Document title:

Security Work Plan

Document number:


Document source:

(see authors below)

Document status:


Date of this status:


Change history:


Initial Draft


Submission to FAB


FAB comments (see end)


Submission of 2nd version to FAB


Work-plan approved by FAB


Minor revisions to Work-plan including dates


Stefan Poslad <>
Monique Calisti <>

Patricia Charlton <>


Security is both a generic requirement for FIPA agents and a specific requirement for particular application domains.† The generic forces for security engineering are different from other types of engineering such as application development. Applications are useful for what they can specifically do. Security products are useful because of what they do not allow to be done. A security strategy in general involves figuring out how to make things not work and then preventing those failures.


Problem Statement:This work plan answers a need expressed by many FIPA members. This work-plan will seek to address some of the generic security requirements for agent applications such as e-commerce and agent support services that:


         operate and interoperate over public networks such as the Internet


         remotely access, provide or broker other services at various service portals


whilst maintaining certain quality of service levels.


Objective: There are two main objectives for this work-plan:

1.       To issue Calls for Information on agent Security issued by this work-group on behalf of FIPA, to solicit input from the wider agent and Internet community and to review the responses for inclusion into the output document (see below) on agent security.


2.       To produce an informational output document (such as a FIPA positional statement) on security as input to any future FIPA specification on agent security. This will involve:


         reviewing the previous specification on security (see [FIPA00020]) and making recommendations to the FIPA membership about this documentís future.


         assessing how the use of security impacts the current FIPA ACL and FIPA agent infrastructure specifications.† This may entail the specification and or development of an ontology for security;


         analyzing, developing potential designs and implementations for agent security in specific scenarios such as Agentcities (see [f-wp-00003]).


In addition, this work-plan can also provide input into the work-plans of related TCs, WGs and SIGs such as policies and domains, agreements, Agentcities and PD&M.



Technology: Technology is required to develop designs and implementations to illustrate the benefit of security in an agent scenario (see objectives). Existing security technologies such as Sunís Java security extensions and IP-based network protocols will be re-deployed within an Agent environment to provide support for encryption, authentication and authorization. A call for information will be issued to assess and possibly incorporate technology contributions from responders to this call into the output document.


Functionality: Assess security to:

         control read and write access to core agent services and information


         protect the privacy and integrity of ACL messages


         protect against denial of service attacks.


Specifications generated: None.


Plan for Work and Milestones: The plan is for a 6 month program of work and includes the following steps:

         2001/04: Issue 1st Call for Information


         2001/05: Issue 2nd Call for Information


         2001/06: First draft of FIPA output document (white-paper) on security


         2001/07: 22nd FIPA meeting: review 1st draft of security document


         2001/10: Completion of FIPA output document on security.


The project plan will be reviewed and revised, if and when necessary.


Future Work: Security specification



         [FIPA00001] FIPA Abstract Architecture Specification


         [FIPA00020] FIPA Agent Security Specification


         [FIPA00023] FIPA Agent Management Specification


         [FIPA00067] FIPA Agent Message Transport Specification



         Philip Buckle, Emorphia

         Noel Bush, Artificial Life

         Monique Calisti, EPFL

         Patrica Charlton, Motorola

         David Drake, Epsilon Systems

         Robert Luna, SPAWAR

         Katherine Morse, Epsilon Systems

         Denise Pierre, Aegis

         Stefan Poslad, Queen Mary College

         Martin Purvis, Univ. Otago


FIPA Architecture Board response to first version:

This work plan has not been approved. However, the Security Work Group has been assigned the task of deciding how security relates to FIPA specifications and how it should be addressed by FIPA in the future.


FIPA Architecture Board response to second version:

The work plan has been approved. Authors are invited to update the work-plan with respect to time-plan and to make minor modifications etc.