A Modeling Language to Model Norms
Karen Figueiredo and Viviane Torres da Silva*
Computer Science Department, Universidade Federal Fluminense (UFF)
Rua Passos da Pátria 156, Bloco E, 24210-240, Niterói, Brazil
Keywords: Norm, Modeling, Validation, Metamodel.
Abstract: Norms in multi-agent systems are mechanisms used to restrict the behavior of system entities during a
period of time by defining what the entities are obligated, permitted or prohibited to do and by stating
stimulus to their fulfillment by defining rewards and discouraging their violation by pointing out
punishments. In this paper we propose a modeling language called NormML that makes possible the
modeling of the norms together with its main properties and characteristics.
Norms are used to regulate the behavior of the
agents in open multi-agent systems (MAS) by
describing their obligations, permissions and
prohibitions. Norms can be defined at design time
together with the modeling of the system, or created
at runtime by agents that have the power to do so
(López y López, 2003). In this paper we focus on the
description of norms at design time. The modeling
of norms is an important part of the specification of
a system and should be treated as an essential task of
MAS design. Norms refer to actions and entities that
compose a system. So, the refinement of the system
may influence the norms and the definition of a new
norm will only be possible if the actions, agents and
roles being mentioned in the norm are being
considered in the system design.
Although there are many modeling languages
and notations, proposed by methodologies and
organizational models, that provide support to the
modeling of norms, there is still a need for an
approach that completely contemplates the main
properties and characteristics of a norm, i.e., the key
elements that compose a norm: deontic concept,
involved entities, actions, activation constraints,
sanctions and context.
In this paper we identify these elements by follo-
*The present work has been partially funded by the Brazilian research councils CNPq
under grant 135891/2009-4 and 303531/2009-6 and FAPERJ under grant E-
26/110.959/2009, and by the Spanish project “Agreement Technologies"
(CONSOLIDER CSD2007-0022, INGENIO 2010).
wing the premise that norms restrict the behavior of
system entities during a period of time and define the
sanctions applied when they are violated or fulfilled.
Such elements were found out after investigate ten
specification and implementation languages used to
describe and implement norms such as (García-
Camino et al., 2006; López y López, 2003; Silva,
2008; Vasconcelos et al., 2007).
It is the aim of the paper to present a normative
modeling language called NormML, which is an
extension of its preliminary version presented in
(Silva et al., 2010), to model the main elements that
compose the norms and to check the conflicts
between them. Due to the lack of space, in this paper
we focus only on the modelling of the norms.
The remainder of this paper is organized as
follows. Section 2 discusses the support given by the
modeling languages and the notations provided by
the methodologies and organizational models
analyzed to model the norm elements that we have
identified. Section 3 presents the normative
modeling language NormML. Finally, Section 4
concludes and presents some future work.
In this section, we analyze how MAS (i) modeling
languages: AML (Danc, 2008) and AORML
(Wagner, 2003); (ii) notations of methodologies:
Gaia (Zambonelli et al., 2003), O-MaSE (Garcia-
Ojeda et al., 2008), PASSI (Cossentino, 2005),
Figueiredo K. and Torres da Silva V..
Norm-ML - A Modeling Language to Model Norms.
DOI: 10.5220/0003179502320237
In Proceedings of the 3rd International Conference on Agents and Artificial Intelligence (ICAART-2011), pages 232-237
ISBN: 978-989-8425-41-6
2011 SCITEPRESS (Science and Technology Publications, Lda.)
Prometheus (Padgham and Winikoff, 2002),
ROADMAP (Juan et al., 2002), Secure Tropos
(Giorgini et al., 2006) and SODA (Omicini, 2001);
and (iii) organization models: MASQ (Ferber et al.,
2009), MOISE+ (Hübner et al., 2002) and OperA
(Dignum, 2004) support the modeling of norms and
its elements.
Deontic Concept: In multi-agent systems, concepts
of deontic logic (Meyer and Wieringa, 1991) have
been used to describe behavior restrictions for the
agents in the form of obligations (what the agent
must execute), permissions (what the agent can
execute) and prohibitions (what the agent cannot
execute). Most of modeling languages and
methodologies make available the deontic concept
of obligation in order to describe the actions that
agents must execute. Methodologies such as Secure
Tropos, SODA, Prometheus and the organization
model proposed in MOISE+ do only offer the
concepts of obligation and permission since they
consider that everything that is not permitted is
automatically prohibited. In the Secure Tropos
methodology the concept obligation can be
represented by the delegation relationship and the
concept of permission by the ownership and trust
relationships. NormML, different from the majority,
includes all the three deontic concepts (obligation,
permission and prohibition) to the modeling of
Involved Entities: Since norms are always defined
to restrict the behavior of entities, the identification
of such entities whose behavior is being restricted is
fundamental. A norm may regulate the behavior of
individuals (i.e., a given agent, or an agent while
playing a given role) or the behavior of a group of
individuals (i.e., all agents playing a given role,
groups of agents, groups of agents playing roles or
all agents in the system). All languages,
methodologies and organization models analyzed
propose a way to describe the entities to which the
norm applies. The majority provides support to
describe a norm for a particular agent playing a role.
But Gaia, PASSI and ROADMAP methodologies
and the MOISE+ organization model do not allow
the description of norms that apply to a group of
The Secure Tropos methodology also allows the
designer to describe the system itself as an entity and
to define norms that can be applied to the system as
a whole. By using NormML it is possible to describe
norms to individuals (agents or roles), groups of
individuals or all the entities of the system (see
Actions: Since a norm defines restriction over the
execution of entities, it is important to clearly
represent the action being regulated. Such actions
can be communicative ones, typically represented by
the sending and receiving of a message, or non-
communicative actions. In this paper we have not
taken into account norms applied to states. All the
modeling languages, methodologies and models
analyzed provide a way to restrict non-
communicative actions. In OperA, PASSI, MASQ,
Gaia and Secure Tropos it is also possible to restrict
communicative ones. NormML supports the
modeling of both kinds of actions, communicative
and non-communicative.
Activation Constraints: The norms have a period
during while they are active, i.e., during while their
restrictions must be fulfilled. Norms can be activated
by one constraint or a set of constraints that can be:
the execution of actions, the specification of time
intervals (before, after, between), the achievement of
systems states or temporal aspects (such as dates),
and also the activation/deactivation of another norm
and the fulfillment/violation of a norm. None of the
analyzed works supports the description of all the
kinds of activation constraints mentioned. By using
NormML all these activation constraints can be
Sanctions: When a norm is violated the entity that
has violated this norm may suffer a punishment and
when a norm is fulfilled the entity who has followed
the norm may receive a reward. Such rewards and
punishments are called sanctions and should be
described together with the norm specification. A
small number of languages and methodologies
consider that norms can be violated, and only few of
them provide a way for describing sanctions. The
AORML language assumes that commitments (or
obligations) between entities of the system can be
violated, and, as consequence, a sanction should be
applied. But the language does not offer a way to
describe this sanction. The organizational models
OperA, MASQ and MOISE+ consider that norms
can be violated, and, excluding MOISE+, they have
mechanisms to describe sanctions. The O-MaSE
methodology group norms in two kinds of policies:
law policies and guidance policies. Only the
guidance policies can be violated but there is not a
way to define sanctions for such violations. The
Gaia and PASSI methodologies express norms as
organization rules that cannot be violated, and so
there is no need to define a sanction mechanism.
None of the analyzed languages or methodologies
allows the description of rewards in case of the
Norm-ML - A Modeling Language to Model Norms
fulfillment of a norm. However, NormML support
the definition of both punishments and rewards.
Context: Norms are usually defined in a given
context that determines the area of its application. A
norm can, for instance, be described in the context of
a given environment and should be fulfilled only by
the agents executing in the environment or can be
defined in the context of an organization and
fulfilled only by the agents playing roles in the
organization. All languages, methodologies and
organizational models only define the norms in an
organizational context. Besides describing norms in
an organizational context, NormML also provides
the environmental context.
NormML is a UML-based modeling language for
the specification of norms that constraint the
behavior of MAS entities. The choice for UML as
metalanguage allows for an easy integration of
NormML with other MAS modeling languages also
based in UML such as AUML (Odell, 2000), AML
(Danc, 2008) and MAS-ML (Silva et al., 2008).
NormML was designed with the view that norm
specification in MAS design and security policy
specification in role-based access control (RBAC)
(Ferraiolo et al., 2007) design are closely coupled
issues. RBAC security policies specify the
permissions that a user has under a given role, while
trying to access system resources. In MAS we
specify the norms that regulate the behavior (or
actions) of a role, an agent or an agent playing a
given role. The metamodel of the current version is
detailed in Section 3.1 and some of the invariants
that garantees the well-formedness of a norm are
presented Section 3.3.
3.1 Metamodel
A norm corresponds to an instance of the NormML
metamodel, i.e., it is defined by instantiating several
metaclasses and their relationships. In this section,
we present the NormML metamodel focusing in the
definition of the main elements that compose a
norm. The whole picture of the NormML metamodel
is available in
Deontic Concept: A norm is either an obligation
(represented by the metaclass NormObligation), a
permission (represented by the metaclass (NormPer-
mission) or a prohibition (represented by the
metaclass NormProhibition), as illustrated in Figure
Figure 1: Deontic concept and involved entities related
metaclasses at the NormML Metamodel.
Involved Entities: In the preliminary version of the
language, a norm could only be described to regulate
the behavior of Agents, the behavior of all agents
that play a given Role, or the behavior of a specific
agent when it is playing a given role, captured by the
Agent<->Role relationship. Nowadays, it is also
possible to define a norm to a group of agents by
using the metaclass Organization (as pointed up in
Figure 1).
Actions: NormML inherits four resource kinds from
SecureUML (Basin et al., 2009): Attribute, Method,
Entity and AssociationEnd. It extends the set of
resources with agent and roles’ actions represented
by the metaclass AgentAction and with roles’
messages represented by the metaclass Message that
is part of a communication protocol of a role
(Protocol metaclass).
Thus, it is possible to describe norms to control the
access to attributes, methods, objects and association
ends, to control the execution of the actions of
agents and roles, and also to control the sending and
the receiving of messages by roles (Figure 2). Each
resource kind has a set of actions that can be used to
control the access to the resource. For instance, in
the case of restrictions applied to actions of agents
and roles (AgentAction metaclass), the behavior that
must be used is the execution of the action
(AtomicExecute). Note that AgentAction is the
resource and AtomicExecute is the action being used
to control or restrict the access to the resource.
Activation Constraints: The preliminary version of
NormML allows for the specification of the time
period that a norm is active based on the execution
ICAART 2011 - 3rd International Conference on Agents and Artificial Intelligence
Figure 2: Actions related metaclasses at the NormML Metamodel.
of actions. The language was extended to define
activation constraints also based on the definition of
dates and predicates (i.e., values associated with
attributes), as shown in Figure 3. The activation
constraints are represented by the metaclass
If a norm is conditioned by a Before/After clause, it
means that the norm is active before/after the
execution of the action(s) and/or the achievement of
the date(s) described in the Before/After clause. In
the case of a Between clause, the norm is only active
during the period delimited by two groups of actions
and dates. In the case of a norm conditioned by an If
clause, the norm is only active when the value(s) of
the attribute(s) described in the If clause is (are)
Sanctions: The current version of NormML
supports for the description of sanctions (Sanction
metaclass) to the norms, as shown in Figure 4. A
sanction may be a reward applied when the norm is
fulfilled (by instantiating the metaclass Reward) or a
punishment applied when the norm is violated (by
instantiating the metaclass Punishment). A sanction
can activate other norms to restrict the behavior of
some particular entities. For instance, in case an
agent violates a norm, another norm is activated to
prohibit the agent of executing a particular action
(see norms N1 and N2 in Figure 5 for an example).
Context: The recent version of NormML makes
possible the definition of norms in two different
contexts, as illustrated in Figure 4: Organization and
Environment. Organizations define roles played by
agents and both organizations and agents inhabit
Figure 3: Activation constraints related metaclasses at the
NormML Metamodel.
Figure 4: Sanction and context related metaclasses at the
NormML Metamodel.
3.2 Modeling Norms with NormML
In order to exemplify our approach, we define two
norms of a simplified version of a web store. The
Norm-ML - A Modeling Language to Model Norms
web store is being modeled as an organization that
inhabits the market place environment and defines
two roles to be played by the agents: seller or buyer.
The sellers of the web store can advertise goods
while the buyers can buy the goods that are
announced on the store by the sellers. Figure 5
shows the model of the norms N1 and N2 by
instantiating the classes of the NormML metamodel.
Sellers are obliged, in the context of the
organization WebStore that inhabits the environment
MarketPlace, to give the good to the buyer after the
given buyer pay for it. Norm N1 states an obligation
(deontic concept) to the sellers (involved entities) of
the organization WebStore (context) to give the
good to the buyer (an atomicExecute of an
AgenAction) after the given buyer pay for it
(activation constraint).
(Punishment) Sellers are prohibited, in the
context of the organization WebStore that inhabits
the environment MarketPlace, to advertise goods.
Norm N2 applies a punishment (sanction), if a seller
violates N1, N2 states to the given seller (related
entity) a prohibition (deontic concept) to advertise
goods (an atomicExecute of an AgenAction).
For the norm N1 we have specified a sanction (norm
N2) the seller should receive if it violates the norm.
Note that this sanction is also a norm that is
activated when the related norm N1 is violated.
3.3 Validating the Norms
The process of validating a norm encompasses two
steps. First, the norm, as an instance of the NormML
metamodel, is checked according to the invariants of
the metamodel. The invariants check if the norm is
well-formed according to the metamodel
specification. The second step checks if any given
two norms are in conflict. Second, it is important to
check for conflicts among norm. This paper focuses
on the first step.
The current version of NormML has a set of
operations described in OCL to check the invariants
of the norms. Not all the norms that can be
instantiated from the metamodel are well-formed.
Below we describe two examples of well-formed
rules of the NormML metamodel. Those were
chosen since they discuss some of the new elements
included in the actual version of the language.
The action to be executed by an entity that is
defined in the before clause of a between cannot also
be defined in the after clause of such Between to be
executed by the same entity in the same context. If
the actions in the before of a Between and in the
after of a Between are the same, are related to the
same entity (an agent, a role or an agent playing a
role) and executed in the same context, this situation
does not constitute a time period, but a moment in
the time.
If the norm applied to an entity is
constrained by an If whose condition is the value of
an attribute, the entity of the norm must have
permission to read this attribute. The entity related
to a norm that states an If constraint must be able to
read the attribute associated to the constraint (by a
permission of read or full access to the Attribute or
to the Entity which the attribute belongs), otherwise
the entity will not be capable of knowing when the
norm is active.
In this paper we presented the normative modeling
language NormML by emphasized the contributions
Figure 5: Norm N1 and N2.
ICAART 2011 - 3rd International Conference on Agents and Artificial Intelligence
of the language when compared with other modeling
languages and notations used by methodologies and
organization models. With the preliminary version
of NormML (Silva et al., 2010) it was possible (i) to
model permissions, prohibitions and obligations; (ii)
to regulate the behavior of agents and roles; (iii) to
define norms that restrict the execution of non-
dialogical actions; (iv) to define activation
constraints based on the execution of actions. By
using the current version of NormML it is also
possible (i) to model norms associated with different
contexts; (ii) to regulate the behavior of groups of
individuals (or organizations); (iii) to define norms
that restrict the execution of dialogical actions; (iv)
to define activation constraints based on the
definition of deadlines and predicates (values
associated with attributes); and (v) to define
sanctions associated with the norms. We are in the
process of extending the language to define norms
that restrict the achievement of states. It is our aim to
develop a graphical tool for modeling and validating
norms using NormML.
Basin, D., Clavel, M., Doser, J. and Egea, M. 2009.
Automated analysis of security-design models. Inf.
Software Technology, 51(5), pp: 815—831.
Clavel, M, Silva, V., Braga, C. and Egea, M. 2008. Model-
driven security in practice: an industrial experience. In
Proc. 4th European Conf. on MDA, pp: 326-337.
Cossentino, M. 2005. From requirements to code with the
PASSI methodology. In Agent-oriented Methods, Idea
group, pp. 79-106.
Danc, J. 2008. Formal specification of AML. Department
of Computer Science, Comenius University, Master’s
Thesis, Advisor: Mgr. Bratislava.
Dignum, V. 2004. A model for organizational interaction:
based on agents, founded in logic. PhD dissertation,
Universiteit Utrecht, SIKS dissertation series 2004-1.
Ferber, J., Stratulat, T. and Tranier, J. 2009. Towards an
integral approach of organizations: the MASQ
approach in multi-agent systems. In MAS: Semantics
and Dynamics of Org. Models, IGI.
Ferraiolo, D. F., Kuhn, D. R. and Chandramouli, R. 2007.
Role-based access control. Artech House Publishers.
García-Camino, A., Rodríguez-Aguilar, J., Sierra, C and
Vasconcelos, W. 2006. Norm-oriented programming
of electronic institutions. In Proc. 5th AAMAS, ACM
Press, pp. 670-672.
Garcia-Ojeda, J., DeLoach, S., Robby, O. and Valenzuela,
J. 2008. O-MaSE: a customizable approach to
developing multiagent development processes. In
AOSE VIII, LNCS 4951, Springer, pp.1-15.
Giorgini, P., Mouratidis, H. and Zannone, N. 2006.
Modelling security and trust with Secure Tropos. In
Integrating Security Soft.Eng.: Advances and Future
Hübner, J. F., Sichman, J. S. and Olivier, B. 2002. A
model for the structural, functional and deontic
specification of organizations in multiagent systems.
In Proc. 16th SBIA, LNAI 2507.
Juan, T., Pierce, A. and Sterling, L. 2002. ROADMAP:
extending the Gaia methodology for complex open
systems. In Proc. 1st AAMAS, pp. 3-10, ACM Press.
Kagal, L. and Finin, T. 2005. Modeling Conversation
Policies using Permissions and Obligations. In van
Eijk, R., Huget, M., Dignum, F., eds.: Developments in
Agent Communication. Volume 3396 of LNCS.,
Springer (2005) 123–133.
López y López, F. 2003. Social power and norms: impact
on agent behavior. PhD thesis, Univ. of Southampton,
Department of Electronics and Computer Science.
Meyer, J. J. and Wieringa, R. J. 1991. Deontic logic in
computer science: normative system specification.
John Wiley and Sons.
Molesini, A., Denti, E. and Omicini, A. 2009. RBAC-
MAS & SODA: experimenting RBAC in AOSE
engineering societies in the agents world. LNCS 5485.
Odell, J., Parunak, H. and Bauer, B. 2000. Extending
UML for agents. In Proc. Agent-Oriented Information
Systems Workshop at National Conf. of AI, pp. 3-17.
Omicini, A. 2001. SODA: societies and infrastructures in
the analysis and design of agent-based systems. In
Agent-Oriented Software Engineering, LNCS 1957.
Oren, N., Luck, M., Miles, S. and Norman, T. J. 2008. An
argumentation inspired heuristic for resolving
normative conict. In Proc. of The Fifth COIN
Workshop, 41–56, Estoril, Portugal.
Padgham, L. and Winikoff, M. 2002. Prometheus: a
methodology for developing intelligent agents. In
Proc. of Agent-Oriented Software Engineering
Workshop, pp. 174-185.
Silva, V. 2008. From the specification to the
implementation of norms: an automatic approach to
generate rules from norms to govern the behaviour of
agents. In IJAAMAS, Special Issue on Norms in Multi-
Agent Systems, (17)1, pp. 113-155.
Silva, V., Choren R. and Lucena, C. 2008. MAS-ML: a
multi-agent system modelling language. In IJAOSE,
Modeling Lang. for Agent Systems,(2)4, pp.382-421.
Silva, V, Braga, C. and Figueiredo, K. 2010. A Modeling
Language to Model Norms. In Workshop on
Coordination, Organization, Institutions and Norms in
agent systems (COIN 10) at AAMAS10, pp. 25-32.
Vasconcelos, W., Kollingbaum, M. and Norman, T. 2007.
Resolving conflict and inconsistency in norm-
regulated virtual organizations. In Proc. AAMAS’07.
Wagner, G. 2003. The Agent-Object-Relationship meta-
model: towards a unified view of state and behavior.
Information Systems, 28(5), pp. 475–504.
Zambonelli, F., Jennings, N. R. and Wooldridge, M. J.
2003. Developing multiagent systems: the Gaia
methodology. ACM TSEM, 12(3):417-470.
Norm-ML - A Modeling Language to Model Norms