Document title:

Security Work Plan

Document number:


Document source:

(see authors below)

Document status:


Date of this status:


Change history:


Initial Draft


Submission to FAB


FAB comments (see end)


Submission of a modified work plan to the FAB


                                Stefan Poslad                                 Monique Calisti

                           <>                      <>      


                                                             Patrica Charlton



Security is both a generic requirement for FIPA agents and a specific requirement for particular application domains.  The generic forces for security engineering are different from other types of engineering such as application development. Applications are useful for what they can specifically do. Security products are useful because of what they do not allow to be done. A security strategy in general involves figuring out how to make things not work and then preventing those failures.


Problem Statement:This work plan answers a need expressed by many FIPA members. This work-plan will seek to address some of the generic security requirements for agent applications such as e-commerce and agent support services which that:


·         operate and interoperate over public networks such as the Internet;


·         remotely access, provide or broker other services at various service portals;


whilst maintaining certain quality of service levels.


Objective: The main objective of this work-plan is to produce an informational output document (such as a FIPA positional statement or white-paper) on security to be used as input to future FIPA specification(s) on agent security. This will involve:


1.       reviewing the previous specifications that relate to security such as FIPA00020.


2.       reviewing responses to the call for information on security


3.       assessing how the use of security impacts the current FIPA ACL and FIPA agent infrastructure specifications and to define possible modifications to the ACL (envelope, speech acts, interaction models and or ontologies) and MTS to support specific security policies.


4.       deriving requirements and defining security policies by analyzing (and possibly testing) security use within concrete domains such as AgentCities.


In addition, this work-plan will also provide input into the work-plans of related TCs, WGs and SIGS  such as  architecture, agreements, AgentCities and PD&M.


Technology: Technology may be required to develop concept demonstrators to illustrate the benefit of security in an agent scenario (bullet-point 4 above). Existing security technologies such as Sun’s Java security extensions and IP-based network protocols will be re-deployed within an Agent environment to provide support for encryption, authentication and authorization.


Functionality: Assess security to:

·         authenticate agents to other agents,


·         control read and write access to core agent services and information,


·         protect the privacy and integrity of ACL messages, and,


·         protect against denial of service attacks.


Specifications generated: None.


Plan for Work and Milestones: The plan is for a 6 month program of work and includes the following steps:


·         02/2001 Issue call for information


·         06/04/2001 First draft of informational output document on security


·         26/07/2001 Final Completion of informational output document on FIPA related security issues


The project plan will be reviewed and revised, if and when necessary.


Future Work: Security specification



·         [FIPA00001] FIPA Abstract Architecture Specification

·         [FIPA00020] FIPA Agent Security Specification

·         [FIPA00023] FIPA Agent Management Specification

·         [FIPA00067] FIPA Agent Message Transport Specification



·         Philip Buckle, Emorphia

·         Noel Bush, Artificial Life

·         Monique Calisti, EPFL

·         Patrica Charlton, Motorola

·         David Drake, Epsilon Systems

·         Robert Luna, SPAWAR

·         Katherine Morse, Epsilon Systems

·         Denise Pierre, Aegis

·         Stefan Poslad, Queen Mary College

·         Martin Purvis, Univ. Otago


FIPA Architecture Board response to First Submission

This work plan has not been approved. However, the Security Work Group has been assigned the task of deciding how security relates to FIPA specifications and how it should be addressed by FIPA in the future.


Security SIG activities since the First Submission

The security SIG has been active in discussing and assessing the scope for security related activities within FIPA. It believes that the timing is now right for a modified work-plan to be approved by the FAB. The proposed modified work-plan has sound support from members and organizations that have security expertise. The approval and subsequent work-plan activities will also act as a catalyst to attract input from others with security expertise.