Subject: RE: [jade-develop] JADE-S: Concepts for Security
From: Caire Giovanni (Giovanni.Caire@TILAB.COM)
Date: Wed Feb 26 2003 - 11:38:33 MET
Hi Martin,
Comments and requirements on JADE-S are very welcome and I hope we can have a fruitfull discussion on them. By the way security issues are currently addressed also in FIPA.
However I would ask you to postpone this discussion after the release of JADE3.0 (very soon).
Bye
Giovanni
-----Original Message-----
From: Schneider Martin [mailto:Martin.Schneider@mchp.siemens.de]
Sent: marted́ 25 febbraio 2003 15.15
To: 'jade-develop'
Subject: [jade-develop] JADE-S: Concepts for Security
Hi!
I've been on another project and now I'm back on security issues.
I want to continue the discussion on Jade, security and Jade-S
from last autumn.
Last autumn I have done a short evaluation of Jade-S,
based upon the Security Adminstrators Guide from 19. September 2002
and the examples provided in the Jade-S distribution.
My result was:
JADE-S is suited for
- small,
- closed,
- centrally administrated,
secure agent systems.
The reasoning behind this can be found in my mails from
October/November 2002; if there is interest I can send it
again in a better readable form.
At that time, I was very disappointed, since I want to tackle
security in large distributed agent systems, running 24/7/52,
being open for new participants and integrated into larger
IT infrastructures.
The really great questions are:
what are the ways from Jade-S to such big real-life systems?
How can Jade-S (or parts of it) be applied to such systems?
Which extensions are necessary?
I think it would be a good idea to discuss these things here,
bringing security in agent systems to a higher level.
A new question is:
wouldn't it be better to have several security features
that can be plugged in independently than one system
that integrates several features in a fixed way?
For instance:
I can't use the password authentication mechanism.
My authentication mechanism will be based on certificates for
each agent. (Each agent belongs to a user and gets a certificate
from the user. The user itself is certificated by an independent
CA.)
So the requirement would be:
- choose between different authentication mechanisms.
What I like most from Jade-S is the permission mechanism.
Using this I can
- prevent agents to be killed by others
- prevent agent mobility.
On the other side it is very limiting.
Principals have to be named in a unique way;
so I have to grant for each pair of users the permissions
that their agents can receive/send messages to each other.
(This means: only small systems are maintainable, see my result above.)
This leads immediately to the idea of permission profiles:
e.g. this could be a combination of container/agent permissions,
for instance receiving/sending messages to each other.
Users have different security needs.
So it must be possible for each owner of a container/agent to adjust
the security level for her/his components.
On the other side, agents have to negotiate their security needs;
what if my agent sends your agent an encrypted message and your agent
sends it in plain text to a third one?
This is just a short collection of issues, far from complete.
Let's discuss these things here and exchange thoughts and opinions
about this!
Martin
=================================================
Martin Schneider
Siemens AG
CT IC 6 Intelligent Autonomous Systems
tel.: +49 89 636-44257 fax.: +49 89 636-41423
e-mail: Martin.Schneider@siemens.com
_______________________________________________
jade-develop mailing list
jade-develop@sharon.cselt.it
http://sharon.cselt.it/mailman/listinfo/jade-develop
UNSUBSCRIBE INSTRUCTIONS AT http://jade.cselt.it/mailing.htm#unsubscribe
_______________________________________________
jade-develop mailing list
jade-develop@sharon.cselt.it
http://sharon.cselt.it/mailman/listinfo/jade-develop
UNSUBSCRIBE INSTRUCTIONS AT http://jade.cselt.it/mailing.htm#unsubscribe
This archive was generated by hypermail 2a22 : Wed Feb 26 2003 - 11:38:57 MET