Security WORKPLAN 2000
Edited by Bernard Burg
The objective of this workplan is to create a FIPA specification on security, that works in the framework of a concrete architecture and tackles the security issues faces by Agent Technology
The FIPA 98 Security specs made table of problems/solutions. This document is a valuable starting point to go further and deploy the security into the FIPA architecture.
Insure security for:
· agent management,
· life cycle management,
· registration,
· agent platforms,
· agent-agent interaction,
· user-agent interaction and
· agent mobility.
A new security specification, mapped to the FIPA architecture.
No clear plan established yet, this workplan needs additional backing from members.
Security is a key issue for the deployment of agent technology, in particular in the field of E-Commerce. This workplan answers a need expressed by many FIPA members.
The following dependencies have been identified:
1. FIPA Security Management 98
EPFL Monique Calisti Committed
Imperial College, Stefan Poslad Committed
Call for proposal, to be emitted in Lisbon
3.4.1 Introduction
FIPA considers of enhancing the Agent Security specification by putting it into the perspective of both – the architecture of FIPA99 and the existing specifications of FIPA98 -.
FIPA invites proposals answering some of these security requirements by existing techniques as the ones quoted in the FIPA 98 Security specification.
3.4.2 Scope
Security risks exist in various domains including:
· agent management,
· life cycle management,
· registration,
· agent platforms,
· agent-agent interaction,
· user-agent interaction and
· agent mobility.
Some of these security risks have been identified and will be addressed by existing counter measures that are well known and suitable for inclusion in the FIPA 99 Security Framework.
There are still agent specific security risks that so far have not been identified. For example, the paradigm of non-deterministic autonomous collaborating agents gives rise to new security risks comparable to security risks in social societies for which common security measures currently do not exist. These risks need further be identified and explored.
This call is an attempt to further identify and explore security risks specific to the deployment of Agents and the use of security inside applications. In particular, FIPA believes that several security levels may be required on demand by an application, at a first glance three levels of security would benefit applications:
· Authentication
· Secure communication
· Digital signatures
Submission of proposals should ideally take the form of scenarios and use cases.
The FIPA2000 specification will define a normative framework for addressing agent security risks. This framework will represent the minimal set of technologies required and must be complementary to the existing FIPA 98 (part 1) specification. Wherever possible it will refer to existing standards and solutions in this area.
3.4.3 Topics
The following are divided between normative topics (i.e. those areas where FIPA wishes to mandate the use of its technology) and informative topics (i.e. areas where background information or clarification of issues is required).
3.4.3.1 Normative Topics
· Minimum set of required primitive agent security operations (e.g authentication, encryption)
· Management of security in agent systems, (i.e. security policies, key management)
· Auditing, traceability, security policies and the role of Trusted Third Parties and Certificate Authorities.
· Ontology for agent security (e.g. encryption standards, certificates).
· Relation to other FIPA Specifications, in particular FIPA 98: Parts 1,2,11
· Required Security Protocols (cf. FIPA 98 part 10)
3.4.3.2 Informative Topics
· Security scenario in case of electronic commerce.