Security WORKPLAN 2000

Edited by Bernard Burg


1          An objective for the work plan


The objective of this workplan is to create a FIPA specification on security, that works in the framework of a concrete architecture and tackles the security issues faces by Agent Technology

2          The technology and functionality

2.1          Technology

The FIPA 98 Security specs made table of problems/solutions. This document is a valuable starting point to go further and deploy the security into the FIPA architecture.

2.2          Functionality

Insure security for:

·         agent management,

·         life cycle management,

·         registration,

·         agent platforms,

·         agent-agent interaction,

·         user-agent interaction and

·         agent mobility.

3          The specification generated by this work plan

A new security specification, mapped to the FIPA architecture.

4          The plan to accomplish the work

No clear plan established yet, this workplan needs additional backing from members.

5          A vision for future work in this or related areas

Security is a key issue for the deployment of agent technology, in particular in the field of E-Commerce. This workplan answers a need expressed by many FIPA members.

6          An analysis of dependencies on other FIPA work plans, external standards work, industry events, and other factors


The following dependencies have been identified:


1.                    FIPA Security Management 98


7          A list of FIPA members and other organizations supporting the plan, together with their degree of commitment.


EPFL                                       Monique Calisti                                    Committed

Imperial College,   Stefan Poslad                                        Committed


Call for proposal, to be emitted in Lisbon


3.4.1 Introduction

FIPA considers of enhancing the Agent Security specification by putting it into the perspective of both – the architecture of FIPA99 and the existing specifications of FIPA98 -.


FIPA invites proposals answering some of these security requirements by existing techniques as the ones quoted in the FIPA 98 Security specification.


3.4.2 Scope

Security risks exist in various domains including:

·         agent management,

·         life cycle management,

·         registration,

·         agent platforms,

·         agent-agent interaction,

·         user-agent interaction and

·         agent mobility.


Some of these security risks have been identified and will be addressed by existing counter measures that are well known and suitable for inclusion in the FIPA 99 Security Framework.


There are still agent specific security risks that so far have not been identified. For example, the paradigm of non-deterministic autonomous collaborating agents gives rise to new security risks comparable to security risks in social societies for which common security measures currently do not exist. These risks need further be identified and explored.


This call is an attempt to further identify and explore security risks specific to the deployment of Agents and the use of security inside applications. In particular, FIPA believes that several security levels may be required on demand by an application, at a first glance three levels of security would benefit applications:

·         Authentication

·         Secure communication

·         Digital signatures


Submission of proposals should ideally take the form of scenarios and use cases.


The FIPA2000 specification will define a normative framework for addressing agent security risks. This framework will represent the minimal set of technologies required and must be complementary to the existing FIPA 98 (part 1) specification. Wherever possible it will refer to existing standards and solutions in this area.


3.4.3       Topics

The following are divided between normative topics (i.e. those areas where FIPA wishes to mandate the use of its technology) and informative topics (i.e. areas where background information or clarification of issues is required). Normative Topics

·         Minimum set of required primitive agent security operations (e.g authentication, encryption)

·         Management of security in agent systems, (i.e. security policies, key management)

·         Auditing, traceability, security policies and the role of Trusted Third Parties and Certificate Authorities.

·         Ontology for agent security (e.g. encryption standards, certificates).

·         Relation to other FIPA Specifications, in particular FIPA 98: Parts 1,2,11

·         Required Security Protocols (cf. FIPA 98 part 10) Informative Topics

·         Security scenario in case of electronic commerce.