to be portable repositories carrying up-to-date personal medical records and insurance information, providing doctors instant data access crucial to the process of diagnosis and prescription. For the other, with the secret signing key being stored inside, the smart card enables the patient to sign electronically the prescription pad, declaring his acceptance of the prescription. To make the system more realistic, we identify the needs for a patient to delegate his signing capability to other people so as to protect the privacy of information housed on his card. A strong proxy signature scheme achieving technologically mutual agreements on the delegation is proposed to implement the delegation functionality.

Improving the SGP: Taxes and Delegation rather than Fines

Abstract: We analyze motivations for, and possible alternatives to, the Stability and Growth Pact (SGP). With regard to the former, we identify domestic policy failures and various cross-country spillover ef ...

Run-time principals in information-flow type systems

Abstract: Information-flow type systems are a promising approach for enforcing strong end-to-end confidentiality and integrity policies. Such policies, however, are usually specified in term of static information-data is labeled high or low security at compile time. In practice, the confidentiality of data may depend on information available only while the system is running. This paper studies language support for run-time principals, a mechanism for specifying information-flow security policies that depend on which principals interact with the system. We establish the basic property of noninterference for programs written in such language, and use run-time principals for specifying run-time authority in downgrading mechanisms such as declassification. In addition to allowing more expressive security policies, run-time principals enable the integration of language-based security mechanisms with other existing approaches such as Java stack inspection and public key infrastructures. We sketch an implementation of run-time principals via public keys such that principal delegation is verified by certificate chains.

The Shadows of the Law: Contemporary Approaches to Regulation and the Problem of Regulatory Conflict

Abstract: Regulatory analyses often assume that compliance is desirable, with literature focusing on strategies to encourage "excellence" in adherence to regulatory goals. Yet, it is not unusual for disparate regulatory goals to exist that are based on competing values of what constitutes the "good society." It is this conflict that forms the substance of this paper. In cases of competing regulatory goals, techniques that encourage exemplary compliance in one area can create incentives to breach regulatory provisions of a competing regime. In such cases, generic regulatory techniques are unable to provide a useful means for resolving regulatory conflict but do allow a political delegation of conflict resolution to the "scientific" strategies of the regulator. In turn, the regulator places responsibility on companies for resolving competing regulatory demands. Successive delegation leads to juridification as well as regulators vying to retain primacy for their regime. This problem is examined through analysis of responsibilities for subcontractor safety under Australian health and safety law and sections of the Australian Trade Practices Act 1974 aimed at protecting competition.

Occupational health services in the UK—challenges and opportunities

Abstract: This paper considers the challenges currently facing occupational medicine and how we can improve access to occupational health services (OHS). It aims to highlight some of the diverse internal and external factors that restrict the UK’s ability to provide all workers access to OHS. Method A literature review was carried out and combined with awareness of current trends in business and new legislation together with provision of occupational medicine in other countries. Results Potentially controversial solutions that might help to make OHS more widely accessible were identified and are discussed. It is hoped that these will provoke further debate. Conclusion Individually and organizationally, we must examine and improve capabilities if we are to improve worker access to OHS and deliver targets to reduce occupational ill-health. It is suggested that this requires a strategic shift to apply resources differently. There is need to explore delegation of tasks traditionally performed by doctors to nurses and other staff together with the outsourcing of non-core work. The increased use of telemedicine and the enhanced use of information technology for training, risk assessments, wellness programmes and questionnaire-based health assessments are other developments that should be explored.

Brown-ing the American Textbook: History, Psychology, and the Origins of Modern Multiculturalism

Abstract: In June 1944, a delegation of African-American leaders met with New York City school officials to discuss a central focus of black concern: history textbooks. That delegation reflected a broad spectrum of metropolitan Black opinion: Chaired by the radical city councilman Benjamin J. Davis, it included the publisher of the Amsterdam News—New York's major Black newspaper—as well as the bishop of the African Orthodox Church. In a joint statement, the delegates praised public schools' recent efforts to promote “intercultural education”—and to reduce “prejudice”—via drama, music, and art. Yet if history texts continued to spread lies about the past, Blacks insisted, all of these other programs would come to naught. One book described slaves as “happy”; another applauded the Ku Klux Klan for keeping “foolish Negroes” out of government. “Such passages… could well have come from the mouths of the fascist enemies of our nation,” the Black delegation warned. Even as America fought “Nazi doctrine” overseas, African Americans maintained, the country needed to purge this philosophy from history books at home.