Abstract
Information about the powers and abilities of acting entities is used to coordinate their actions in societies, either physical or digital. Yet, the commonsensical meaning of an acting entity being deemed able to do something is still missing from the existing specification languages for the web or for multiagent systems. We advance a general purpose abstract logical account of evidencebased ability. A basic model can be thought of as the ongoing trace of a multiagent system. Every state records systemic confirmations and disconfirmations of whether an acting entity is able to bring about something. Qualitative inductive reasoning is then used in order to infer what acting entities are deemed able to bring about in the multiagent system. A temporalised modal language is used to talk about deemed ability, actual agency, and confirmation and disconfirmation of deemed ability. What constitutes a confirmation and a disconfirmation is left to the modeller as in general it depends on the application at hand. So to illustrate the methodology we propose two extended examples, one in practical philosophy, the other in system engineering. We first use a logic of agency and ability to obtain a version of Mele’s general practical abilities. Then, we look at the management of abilities in a supervised system.
Keywords
Logic Ability Evidence Falsification Confirmation Disconfirmation Agency Temporal logic1 Preliminaries
In open and highly distributed environments like online services, there are many unknown variables. Specifications are typically provided by the services themselves, and their actual implementation may depend on human intervention. Both are prone to error, to misrepresentation bona fide, and possibly, to deception. On a service repository, services join, evolve, and leave. Think about the sellers on Amazon Marketplace or AbeBooks: They start new businesses, modify their business models, go bankrupt, on sick leave, and on holiday.
ScenarioImagine a rare media service repository. Now, a client of the service repository wishes to acquire two original copies of Robinson Crusoe. Upon inspection, the server manager finds that services\(\sigma _1\), \(\sigma _2\), and\(\sigma _3\)each have one copy on offer. This seems like a trivial enough choreography problem; a typical choreography procedure could combine\(\sigma _1\)and\(\sigma _2\)in order to obtain a complex service function which, one can expect, consists in sending two copies of the book to the client. The function is called. The outcome is that the client receives a confirmation from\(\sigma _1\)that the book has been dispatched and an apologetic message from\(\sigma _2\)indicating that it cannot fulfil the request. \(\sigma _2\)failed its part of the function. After enquiry, the server manager discovers that\(\sigma _2\)does not actually have books in store, but instead acquires them from\(\sigma _3\)at discount price. The server manager also finds out that\(\sigma _3\)has ceased activity temporarily.
We will come back to service science a few times for illustrative purposes, but we are interested in the bigger picture. In settings presenting the same challenges, how do we deal with the inherent openness of such systems? How do we evaluate the abilities of acting entities? Evaluation of power is subjective. It reflects the information possessed and considered relevant by the system manager, and his own logic of knowledge management. How do we maintain the evaluation of abilities in accordance with the perceived changes in the multiagent system? Confirmation and disconfirmation are crucial notions in this connection. Depending on the application, they can be the actual exercise of some ability, or the omission thereof. The confirmation or disconfirmation of an ability can be a generalised speechact like a registration, a ban, the signing of a contract, or the registration of a medical file of aptitude or of invalidity. Remarkable work has been done in this direction in trust assessment using numerical models, e.g., Wang and Singh (2010). But at a more abstract level, we are still compelled to understand and capture the logical aspects of these mechanisms.
Logics dedicated to the study of powers have been studied in Theoretical Computer Science and Artificial Intelligence, with Alternatingtime Temporal Logic (ATL) (Alur et al. 2002) being probably the foremost representative. ATL and its numerous variants are excellent formalisms to reason about concurrent systems where the distributed components interact in a game theoretical fashion. Judgements about power are derived from unambiguous models that describe the a priori knowledge that a designer has of an interaction setup. These models are concurrent game structures. Of particular relevance to our illustrative scenario may be their use in service composition (De Giacomo and Felli 2010). In concurrent game structures, an acting entity is able to bring about that \(\phi \) at some moment if it possesses a pertinent action/strategy that would ensure that \(\phi \) when executed. Of course, a judgement about ability in this setting does not say anything about the same power at earlier or later times. But in less rigid societies of agents, judgements about ability are often less specific and definitive than in game theoretical models. Ability is more often merely discovered from experience: “We really do have an ‘idea’ corresponding to the word ‘power’. [...] Hume saw that recognition must be given to the essential part played by ‘experience of the past’ in our knowledge of the existence of powers.” (Ayers 1968, p. 59). We acknowledge the historical value of the statement, for we aim to propose a logical framework that recognises it as fundamental. In this paper we focus our attention on the “can” of power, and more precisely on the commonsensical meaning of “can” as deemed ability that accounts for present, previous, and future confirmations and disconfirmations of ability. The result is a work of logic that differs greatly from the existing formalisms like ATL.
 1.
If the current situation provides the confirmation that the acting entity G is able to bring about \(\phi \) then G is deemed able to bring about \(\phi \);
 2.
If the current situation disconfirms that G is able to bring about \(\phi \) then G is not deemed able to bring about \(\phi \);
 3.
If an acting entity G is deemed able to bring about \(\phi \), it will continue to be deemed able unless and until we encounter a disconfirmation of this ability.
 4.
If an acting entity G is not deemed able to bring about \(\phi \), it remains so unless and until we encounter a confirmation for this ability;
 5.
If an acting entity G is deemed able to bring about something, it is so because there is a confirmation of it now, or there has been a confirmation of it in then past and G has been deemed able ever since.
Of course, there is no onesizefitsall solution to tracking abilities in multiagent systems. What constitutes a confirmation and what constitutes a disconfirmation must depend on the application at hand. So in a second part we will present more ad hoc groundings of confirmation and disconfirmation. To illustrate the methodology we propose two extended examples, one in practical philosophy, the other in system engineering. First we use a logic of agency and ability to obtain a version of Mele’s general practical abilities (Sect. 3). Then, we look at the management of abilities in a supervised system (Sect. 4).
2 Being deemed able: the core logic
We suppose a finite supply of agents collected in a set Agt. A group is any subset of Agt. We call an acting entity any agent or group. We also suppose an infinite supply of propositional variables collected in a set Prop. The sets \(\textsf {Agt}\) and \(\textsf {Prop}\) are fixed throughout the paper.
We first define the static core logic. Then, we give a temporalisation of it. Then, we extend it to obtain the core logic of being deemed able.
2.1 The static core logic
In the following we will use three linguistic constructs that are at the core of the logic of being deemed able. \(\textsc {can}_{G}\phi \) reads “acting entity G is deemed able to bring about that \(\phi \)”. \(\textsc {conf}_{G}\phi \) reads “the situation confirms that acting entity G is able to bring about that \(\phi \)”. \(\textsc {disc}_{G}\phi \) reads “the situation disconfirms that acting entity G is able to bring it about that \(\phi \)”. These readings will also often be rephrased throughout the paper into contextually more appropriate wordings.
\(\vdash _{ \textsf {sc}}\)
[prop]  An axiomatisation of classical propositional logic 
[sc1]  \(\vdash _{ \textsf {sc}} \textsc {conf}_{G}\phi \rightarrow \textsc {can}_{G}\phi \) 
[sc2]  \(\vdash _{ \textsf {sc}} \textsc {disc}_{G}\phi \rightarrow \lnot \textsc {can}_{G}\phi \) 
[scr1]  If \(\vdash _{ \textsf {sc}} \phi \leftrightarrow \psi \) then \(\vdash _{ \textsf {sc}} \textsc {can}_{G}\phi \leftrightarrow \textsc {can}_{G}\psi \) 
[scr2]  If \(\vdash _{ \textsf {sc}} \phi \leftrightarrow \psi \) then \(\vdash _{ \textsf {sc}} \textsc {conf}_{G}\phi \leftrightarrow \textsc {conf}_{G}\psi \) 
[scr3]  If \(\vdash _{ \textsf {sc}} \phi \leftrightarrow \psi \) then \(\vdash _{ \textsf {sc}} \textsc {disc}_{G}\phi \leftrightarrow \textsc {disc}_{G}\psi \) 
The static core logic \({ \textsf {sc}}\) is the minimal set of formulas closed under \(\vdash _{ \textsf {sc}}\), presented in Table 1. Note that confirmation and disconfirmation with respect to the same ability are mutually exclusive. By axiom sc1, axiom sc2, and classical logic, we have \(\vdash _{ \textsf {sc}} \textsc {conf}_{G}\phi \wedge \textsc {disc}_{G}\phi \rightarrow \textsc {can}_{G}{\phi } \wedge \lnot \textsc {can}_{G}{\phi }\) and thus \(\vdash _{ \textsf {sc}} \textsc {conf}_{G}\phi \wedge \textsc {disc}_{G}\phi \rightarrow \bot \).
For many practical purposes, we could close the confirmation and disconfirmation operators under conjunctions. But we refrain from doing so, to allow more modelling versatility.
We can provide a model theory for \(\vdash _{ \textsf {sc}}\) with very simple structures (we note \(\mathcal {P}(W)\) the set of subsets of a set W):
Definition 1
 1.
If \(X \in conf (w)(G)\) then \(X \in dabl (w)(G)\)
 2.
If \(X \in disc (w)(G)\) then \(X \not \in dabl (w)(G)\)

\(M, w \models _{ \textsf {sc}} p\) iff \(p \in V(w)\)

\(M, w \models _{ \textsf {sc}} \lnot \phi \) iff not \(M, w \models _{ \textsf {sc}} \phi \)

\(M, w \models _{ \textsf {sc}} \phi \wedge \psi \) iff \(M, w \models _{ \textsf {sc}} \phi \) and \(M, w \models _{ \textsf {sc}}\psi \)

\(M, w \models _{ \textsf {sc}} \textsc {can}_{G}\phi \) iff \({\phi }^{M} \in dabl (w)(G)\)

\(M, w \models _{ \textsf {sc}} \textsc {conf}_{G}\phi \) iff \({\phi }^{M} \in conf (w)(G)\)

\(M, w \models _{ \textsf {sc}} \textsc {disc}_{G}\phi \) iff \({\phi }^{M} \in disc (w)(G)\)
It is routine to prove that the logic \({ \textsf {sc}}\) is sound and complete wrt. the class of \({ \textsf {sc}}\)models (Chellas 1980).
Proposition 1
Let \(\phi \in L_{ \textsf {sc}}\). Then, \(\vdash _{ \textsf {sc}} \phi \) iff \(\models _{ \textsf {sc}} \phi \).
Effectively, the two constraints in Definition 1 correspond to imposing the static principle linking a confirmation in a world to a deemed ability in that world
and the static principle linking a disconfirmation in a world to an absence of deemed ability in that world.
The formula \(\lnot \textsc {conf}_{G}\phi \wedge \textsc {can}_{G}\phi \) is consistent in the static core logic. The static core theory is thus insufficient in that it does not explain why a group is deemed able. When it holds, the theory does not say how this deemed ability came to exist, and how it has been maintained before and until now. The theory does not say what this ability becomes after an acting entity is deemed able to do something. If it is not deemed able to do something, our theory does not say what it takes for it to be deemed able at a later stage.
As a matter of fact, we do not even have the means to talk about before and after in the static logic. We remedy this in the remainder of this section.
2.2 Linear untilsince logic
Definition 2
A flow of time is a tuple \(\langle {T,<}\rangle \) where T is a nonempty set of instants and < is a linear order over T. A model of time is a tuple \(F = \langle {T,<,g}\rangle \), where \(\langle {T,<}\rangle \) is a flow of time and g is a valuation function such that \(g(t) \subseteq \textsf {Prop}\) for all \(t \in T\).

\(M,t \models _{ \textsf {time}} p\) iff \(p \in g(t)\), when \(p \in \textsf {Prop}\)

\(M, t \models _{ \textsf {time}} \phi \mathcal {U}\psi \) iff there is an \(s \in T\) with \(t < s\) and \(M,s \models _{ \textsf {time}} \psi \) and for every \(u \in T\), if \(t< u < s\) then \(M,u \models _{ \textsf {time}} \phi \)

\(M, t \models _{ \textsf {time}} \phi \mathcal {S}\psi \) iff there is an \(s \in T\) with \(s < t\) and \(M,s \models _{ \textsf {time}} \psi \) and for every \(u \in T\), if \(s< u < t\) then \(M,u \models _{ \textsf {time}} \phi \)
\(\vdash _{ \textsf {time}}\)
[prop]  An axiomatisation of classical propositional logic 
[ltl1]  \(\vdash _{ \textsf {time}} \mathcal {G}(p \rightarrow q) \wedge (r \mathcal {U}p) \rightarrow (r \mathcal {U}q)\) 
[ltl2]  \(\vdash _{ \textsf {time}} \mathcal {H}(p \rightarrow q) \wedge (r \mathcal {S}p) \rightarrow (r \mathcal {S}q)\) 
[ltl3]  \(\vdash _{ \textsf {time}} \mathcal {G}(p \rightarrow q) \wedge (p \mathcal {U}r) \rightarrow (q \mathcal {U}r)\) 
[ltl4]  \(\vdash _{ \textsf {time}} \mathcal {H}(p \rightarrow q) \wedge (p \mathcal {S}r) \rightarrow (q \mathcal {S}r)\) 
[ltl5]  \(\vdash _{ \textsf {time}} p \wedge (r \mathcal {U}q) \rightarrow (r \mathcal {U}(q \wedge (r \mathcal {S}p)))\) 
[ltl6]  \(\vdash _{ \textsf {time}} p \wedge (r \mathcal {S}q) \rightarrow (r \mathcal {S}(q \wedge (r \mathcal {U}p)))\) 
[ltl7]  \(\vdash _{ \textsf {time}} q \mathcal {U}p \rightarrow (q \wedge (q \mathcal {U}p)) \mathcal {U}p\) 
[ltl8]  \(\vdash _{ \textsf {time}} q \mathcal {S}p \rightarrow (q \wedge (q \mathcal {S}p)) \mathcal {U}p\) 
[ltl9]  \(\vdash _{ \textsf {time}} (q \mathcal {U}(q \wedge (q \mathcal {U}p))) \rightarrow (q \mathcal {U}p)\) 
[ltl10]  \(\vdash _{ \textsf {time}} (q \mathcal {S}(q \wedge (q \mathcal {S}p))) \rightarrow (q \mathcal {S}p)\) 
[ltl11]  \(\vdash _{ \textsf {time}} ((q \mathcal {U}p) \wedge (s \mathcal {U}r)) \rightarrow (((q \wedge s) \mathcal {U}(p\wedge r)) \vee \) 
\(((q \wedge s) \mathcal {U}(p\wedge s)) \vee ((q \wedge s) \mathcal {U}(q\wedge r)))\)  
[ltl12]  \(\vdash _{ \textsf {time}} ((q \mathcal {S}p) \wedge (s \mathcal {S}r)) \rightarrow (((q \wedge s) \mathcal {S}(p\wedge r)) \vee \) 
\(((q \wedge s) \mathcal {S}(p\wedge s)) \vee ((q \wedge s) \mathcal {S}(q\wedge r)))\)  
[ltlr1]  If \(\vdash _{ \textsf {time}} \phi \) then \(\vdash _{ \textsf {time}} \mathcal {G}\phi \) 
[ltlr2]  If \(\vdash _{ \textsf {time}} \phi \) then \(\vdash _{ \textsf {time}} \mathcal {H}\phi \) 
The tense logic \({ \textsf {time}}\) is the minimal set of formulas closed under \(\vdash _{ \textsf {time}}\), presented on Table 2. Axioms ltl11 and ltl12 ensure that the time is linear. Axioms ltl7, ltl8, and ltl9 ensure that time is transitive. Xu (1988) showed that ltl10 is in fact redundant. An axiomatisation of the tense logic \({ \textsf {time}}\) is presented in Xu (1988). The following theorem is due to Burgess (1982), and Xu (1988).
Theorem 1
Let \(\phi \in L_{ \textsf {time}}\). Then, \(\vdash _{ \textsf {time}} \phi \) iff \(\models _{ \textsf {time}} \phi \).
2.3 Temporalisation
We now present the temporalisation of the static core logic of being deemed able with the untilsince logic.
Definition 3
A formula \(\phi \in L_{ \textsf {sc}}\) is a Boolean combination iff it is built up from other formulas by means of the Boolean connectives \(\wedge \) and \(\lnot \) or any other connectives defined in terms of those. A formula \(\alpha \in L_{ \textsf {sc}}\) is a monolithic formula iff it is not a Boolean combination.
Examples of Boolean combinations are \(\lnot p\), or \(\textsc {can}_{G_1}p \rightarrow \lnot \textsc {disc}_{G_2}q\). Examples of monolithic formulas are: p, \(\textsc {disc}_{G}(q \rightarrow p)\), or \(\textsc {can}_{G_1}(\textsc {conf}_{G_1}(p \vee q) \wedge \lnot \textsc {disc}_{G_2}q)\).
Following Finger and Gabbay (1992), we temporalise \({ \textsf {sc}}\) with \({ \textsf {time}}\), and obtain the logic system \({ \textsf {time}}({ \textsf {sc}})\). We need to define its language, proof theory, models, and model theory.

All the principles of \({ \textsf {time}}\), and

If \(\vdash _{ \textsf {sc}} \phi \) then \(\vdash _{{ \textsf {time}}({ \textsf {sc}})} \phi \), when \(\phi \in L_{ \textsf {sc}}\)
Definition 4
A model of \({ \textsf {time}}({ \textsf {sc}})\) is a tuple \(M_{{ \textsf {time}}({ \textsf {sc}})} = \langle {T,<,g}\rangle \) where \(\langle {T,<}\rangle \) is a flow of time, and g a function that maps every member of T into a pointed model (M, w), with \(M = \langle {W,dabl,evid,fals,V}\rangle \) an \({ \textsf {sc}}\)model and \(w \in W\).

\(M_{{ \textsf {time}}({ \textsf {sc}})},t \models \alpha \) iff \(g(t) \models _{ \textsf {sc}} \alpha \)
Figure 1 illustrates the temporalisation of the static core logic of being deemed able with the untilsince logic. At time t, the corresponding pointed \({ \textsf {sc}}\)model is \(g(t) =(M_s,w)\). The figure represents the fact that \({\phi }^{M_s} \in dabl (w)(G)\). It means that \(M_s, w \models _{ \textsf {sc}} \textsc {can}_{G}{\phi }\), and since \(\textsc {can}_{G}{\phi }\) is a monolithic formula, we also have that \(M,t \models _{{ \textsf {time}}({ \textsf {sc}})} \textsc {can}_{G}{\phi }\). For similar reasons, we also have that \(M,t \models _{{ \textsf {time}}({ \textsf {sc}})} \textsc {conf}_{G}{\psi }\), and \(M,t \models _{{ \textsf {time}}({ \textsf {sc}})} \textsc {can}_{G}{\psi }\). At time \(t'\), the corresponding pointed \({ \textsf {sc}}\)model is \(g(t') = (M'_s,w')\). The figure represents the fact that \({\phi }^{M'_s} \in disc (w')(G)\), and that \({\psi }^{M'_s} \in dabl (w')(G)\). We have that \(M,t \models _{{ \textsf {time}}({ \textsf {sc}})} \textsc {can}_{G}{\psi }\) and \(M,t \models _{{ \textsf {time}}({ \textsf {sc}})} \textsc {disc}_{G}{\phi }\).
Hence, when \(t \not = t'\), the pointed models g(t) and \(g(t')\) can be different (as exemplified in Fig. 1), but not necessarily so. In them, abilities, confirmations, and disconfirmations are possibly given different truth values, but not necessarily so. The models of \({ \textsf {time}}({ \textsf {sc}})\) do not impose any constraints. To the contrary, the models of deemed ability that we introduce in Sect. 2.4 will be models of \({ \textsf {time}}({ \textsf {sc}})\) satisfying specific temporal constraints about abilities, confirmations, and disconfirmations.
The following result is an immediate consequence of Proposition 1, Theorem 1 and the general completeness theorem of temporalisations due to Finger and Gabbay (Finger and Gabbay 1992, Th. 2.3):
Proposition 2
If \(\phi \in L_{{ \textsf {time}}({ \textsf {sc}})}\), \(\vdash _{{ \textsf {time}}({ \textsf {sc}})} \phi \) iff \(\models _{{ \textsf {time}}({ \textsf {sc}})} \phi \).
2.4 The core logic of being deemed able
In words, if G is not deemed able to do \(\phi \), then it will not be deemed able until a situation is reached that shows evidence of its deemed ability. Note the use of a weak “until” again. If this situation showing confirmation of deemed ability is ever reached, we shall have \(\textsc {can}_{G}\phi \) by axiom sc1.
Notice that we use here a standard “since” temporal operator \(\mathcal {S}\), as opposed to the weak “until” \(\mathcal {U}\) in the principles lbda1 and lbda2. By doing so, we commit our theory to the assumption that the existence of a deemed ability has to be grounded on confirmation. It rules out the possibility that it is a priori for some acting entity to be deemed able to bring about a contingent state of affairs. The first disjunction on the right hand of the implication captures the possibility that the current situation is one showing the pertinent evidence.
The models of deemed ability We can now constrain the models of the logic \({ \textsf {time}}({ \textsf {sc}})\) so as to satisfy the principles for the dynamic role of confirmation and of disconfirmation of ability. We define the models of deemed ability.
Definition 5
 C1
 If \(M,t \models _{{ \textsf {time}}({ \textsf {sc}})} \textsc {can}_{G}\phi \) then (i) there is \(t < t'\), such that \(M,t' \models _{{ \textsf {time}}({ \textsf {sc}})} \textsc {disc}_{G}\phi \) and \(M,t'' \models _{{ \textsf {time}}({ \textsf {sc}})} \textsc {can}_{G}\phi \) for all \(t< t'' <t'\), or (ii) for every \(t < t'\) we have \(M,t' \models _{{ \textsf {time}}({ \textsf {sc}})} \textsc {can}_{G}\phi \).
 C2
 If \(M,t \models _{{ \textsf {time}}({ \textsf {sc}})} \lnot \textsc {can}_{G}\phi \) then (i) there is \(t < t'\), such that \(M,t' \models _{{ \textsf {time}}({ \textsf {sc}})} \textsc {conf}_{G}\phi \) and \(M,t'' \models _{{ \textsf {time}}({ \textsf {sc}})} \lnot \textsc {can}_{G}\phi \) for all \(t<t'' < t'\), or (ii) for every \(t < t'\) we have \(M,t' \models _{{ \textsf {time}}({ \textsf {sc}})} \lnot \textsc {can}_{G}\phi \).
 C3
 If \(M,t \models _{{ \textsf {time}}({ \textsf {sc}})} \textsc {can}_{G}\phi \) then (i) \(M,t \models _{{ \textsf {time}}({ \textsf {sc}})} \textsc {conf}_{G}\phi \), or (ii) there is \(t' < t\), such that \(M,t' \models _{{ \textsf {time}}({ \textsf {sc}})} \textsc {conf}_{G}\phi \) and \(M,t'' \models _{{ \textsf {time}}({ \textsf {sc}})} \textsc {can}_{G}\phi \) for all \(t'<t''<t\).
We write \(\models _{{ \textsf {lbda}}}\phi \) when for every model of deemed ability \(M = \langle {T,<,g}\rangle \), and for every instant \(t \in T\), we have that \(M, t \models _{{ \textsf {time}}({ \textsf {sc}})} \phi \).
The logic of \({{ \textsf {lbda}}}\) is sound wrt. the class of models of deemed ability.
Proposition 3
If \(\vdash _{{ \textsf {lbda}}}\phi \) then \(\models _{{ \textsf {lbda}}}\phi \).
This is a simple consequence of Proposition 2 and the fact that the axiom lbda1 (resp. lbda2, lbda3) is sound in the class of models of \({ \textsf {time}}({ \textsf {sc}})\) with the constraint C1 (resp. C2, C3). Moreover, lbdar1 preserves validity: if \(\phi \) is true in every model of \({ \textsf {time}}({ \textsf {sc}})\) then it is true in every model of \({ \textsf {lbda}}\).
Notice that the constraints correspond to actual conditions on the frames, using the truth value of monolithic formulas (i.e., of formulas in \(L_{ \textsf {sc}}\)) as a shortcut.
To see that lbda1 (resp. lbda2, lbda3) is sound in the class of models of \({ \textsf {time}}({ \textsf {sc}})\) with the constraint C1 (resp. C2, C3), it suffices to spell out the truth condition of the axiom, and see that it corresponds to the constraint.
Interdependence of deemed ability and confirmation We say that \(\phi \) is true in a model of deemed ability\(M = \langle {T,<,g}\rangle \), when for every instant \(t \in T\), we have that \(M, t \models _{{ \textsf {time}}({ \textsf {sc}})} \phi \). To conclude this section, we verify the simple fact that a deemed ability never occurs in a model of deemed ability if a confirmation for it never occurs, and the other way around. Equivalently, a deemed ability occurs at some instant in a model of deemed ability if and only if a confirmation for this deemed ability occurs at some (possibly different) instant.
Proposition 4
\(\lnot \textsc {can}_{G}\phi \) is true in a model of deemed ability M iff \(\lnot \textsc {conf}_{G}\phi \) is true in M.
Suppose \(\lnot \textsc {can}_{G}\phi \) is true in a model of deemed ability \(M = \langle {T,<,g}\rangle \). Hence, \(\textsc {can}_{G}\phi \) is not true at any instant \(t \in T\). By constraint 1 of Definition 1, this means that \(\textsc {conf}_{G}\phi \) is also not true at any instant, and that \(\lnot \textsc {conf}_{G}\phi \) is true in M. Suppose \(\lnot \textsc {conf}_{G}\phi \) is true in M. Hence, \(\textsc {conf}_{G}\phi \) is not true at any instant \(t \in T\). Constraint C3 of Definition 5 makes sure that G is deemed able to do \(\phi \) only if a situation showing confirmation for it has occurred. Since \(\textsc {conf}_{G}\phi \) is not true at any instant, \(\textsc {can}_{G}\phi \) is also not true at any instance, and \(\lnot \textsc {can}_{G}\phi \) is true in M.
3 Example I: Mele’s general practical ability
Our core logic of being deemed able serves to explain the existence of a general ability extending over some period of time, based on occurrences of confirmations and disconfirmations. But it does not explain what confirmations and disconfirmations are. It is something that depends on a system designer’s choices. To illustrate the abstract framework, we first propose to temporalise the logic of bringingitaboutthat (Pörn 1977; Lindahl 1977), and more specifically, Elgesem’s extension with agents’ ability (Elgesem 1997; Governatori and Rotolo 2005). Effectively, we obtain a temporalised version of Mele’s simple abilities (Mele 2003) that are reminiscent of general practical abilities.
We keep the logic minimal. In Troquard (2014), more conceivable principles of agency and ability are discussed, and many are rejected. However, any sensible principle (e.g., exploiting the settheoretical relationships between the acting entities) can find its way into a formalization of a more precise particular domain.
We do not present the model theory. This is a straightforward extension of the semantics in the models of deemed ability. We present the extension of the proof theory that we economically signify with \(\vdash \) without index. That is, in what follows, for any formula \(\varphi \), we adopt \(\varphi \) as an axiom of an extension of the logic \({ \textsf {lbda}}\) by stating \(\vdash \varphi \).
3.1 Bringingitaboutthat
Bringing it about that
[b1]  \(\vdash \lnot E_G \top \) 
[b2]  \(\vdash E_G \phi \rightarrow \phi \) 
[b3]  \(\vdash E_G \phi \wedge E_G \psi \rightarrow E_G (\phi \wedge \psi )\) 
[br1]  If \(\vdash \phi \leftrightarrow \psi \) then \(\vdash E_G \phi \leftrightarrow E_G \psi \) 
The principles of the modality \(E_G\) are presented in the Table 3. By bringing about the truth of a certain proposition, an acting entity brings about the truth of all equivalent propositions (rule br1). Agency in BIAT reflects some responsibility for a state of affairs. It is stipulated that no acting entity brings about the tautologies (axiom b1). Agency requires achievement of results (axiom b2). Note that as a consequence, it is not possible for a group to bring about the impossible: \(\vdash \lnot E_G \bot \). Actions of acting entities aggregate (axiom b3). If at the same instant, an acting entity brings about two propositions, then it also brings the conjunction of these propositions. See some details in Pörn (1977), Elgesem (1997), and Herzig et al. (2018).
3.2 Mele’s abilities
Elgesem’s logic (1997) is an extension of BIAT with an elementary notion of ability. The modality \(\textsc {able}_{G}\phi \) reads that “G is able to bring it about that \(\phi \)”. Elgesem explains at length that when G brings it about that \(\phi \), the state of affairs \(\phi \) is one concerning a property towards which G has manifested its control. Thus an acting entity only brings about what it is capable of. It is expressed by the axiom \(E_G\phi \rightarrow \textsc {able}_{G}\phi \). This is exactly what Mele calls simple ability. He writes “an agent’s Aing at a time is sufficient for his having a simple ability to A at that time” (Mele 2003, p. 448). This is distinguished from an ability toAintentionally: “being able to A intentionally entails having a simple ability to A and the converse is false.” (Mele 2003, p. 448). A simple ability does not necessarily entail an intentional ability. There can be a simple ability without intention, as doing something, even by accident, is enough ground to have a simple ability.
A major criticism of BIAT is the absence of time, and Elgesem’s extension with abilities is no different. Although we have a means to infer an ability to \(\phi \) from an occurrence of \(\phi \)ing, this is of little significance since we cannot reason about what will become of the ability in the future; Elgesem’s system deals only with the present, not the future. Also, ability is only partially grounded, because it is consistent that \(\lnot E_G\phi \wedge \textsc {able}_{G}\phi \) and we cannot reason about past evidence; again, this system deals only with the present.
However, once integrated in our logic of deemed ability, the problems are easily overcome by grounding confirmations and disconfirmations. The resulting notion of ability is similar to what Mele calls general practical ability. It is an ability which “we attribute to agents even though we know they have no opportunity to A at the time of attribution and we have no specific occasion for their Aing in mind” (Mele 2006, p. 18).
3.3 Agency grounded confirmations
Mele says that if an agent \(\phi \)s, then this is enough to infer that this agent has a simple ability to \(\phi \). This is what the principle b4 (with axiom sc1) captures. This is not necessarily an intentional ability; for all we know the agent might have \(\phi \)ed by accident.
The logic extending \({ \textsf {lbda}}\) with the principles adopted so far is effectively a temporal extension of Elgesem’s logic of agency and ability.
3.4 Multiagency ground for confirmations
A principle analogous to b5 where the groups’ actions are not simultaneous would not be acceptable. (This could be represented, although indirectly, by the formula \(\textsc {can}_{G_1}\phi \wedge E_{G_2}\psi \rightarrow \textsc {conf}_{G_1 \cup G_2}(\phi \wedge \psi )\).) For example, if John brings it about that the light is on at one instant, and Mary brings it about that the light is off one hour later, it is obvious that there is no confirmation of the fact that John and Mary are together able to bring it about that the light is both on and off.
Naturally, other principles of confirmations of group ability can be considered depending on the intended application.
In Troquard (2014), to acknowledge the special character of a group without members, any ability of the empty group is rejected. This is stipulated by the formula \(\lnot \textsc {can}_{\emptyset }\phi \) which is adopted as an axiom. In our setting, we can adopt the principle \(\lnot \textsc {conf}_{\emptyset }\phi \), saying that no situation confirms that the empty group can bring about that \(\phi \). In virtue of Proposition 4, it would also imply that \(\lnot \textsc {can}_{\emptyset }\phi \) as a theorem.
In presence of groups of agents as sets, principles of monotonicity are natural candidates. Monotonicity of ability seems even reasonable in some circumstances: if a group G is deemed able to bring it about that \(\phi \), then every group \(G'\) containing G is also deemed able to bring it about that \(\phi \). With \(G \subseteq G'\), this could be represented by the formula \(\textsc {can}_{G}\phi \rightarrow \textsc {can}_{G'}\phi \). Although a more fundamental principle would be that if a situation confirms that G is able to bring it about that \(\phi \) then it also confirms that every group \(G'\) containing G is also deemed able to bring it about that \(\phi \). With \(G \subseteq G'\), this could be represented by the formula \(\textsc {conf}_{G}\phi \rightarrow \textsc {conf}_{G'}\phi \).
3.5 Attemptgrounded disconfirmations
3.6 A general life cycle of deemed abilities
 1.
If group G is not deemed able to do \(\phi \) at some time, \(\lnot \textsc {can}_{G}\phi \), axiom lbda2 makes sure that it is so until some confirmation occurs.
 2.
Suppose at some later time some acting entities \(G_1, \ldots , G_k\), where \(G = G_1 \cup \cdots \cup G_k\), bring about respectively \(\phi _1, \ldots \phi _k\) such that \(\vdash \phi _1 \wedge \cdots \wedge \phi _k \leftrightarrow \phi \). By axiom b5 and rule scr2 one can deduce \(\textsc {conf}_{G}\phi \).
 3.
By axiom sc1 one can deem G able to bring about \(\phi \): \(\textsc {can}_{G}\phi \).
 4.
By axiom lbda1, G will be deemed able to do \(\phi \) until some disconfirmation occurs.
 5.
Suppose that at some later time, G attempts to bring about \(\phi \) but does not actually bring it about, then by axiom b7 one can infer a disconfirmation: \(\textsc {disc}_{G}\phi \).
 6.
By axiom sc2, we infer that G is not deemed able to bring about \(\phi \): \(\lnot \textsc {can}_{G}\phi \), and the life cycle is back to step 1.
4 Example II: supervised management of deemed abilities
In the previous section we have introduced a few notions which allowed us to start grounding confirmations and disconfirmations. We obtained a formalisation of general practical abilities. Leaving the realm of philosophy, we propose further notions to account for when talking about deemed ability. In particular we will consider (i) supervised management, and (ii) agreements between a supervisor and an acting entity to accomplish a task before a specified deadline.
Managing deemed abilities in this setting is related to the problem of assessing trust about the ability of an agent or a group of agents to accomplish a task within a multiagent system (e.g., Castelfranchi et al. 2006; Wang and Singh 2010). In this section, we introduce a designated agent that we refer to as the manager of the system. The manager can bring it about that a group G is deemed able (within the system of which he is the manager) to bring it about that \(\phi \). This can be interpreted as the manager expressing his trust about the ability of the group G to bring about \(\phi \). Similarly, the manager can bring it about that a group G is not deemed able to bring it about that \(\phi \), effectively expressing his distrust about the ability of the group G to bring it about that \(\phi \).
4.1 Supervisiongrounded confirmations and disconfirmations
The logical theory so far leaves the concepts of confirmations and disconfirmations underspecified. This allows a more flexible management of deemed abilities. Virtually no real system involving natural agents is a fully autonomous platform. System managers always reserve themselves means to tweak the system to reflect managerial decisions that do not always follow the strict written rules—or logic—of the system.
Let us then assume a special agent \(\mathsf{m}\) that is the system manager, or acts on behalf of the system manager. We are not concerned with the nature of the manager. It can be a human being, the management team of a MASbased business, or a software agent.
ScenarioSuppose our rare media service repository is managed by\(\mathsf{m}\). If the manager learns that the service\(\sigma _3\)has ceased activity, he can report this information byinserting\(E_{\{\mathsf{m}\}} \lnot \textsc {can}_{G \cup \{\sigma _3\}}\phi \)into the system for every currently existing deemed ability\(\textsc {can}_{G \cup \{\sigma _3\}}\phi \), for every groupG. The rationale for considering every currently existing deemed ability of every group containing\(\sigma _3\)is that a group might be deemed able to bring about something but would need the participation of\(\sigma _3\)to do so. With\(\sigma _3\)out of business, the manager considers that the group\(G \cup \{\sigma _3\}\)cannot work together, and this deemed ability should be disconfirmed. Indeed, with axiom t2 it will count as a systematic and systemic disconfirmation.
Symmetrically with axiom t1, the manager can approve a new piece of specification \(\phi \) of a service \(\sigma _4\) by inserting \(E_{\{\mathsf{m}\}} \textsc {can}_{\{\sigma _4\}}\phi \) into the system. E.g., suppose \(\sigma _4\) is a vinyl record shop. They inform the manager that they received a few original copies of The Freewheelin’ Bob Dylan; \(\phi \) then stands for “sell The Freewheelin’ Bob Dylan”.
In general, using both modes of bringing it about that a coalition is deemed able to\(\phi \), and bringing it about that a coalition is not deemed able to\(\phi \), the manager can adjust the knowledge of the system to any desired change in service specifications.
4.2 Taskgrounded disconfirmations
Task negotiation and attribution are other managerial activities that may occur offplatform in an underspecified system concern. Attribution is worked out by the manager agent, based supposedly on the information contained in the system. Negotiation can follow an arbitrary negotiation protocol.
We can now describe mixed temporal properties of agreements, tasks, and disconfirmations.
ScenarioSuppose now that the service\(\sigma _2\)announces to\(\mathsf{m}\)that it changed its business model and is able to bring about that\(\phi \). We admit that manager\(\mathsf{m}\)trusts this information and thus brings it about, say at instantt, that\(\textsc {can}_{\{\sigma _2\}}\phi \). This counts as a confirmation\(\textsc {conf}_{\{\sigma _2\}}\phi \)by axiom t1. Suppose it is then agreed at instant\(t' > t\)for\(\sigma _2\)to do\(\phi \)before a reasonable\(\psi \): \(\textsc {agree}_{\{\sigma _2\}}(\phi ,\psi )\). So by axiom t4 and axiom b2, the service\(\sigma _2\)is tasked to do\(\phi \)before\(\psi \). \(\textsc {task}_{\{\sigma _2\}}(\phi ,\psi )\)holds at\(t'\), and will hold by axiom t6 until the deadline is reached or\(\sigma _2\)brings it about that\(\phi \), at which time the task will be dropped by axiom t3. Suppose that at the first eventual instant\(t'' > t'\)where\(\psi \)holds, it has not yet been the case that\(E_{\{\sigma _2\}}\phi \). So\(\textsc {disc}_{\{\sigma _2\}}\phi \)follows from axiom t7, and\(\lnot \textsc {can}_{\{\sigma _2\}}\phi \)follows by axiom sc2. By axiom lbda1, \(\textsc {can}_{\{\sigma _2\}}\phi \)held between\(t'\)and\(t''\).
5 Conclusions
The first contribution is a general framework to track, maintain and reason about the deemed ability of acting entities by taking into account past and future evidence: confirmations and disconfirmations (Sect. 2). The second contribution is a library of principles to ground these confirmations and disconfirmations. These principles permitted us to formalise the philosophically relevant notion of general practical ability (Sect. 3), and to tackle the practically relevant management of abilities in supervised systems (Sect. 4).
We concentrated on providing a rigorous formal foundation for the abstract framework and on providing some intuitions on how to put it to use with some sample instantiations.
As for now, in the proposed instantiations, deemed ability needs only one occurrence of actual agency to exist (axiom b5) and only one failed attempt (axiom b7) or failed task (axiom t7) to disappear. Beyond this first presentation, more realistic judgements about deemed ability could very easily be represented; both more sceptical of confirmation and less hasty in accepting disconfirmation. Quickly, however, we will be confronted with the difficulty of deciding how much evidence is enough to justify the confirmation or the disconfirmation of a deemed ability. There might not be a onesizefitsall solution that is philosophically correct. Nonetheless, a future extension could offer the possibility to parameterise the temporal models with numerical thresholds to fit specific practical domains.
Another extension would allow one to talk about abilities to bring about that a temporal statement, that is, that a temporal formula is true. As for now, the temporalisation and the temporal language \(L_{{ \textsf {time}}({ \textsf {sc}})}\) does not permit to write, say, \(\textsc {can}_{G}{\mathcal {F}(\phi \wedge \mathcal {F}\psi )}\) that would capture the fact that the group G is deemed able to bring about that eventually \(\phi \) holds and then that \(\psi \) holds at a later time. This calls for more expressive temporalisations such as in Finger and Gabbay (1996).
Formal reasoning about deemed ability is already possible with the proposed axioms. The various scenarios that illustrate the paper are examples of it. The ‘supposed’ events in the scenarios are systemic events recorded in the execution trace of the repository system. All the rest is inferred by the logical apparatus to discover new facts in a way that maintains the system’s coherence.
However, our contribution is hardly technical and the formal aspects are so far admittedly rather straightforward. The models describe the trace of a system and are particularly adapted to simulation. Algorithmic solutions will be a step forward towards using the framework for the actual tracking and management of abilities in multiagent systems.
Notes
Acknowledgements
This paper has benefited from the comments and suggestions of many readers and reviewers. I thank them all, as their comments have allowed me to greatly improve this article. I hope that I have responded to these reviews adequately. This work was supported by the Open Access Publishing Fund of the Free University of BozenBolzano.
References
 Alur, R., Henzinger, T. A., & Kupferman, O. (2002). Alternatingtime temporal logic. Journal of the ACM, 49(5), 672–713.CrossRefGoogle Scholar
 Ayers, M. R. (1968). The refutation of determinism. London: Methuen.Google Scholar
 Burgess, J. P. (1982). Axioms for tense logic. I. Since and until. Notre Dame Journal of Formal Logic, 23(4), 367–374.CrossRefGoogle Scholar
 Castelfranchi, C., Falcone, R., & Marzo, F. (2006). Being trusted in a social network: Trust as relational capital. In K. Stølen, W. H. Winsborough, F. Martinelli, & F. Massacci (Eds.), Trust management (pp. 19–32). Berlin: Springer.CrossRefGoogle Scholar
 Chellas, B. (1980). Modal logic: An introduction. Cambridge: Cambridge University Press.CrossRefGoogle Scholar
 De Giacomo, G., & Felli, P. (2010). Agent composition synthesis based on ATL. In Proceedings of AAMAS ’10 (pp. 499–506). IFAAMAS.Google Scholar
 Elgesem, D. (1997). The modal logic of agency. Nordic Journal of Philosophical Logic, 2(2), 1–46.Google Scholar
 Finger, M., & Gabbay, D. M. (1992). Adding a temporal dimension to a logic system. Journal of Logic, Language and Information, 1, 203–233.CrossRefGoogle Scholar
 Finger, M., & Gabbay, D. M. (1996). Combining temporal logic systems. Notre Dame Journal of Formal Logic, 37(2), 204–232.CrossRefGoogle Scholar
 Governatori, G., & Rotolo, A. (2005). On the axiomatisation of Elgesem’s logic of agency and ability. Journal of Philosophical Logic, 34, 403–431.CrossRefGoogle Scholar
 Herzig, A., Lorini, E., & Troquard, N. (2018). Action theories. In S. O. Hansson & V. F. Hendricks (Eds.), Introduction to formal philosophy (pp. 591–607). Cham: Springer International Publishing.CrossRefGoogle Scholar
 Kamp, H. (1971). Formal properties of now. Theoria, 37, 227–273.CrossRefGoogle Scholar
 Kenny, A. (1975). Will, freedom and power. Oxford: Blackwell.Google Scholar
 Lindahl, L. (1977). Position and change—A study in law and logic. Dordrecht: D. Reidel.CrossRefGoogle Scholar
 Mele, A. R. (2003). Agent’s abilities. Noûs, 37(3), 447–470.CrossRefGoogle Scholar
 Mele, A. R. (2006). Free will and luck. Oxford: Oxford University Press.CrossRefGoogle Scholar
 Pörn, I. (1977). Action theory and social science: Some formal models, Synthese library (Vol. 120). Dordrecht: D. Reidel.CrossRefGoogle Scholar
 Santos, F., Jones, A., & Carmo, J. (1997). Responsibility for action in organisations: A formal model. In G. HolmströmHintikka & R. Tuomela (Eds.), Contemporary action theory (Vol. 1, pp. 333–348). Alphen aan den Rijn: Kluwer.Google Scholar
 Troquard, N. (2014). Reasoning about coalitional agency and ability in the logics of bringingitabout. Autonomous Agents and MultiAgent Systems, 28(3), 381–407.CrossRefGoogle Scholar
 Wang, Y., & Singh, M. P. (2010). Evidencebased trust: A mathematical model geared for multiagent systems. ACM Transactions on Autonomous Adaptive Systems, 5(4), 14:1–14:28.CrossRefGoogle Scholar
 Xu, M. (1988). On some \(U, S\)tense logics. Journal of Philosophical Logic, 17(2), 181–202.CrossRefGoogle Scholar
Copyright information
Open AccessThis article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.