Dynamics of Human-AI Delegation in Organizational Routines

Human-AI delegation occurs when a human delegates work to an autonomous AI-based system. We report on a simulation study to examine how human-AI delegation dynamically changes in an organizational routine as it is enacted over and over again. We build on findings from previous research and examine the interaction of various human and AI-related factors. We compute the resulting dynamics in terms of complexity representing the degree of uncertainty as to whether delegation takes place. We find that online and offline learning capabilities interact with human willingness in various ways which leads to different, even non-linear changes in the dynamics of human-AI delegation over time. Our study yields implications for research on human-AI delegation, routine dynamics and business process management. We point to a number of practical implications and avenues for future research

Solving identity delegation problem in the e-government environment

At present, many countries allow citizens or entities to interact with the government outside the telematic environment through a legal representative who is granted powers of representation. However, if the interaction takes place through the Internet, only primitive mechanisms of representation are available, and these are mainly based on non-dynamic offline processes that do not enable quick and easy identity delegation. This paper proposes a system of dynamic delegation of identity between two generic entities that can solve the problem of delegated access to the telematic services provided by public authorities. The solution herein is based on the generation of a delegation token created from a proxy certificate that allows the delegating entity to delegate identity to another on the basis of a subset of its attributes as delegator, while also establishing in the delegation token itself restrictions on the services accessible to the delegated entity and the validity period of delegation. Further, the paper presents the mechanisms needed to either revoke a delegation token or to check whether a delegation token has been revoked. Implications for theory and practice and suggestions for future research are discussed

Off-line Delegation

This article describes mechanisms for offline delegation of access rights to files maintained by a distributed 'File Repository. The mechanisms are designed for a target environment where personal machines are used at times when critical services, such as authentication and authorization services, are not accessible. We demonstrate how valid delegation credentials can be transferred verbally without the use of shared secrets. Our main result shows that delegation of access rights can be accomplished in a system that uses public-key encryption for secrecy and integrity, without forcing the user to rely on a trusted third party, and without requiring connection to the infrastructure. The implementation runs on a contemporary Personal Digital Assistant (PDA); the performance is satisfactory

Keys in the Clouds: Auditable Multi-device Access to Cryptographic Credentials

Personal cryptographic keys are the foundation of many secure services, but storing these keys securely is a challenge, especially if they are used from multiple devices. Storing keys in a centralized location, like an Internet-accessible server, raises serious security concerns (e.g. server compromise). Hardware-based Trusted Execution Environments (TEEs) are a well-known solution for protecting sensitive data in untrusted environments, and are now becoming available on commodity server platforms. Although the idea of protecting keys using a server-side TEE is straight-forward, in this paper we validate this approach and show that it enables new desirable functionality. We describe the design, implementation, and evaluation of a TEE-based Cloud Key Store (CKS), an online service for securely generating, storing, and using personal cryptographic keys. Using remote attestation, users receive strong assurance about the behaviour of the CKS, and can authenticate themselves using passwords while avoiding typical risks of password-based authentication like password theft or phishing. In addition, this design allows users to i) define policy-based access controls for keys; ii) delegate keys to other CKS users for a specified time and/or a limited number of uses; and iii) audit all key usages via a secure audit log. We have implemented a proof of concept CKS using Intel SGX and integrated this into GnuPG on Linux and OpenKeychain on Android. Our CKS implementation performs approximately 6,000 signature operations per second on a single desktop PC. The latency is in the same order of magnitude as using locally-stored keys, and 20x faster than smart cards.Comment: Extended version of a paper to appear in the 3rd Workshop on Security, Privacy, and Identity Management in the Cloud (SECPID) 201

NSEC5, DNSSEC authenticated denial of existence

The Domain Name System Security Extensions (DNSSEC) introduced two resource records (RR) for authenticated denial of existence: the NSEC RR and the NSEC3 RR. This document introduces NSEC5 as an alternative mechanism for DNSSEC authenticated denial of existence. NSEC5 uses verifiable random functions (VRFs) to prevent offline enumeration of zone contents. NSEC5 also protects the integrity of the zone contents even if an adversary compromises one of the authoritative servers for the zone. Integrity is preserved because NSEC5 does not require private zone-signing keys to be present on all authoritative servers for the zone, in contrast to DNSSEC online signing schemes like NSEC3 White Lies.https://datatracker.ietf.org/doc/draft-vcelak-nsec5/First author draf

Gay men, Gaydar and the commodification of difference

Purpose To investigate ICT mediated inclusion and exclusion in terms of sexuality through a study of a commercial social networking website for gay men Design/methodology/approach The paper uses an approach based on technological inscription and the commodification of difference to study Gaydar, a commercial social networking site. Findings Through the activities, events and interactions offered by Gaydar, we identify a series of contrasting identity constructions and market segmentations which are constructed through the cyclic commodification of difference. These are fuelled by a particular series of meanings attached to gay male sexualities which serve to keep gay men positioned as a niche market. Research limitations/implications The research centres on the study of one, albeit widely used, website with a very specific set of purposes. The study offers a model for future research on sexuality and ICTs. Originality/value This study places sexuality centre stage in an ICT mediated environment and provides insights into the contemporary phenomenon of social networking. As a sexualized object, Gaydar presents a semiosis of politicized messages that question heteronormativity while simultaneously contributing to the definition of an increasingly globalized, commercialized and monolithic form of gay male sexuality defined against ICT

CLEF NewsREEL 2016: Comparing Multi-Dimensional Offline and Online Evaluation of News Recommender Systems

Running in its third year at CLEF, NewsREEL challenged participants to develop news recommendation algorithms and have them benchmarked in an online (Task 1) and offline setting (Task 2), respectively. This paper provides an overview of the NewsREEL scenario, outlines this year’s campaign, presents results of both tasks, and discusses the approaches of participating teams. Moreover, it overviews ideas on living lab evaluation that have been presented as part of a “New Ideas” track at the conference in Portugal. Presented results illustrate potentials for multi-dimensional evaluation of recommendation algorithms in a living lab and simulation based evaluation setting

Simulation in ALICE

ALICE, the experiment dedicated to the study of heavy ion collisions at the LHC, uses an object-oriented framework for simulation, reconstruction and analysis (AliRoot) based on ROOT. Here, we describe the general ALICE simulation strategy and those components of the framework related to simulation. Two main requirements have driven the development of the simulation components. First, the possibility to run different transport codes with the same user code for geometry and detector response has led to the development of the Virtual Monte Carlo concept. Second, simulation has to provide tools to efficiently study events ranging from low-multiplicity pp collisions to Pb-Pb collisions with up to 80000 primary particles per event. This has led to the development of a variety of collaborating generator classes and specific classes for event merging.Comment: Talk from the 2003 Computing in High Energy and Nuclear Physics (CHEP03), La Jolla, Ca, USA, March 2003, 6 pages, LaTeX, 5 eps figures. PSN TUMT00