There is growing interest in distributed systems and architectures whose components are autonomous social parties such as humans and organisations. The parties in such systems interact with each other via their software agents for the purposes of exchanging information and services. The interactions normally take the form of conversations (as opposed to invocations) realised over asynchronous messaging. Naturally, a crucial area of study for computer science and software engineering is the specification and enactment of interaction protocols, that is, the rules of encounter by which parties in the system would interact. Considered as such, the notion of protocol represents a generalisation of the notion of "contract" advocated in Design by Contract approaches. A key question concerns the nature of contracts. Work in areas such as concurrency and Web services, has predominantly conceptualised protocols in terms of message ordering and occurrence constraints that must be respected by the parties' agents. We refer to such protocols as messaging protocols. Although messaging protocols serve the important purpose of distributed coordination, considered as contracts, they are too low-level for multiagent settings of autonomous parties. Specifically, they do not capture social constraints such as the commitments that are binding on the parties in the interaction. This gap represents a substantial opportunity. In real life, commitments in fact represent the atoms of what people normally understand as contracts. Commitments accommodate the balance between, on the one hand, autonomy and flexibility, and, on the other hand, correct behaviour. Commitment specifications capture stakeholder requirements in multiparty domains. Further, the states of commitments underlie most key performance indicators (KPIs) that stakeholders are interested in any multiagent domain. Work in commitment protocols in multiagent systems has made progress in developing computational abstractions for commitments. However, important challenges related to expressiveness and distributed enactment of commitment protocols have not even been adequately formulated, let alone tackled. Ensuring correct distributed enactment for expressive commitment protocols is crucial to realising the full value of commitments as a human-level architectural abstraction. The broad objective of Turtles is to bring commitment-based contracts to distributed computing. This project develops foundational theory, software, and methodology for building commitment-based distributed systems. To encourage wider adoption, the project will embed the algorithms in prototypes, and develop a tool-supported methodology for specifying and implementing social protocols. Further, Turtles will develop real systems based on use cases and practices from a number of industrial partners and evaluate these systems based on their feedback. The success of Turtles will enable capturing important subtleties of real-life social and business interactions and transform how we design software systems for crucial multiparty domains such as healthcare, disaster response, smart cities, banking, education, and e-commerce and e-business, where commitments are crucial.

There is growing interest in distributed systems and architectures whose components are autonomous social parties such as humans and organisations. The parties in such systems interact with each other via their software agents for the purposes of exchanging information and services. The interactions normally take the form of conversations (as opposed to invocations) realised over asynchronous messaging. Naturally, a crucial area of study for computer science and software engineering is the specification and enactment of interaction protocols, that is, the rules of encounter by which parties in the system would interact. Considered as such, the notion of protocol represents a generalisation of the notion of "contract" advocated in Design by Contract approaches. A key question concerns the nature of contracts. Work in areas such as concurrency and Web services, has predominantly conceptualised protocols in terms of message ordering and occurrence constraints that must be respected by the parties' agents. We refer to such protocols as messaging protocols. Although messaging protocols serve the important purpose of distributed coordination, considered as contracts, they are too low-level for multiagent settings of autonomous parties. Specifically, they do not capture social constraints such as the commitments that are binding on the parties in the interaction. This gap represents a substantial opportunity. In real life, commitments in fact represent the atoms of what people normally understand as contracts. Commitments accommodate the balance between, on the one hand, autonomy and flexibility, and, on the other hand, correct behaviour. Commitment specifications capture stakeholder requirements in multiparty domains. Further, the states of commitments underlie most key performance indicators (KPIs) that stakeholders are interested in any multiagent domain. Work in commitment protocols in multiagent systems has made progress in developing computational abstractions for commitments. However, important challenges related to expressiveness and distributed enactment of commitment protocols have not even been adequately formulated, let alone tackled. Ensuring correct distributed enactment for expressive commitment protocols is crucial to realising the full value of commitments as a human-level architectural abstraction. The broad objective of Turtles is to bring commitment-based contracts to distributed computing. This project develops foundational theory, software, and methodology for building commitment-based distributed systems. To encourage wider adoption, the project will embed the algorithms in prototypes, and develop a tool-supported methodology for specifying and implementing social protocols. Further, Turtles will develop real systems based on use cases and practices from a number of industrial partners and evaluate these systems based on their feedback. The success of Turtles will enable capturing important subtleties of real-life social and business interactions and transform how we design software systems for crucial multiparty domains such as healthcare, disaster response, smart cities, banking, education, and e-commerce and e-business, where commitments are crucial.

Communication is not only an essential organisation principle for emerging large-scale distributed applications, such as those for e-Commerce, e-Science, e-Healthcare and financial technology (FinTech): it is also an effective way to use computational resources, such as microservices and manycore chips. In this new paradigm, communication and concurrency are the norm in software development rather than a marginal concern, enabling architects and programmers to harness the power of hundreds or even thousands of concurrent processes interacting through *message passing*. However, for this paradigm there is no well-established methodology for software development with safety and security gurantee based on clear and mathematically accurate criteria on its behaviour. This leaves uncertainty on the correctness of the construction of distributed infrastructure. The aim of this fellowship is to establish general and practical foundations for safety enforcement of communication-intensive concurrent and distributed applications, building on a general theory of *multiparty session types*. Communications in a distributed application are commonly organised into multiple structured conversations (*protocols*) where a developer or programmer wishes to enforce *observabilities* of system behaviours to follow a safety and security criteria given by a protocol. Here *observability* of systems behaviours means a visible sequence of message exchanges with more complex information such as dependency of data, secure information, cost and timing of communications. In the multiparty session types, an end-point system properly carries out its responsibility, so that observable systems behaviours as a whole obey an agreed-upon protocol. Multiparty session types articulate the basic dynamics in a respective computing paradigm, thus serving as a foundation for modelling, specification, verification, systematic testing and certification, enhanced with other methods such as monitoring and logical assertions. This fellowship aims to fulfil this potential of multiparty session types as types for communication by carrying out experiments. To achieve this goal, the following technical objectives have been identified: 1. The establishment of a uniform type theory for multiparty session types capturing a full range of application-level protocols based on behavioural theory and game semantics, as a foundation of the whole methodology. 2. The establishment of a dependent and refinement type theory of specifications and verifications; and of a scalable algorithm to verify safety and security properties based on automata theory. 3. The development and release of an open-source toolchain, based on (1,2), combined with Application Programming Interface (API) and with industry tools. 4. A theoretically well-founded architecture which can efficiently monitor, trace, log and enforce correct observational behaviour against specifications written in (3). 5. Experiments through collaboration with academic and industry partners, realising formal safety and security assurance against advanced protocols for real-world applications, including multi robotics/UAVs, financial and healthcare systems. Throughout the research programme, an active and extensive dialogue between theories (1,2) and practice (3,4,5) will be the key enabler for reaching the goals of the fellowship, ultimately establishing cross-disciplinary and co-created ICT research. The project also links assurance methodologies based on session types to the standardisation for Cloud Computing (Cloud Native Computing Foundation) and to the public regulatory requirements for the documentation of financial and e-Healthcare protocols, meeting the goals of People at the Heart of ICT.

Communication is not only an essential organisation principle for emerging large-scale distributed applications, such as those for e-Commerce, e-Science, e-Healthcare and financial technology (FinTech): it is also an effective way to use computational resources, such as microservices and manycore chips. In this new paradigm, communication and concurrency are the norm in software development rather than a marginal concern, enabling architects and programmers to harness the power of hundreds or even thousands of concurrent processes interacting through *message passing*. However, for this paradigm there is no well-established methodology for software development with safety and security gurantee based on clear and mathematically accurate criteria on its behaviour. This leaves uncertainty on the correctness of the construction of distributed infrastructure. The aim of this fellowship is to establish general and practical foundations for safety enforcement of communication-intensive concurrent and distributed applications, building on a general theory of *multiparty session types*. Communications in a distributed application are commonly organised into multiple structured conversations (*protocols*) where a developer or programmer wishes to enforce *observabilities* of system behaviours to follow a safety and security criteria given by a protocol. Here *observability* of systems behaviours means a visible sequence of message exchanges with more complex information such as dependency of data, secure information, cost and timing of communications. In the multiparty session types, an end-point system properly carries out its responsibility, so that observable systems behaviours as a whole obey an agreed-upon protocol. Multiparty session types articulate the basic dynamics in a respective computing paradigm, thus serving as a foundation for modelling, specification, verification, systematic testing and certification, enhanced with other methods such as monitoring and logical assertions. This fellowship aims to fulfil this potential of multiparty session types as types for communication by carrying out experiments. To achieve this goal, the following technical objectives have been identified: 1. The establishment of a uniform type theory for multiparty session types capturing a full range of application-level protocols based on behavioural theory and game semantics, as a foundation of the whole methodology. 2. The establishment of a dependent and refinement type theory of specifications and verifications; and of a scalable algorithm to verify safety and security properties based on automata theory. 3. The development and release of an open-source toolchain, based on (1,2), combined with Application Programming Interface (API) and with industry tools. 4. A theoretically well-founded architecture which can efficiently monitor, trace, log and enforce correct observational behaviour against specifications written in (3). 5. Experiments through collaboration with academic and industry partners, realising formal safety and security assurance against advanced protocols for real-world applications, including multi robotics/UAVs, financial and healthcare systems. Throughout the research programme, an active and extensive dialogue between theories (1,2) and practice (3,4,5) will be the key enabler for reaching the goals of the fellowship, ultimately establishing cross-disciplinary and co-created ICT research. The project also links assurance methodologies based on session types to the standardisation for Cloud Computing (Cloud Native Computing Foundation) and to the public regulatory requirements for the documentation of financial and e-Healthcare protocols, meeting the goals of People at the Heart of ICT.