1) Encryption of messages (which can themselves be agents) sent
between agents and
2) Access control of agents (message agents or agents themselves)
Encryption probably is best dealt with by underlying facilities.
Access control has to be thought through. There is the first kind of
access control where one is trying to prevent mischief and the second
is where agents can negotiate to get access to more resources (maybe
by agreeing to pay more charges, for example). It maybe easier to
provide better access control protection with declarative approaches
because agent servers don't expose how they perform certain
operations. So, when a declarative message (describing the what) is
processed by an agent, the processing agent can refuse to perform
actions that are thought of as destructive by it. Another way to
prevent mischief with procedural languages is to support procedural
languages that are purely functional (no side effect).
The access control for negotiating agents is a tough one to think
about. One has to develop the negotiation protocols and the ontology
of resources over which negotiation can happen. As you say, this will
have to be done sooner or later. As agents are delegated tasks that
are "sensitive" or "commercial" the need for such access control will
increase.
Sankar