Sustainable approaches to ad-hoc information sharing for virtual organizations

A virtual organization (VO) is a group of organizations that have banded together to achieve a common goal. Often a VO could function more effectively if its members were willing to share certain information with one another. However, some of the information may be sensitive, and a typical VO member will not want to share its own information with others, because the member will not benefit directly from the information's reuse, yet will be blamed if the reuse turns out badly. Many of the challenges in trying to encourage VO members to share information have roots in traditional approaches to authorization, which try to eliminate risk for individual VO members, rather than maximize VO productivity while bounding risk. In this thesis, we explore two approaches for VOs to encourage ad-hoc information sharing in an economically sustainable manner without taking on excessive risk. These two approaches can be mixed and matched as appropriate for a particular VO. The first approach, portfolio optimization, maximizes the VO's benefits from sharing, while bounding the volatility (risk) associated with those benefits. This framework addresses two core problems not handled by prior work. The first is to account for VOs with different decision making styles characterized by a risk aversion index. In the second approach, insured access, the VO uses an insurance scheme to reimburse damages to VO members attributable to sharing their own information. We show how to estimate the risk associated with an insured access, i.e., the probability distribution of future damages to the VO member providing the information. We also show how reinsurance can cap the risk associated with rare events, and propose profit-sharing and fee-for-service schemes to ensure that information providers directly benefit from insured access. Because human decision-makers are influenced by many factors other than the mathematical formulations that underlie insured access, we conducted experiments with humans through a crowd-sourcing service. Our experiments found that over half of the participants chose to use insured access to obtain information that was highly likely to significantly improve their performance in a simulated supply chain scenario, even though the price of the insurance required for the access was subjectively high. We also found that three-quarters of all information producers in our experiments agreed to share sensitive information about their business with insured access when simple administrative procedures, straightforward accountability for and recognition of harm in the rare cases where it does occur, appropriate compensation levels for harm, and attractive profit-sharing are in place. This suggests that insured access can benefit a VO, even when human decisions are involved