%!PS-Adobe-2.0
%%Creator: dvips(k) 5.86 Copyright 1999 Radical Eye Software
%%Title: dist-trust.dvi
%%CreationDate: Mon Jun 04 13:53:16 2001
%%Pages: 8
%%PageOrder: Ascend
%%BoundingBox: 0 0 596 842
%%DocumentFonts: Times-Bold Times-Roman Times-Italic Courier
%%DocumentPaperSizes: a4
%%EndComments
%DVIPSWebPage: (www.radicaleye.com)
%DVIPSCommandLine: dvips dist-trust.dvi
%DVIPSParameters: dpi=600, compressed
%DVIPSSource:  TeX output 2001.06.04:1353
%%BeginProcSet: texc.pro
%!
/TeXDict 300 dict def TeXDict begin/N{def}def/B{bind def}N/S{exch}N/X{S
N}B/A{dup}B/TR{translate}N/isls false N/vsize 11 72 mul N/hsize 8.5 72
mul N/landplus90{false}def/@rigin{isls{[0 landplus90{1 -1}{-1 1}ifelse 0
0 0]concat}if 72 Resolution div 72 VResolution div neg scale isls{
landplus90{VResolution 72 div vsize mul 0 exch}{Resolution -72 div hsize
mul 0}ifelse TR}if Resolution VResolution vsize -72 div 1 add mul TR[
matrix currentmatrix{A A round sub abs 0.00001 lt{round}if}forall round
exch round exch]setmatrix}N/@landscape{/isls true N}B/@manualfeed{
statusdict/manualfeed true put}B/@copies{/#copies X}B/FMat[1 0 0 -1 0 0]
N/FBB[0 0 0 0]N/nn 0 N/IEn 0 N/ctr 0 N/df-tail{/nn 8 dict N nn begin
/FontType 3 N/FontMatrix fntrx N/FontBBox FBB N string/base X array
/BitMaps X/BuildChar{CharBuilder}N/Encoding IEn N end A{/foo setfont}2
array copy cvx N load 0 nn put/ctr 0 N[}B/sf 0 N/df{/sf 1 N/fntrx FMat N
df-tail}B/dfs{div/sf X/fntrx[sf 0 0 sf neg 0 0]N df-tail}B/E{pop nn A
definefont setfont}B/Cw{Cd A length 5 sub get}B/Ch{Cd A length 4 sub get
}B/Cx{128 Cd A length 3 sub get sub}B/Cy{Cd A length 2 sub get 127 sub}
B/Cdx{Cd A length 1 sub get}B/Ci{Cd A type/stringtype ne{ctr get/ctr ctr
1 add N}if}B/id 0 N/rw 0 N/rc 0 N/gp 0 N/cp 0 N/G 0 N/CharBuilder{save 3
1 roll S A/base get 2 index get S/BitMaps get S get/Cd X pop/ctr 0 N Cdx
0 Cx Cy Ch sub Cx Cw add Cy setcachedevice Cw Ch true[1 0 0 -1 -.1 Cx
sub Cy .1 sub]/id Ci N/rw Cw 7 add 8 idiv string N/rc 0 N/gp 0 N/cp 0 N{
rc 0 ne{rc 1 sub/rc X rw}{G}ifelse}imagemask restore}B/G{{id gp get/gp
gp 1 add N A 18 mod S 18 idiv pl S get exec}loop}B/adv{cp add/cp X}B
/chg{rw cp id gp 4 index getinterval putinterval A gp add/gp X adv}B/nd{
/cp 0 N rw exit}B/lsh{rw cp 2 copy get A 0 eq{pop 1}{A 255 eq{pop 254}{
A A add 255 and S 1 and or}ifelse}ifelse put 1 adv}B/rsh{rw cp 2 copy
get A 0 eq{pop 128}{A 255 eq{pop 127}{A 2 idiv S 128 and or}ifelse}
ifelse put 1 adv}B/clr{rw cp 2 index string putinterval adv}B/set{rw cp
fillstr 0 4 index getinterval putinterval adv}B/fillstr 18 string 0 1 17
{2 copy 255 put pop}for N/pl[{adv 1 chg}{adv 1 chg nd}{1 add chg}{1 add
chg nd}{adv lsh}{adv lsh nd}{adv rsh}{adv rsh nd}{1 add adv}{/rc X nd}{
1 add set}{1 add clr}{adv 2 chg}{adv 2 chg nd}{pop nd}]A{bind pop}
forall N/D{/cc X A type/stringtype ne{]}if nn/base get cc ctr put nn
/BitMaps get S ctr S sf 1 ne{A A length 1 sub A 2 index S get sf div put
}if put/ctr ctr 1 add N}B/I{cc 1 add D}B/bop{userdict/bop-hook known{
bop-hook}if/SI save N @rigin 0 0 moveto/V matrix currentmatrix A 1 get A
mul exch 0 get A mul add .99 lt{/QV}{/RV}ifelse load def pop pop}N/eop{
SI restore userdict/eop-hook known{eop-hook}if showpage}N/@start{
userdict/start-hook known{start-hook}if pop/VResolution X/Resolution X
1000 div/DVImag X/IEn 256 array N 2 string 0 1 255{IEn S A 360 add 36 4
index cvrs cvn put}for pop 65781.76 div/vsize X 65781.76 div/hsize X}N
/p{show}N/RMat[1 0 0 -1 0 0]N/BDot 260 string N/Rx 0 N/Ry 0 N/V{}B/RV/v{
/Ry X/Rx X V}B statusdict begin/product where{pop false[(Display)(NeXT)
(LaserWriter 16/600)]{A length product length le{A length product exch 0
exch getinterval eq{pop true exit}if}{pop}ifelse}forall}{false}ifelse
end{{gsave TR -.1 .1 TR 1 1 scale Rx Ry false RMat{BDot}imagemask
grestore}}{{gsave TR -.1 .1 TR Rx Ry scale 1 1 false RMat{BDot}
imagemask grestore}}ifelse B/QV{gsave newpath transform round exch round
exch itransform moveto Rx 0 rlineto 0 Ry neg rlineto Rx neg 0 rlineto
fill grestore}B/a{moveto}B/delta 0 N/tail{A/delta X 0 rmoveto}B/M{S p
delta add tail}B/b{S p tail}B/c{-4 M}B/d{-3 M}B/e{-2 M}B/f{-1 M}B/g{0 M}
B/h{1 M}B/i{2 M}B/j{3 M}B/k{4 M}B/w{0 rmoveto}B/l{p -4 w}B/m{p -3 w}B/n{
p -2 w}B/o{p -1 w}B/q{p 1 w}B/r{p 2 w}B/s{p 3 w}B/t{p 4 w}B/x{0 S
rmoveto}B/y{3 2 roll p a}B/bos{/SS save N}B/eos{SS restore}B end

%%EndProcSet
%%BeginProcSet: 8r.enc
% @@psencodingfile@{
%   author = "S. Rahtz, P. MacKay, Alan Jeffrey, B. Horn, K. Berry",
%   version = "0.6",
%   date = "1 July 1998",
%   filename = "8r.enc",
%   email = "tex-fonts@@tug.org",
%   docstring = "Encoding for TrueType or Type 1 fonts
%                to be used with TeX."
% @}
% 
% Idea is to have all the characters normally included in Type 1 fonts
% available for typesetting. This is effectively the characters in Adobe
% Standard Encoding + ISO Latin 1 + extra characters from Lucida.
% 
% Character code assignments were made as follows:
% 
% (1) the Windows ANSI characters are almost all in their Windows ANSI
% positions, because some Windows users cannot easily reencode the
% fonts, and it makes no difference on other systems. The only Windows
% ANSI characters not available are those that make no sense for
% typesetting -- rubout (127 decimal), nobreakspace (160), softhyphen
% (173). quotesingle and grave are moved just because it's such an
% irritation not having them in TeX positions.
% 
% (2) Remaining characters are assigned arbitrarily to the lower part
% of the range, avoiding 0, 10 and 13 in case we meet dumb software.
% 
% (3) Y&Y Lucida Bright includes some extra text characters; in the
% hopes that other PostScript fonts, perhaps created for public
% consumption, will include them, they are included starting at 0x12.
% 
% (4) Remaining positions left undefined are for use in (hopefully)
% upward-compatible revisions, if someday more characters are generally
% available.
% 
% (5) hyphen appears twice for compatibility with both 
% ASCII and Windows.
% 
/TeXBase1Encoding [
% 0x00 (encoded characters from Adobe Standard not in Windows 3.1)
  /.notdef /dotaccent /fi /fl
  /fraction /hungarumlaut /Lslash /lslash
  /ogonek /ring /.notdef
  /breve /minus /.notdef 
% These are the only two remaining unencoded characters, so may as
% well include them.
  /Zcaron /zcaron 
% 0x10
 /caron /dotlessi 
% (unusual TeX characters available in, e.g., Lucida Bright)
 /dotlessj /ff /ffi /ffl 
 /.notdef /.notdef /.notdef /.notdef
 /.notdef /.notdef /.notdef /.notdef
 % very contentious; it's so painful not having quoteleft and quoteright
 % at 96 and 145 that we move the things normally found there to here.
 /grave /quotesingle 
% 0x20 (ASCII begins)
 /space /exclam /quotedbl /numbersign
 /dollar /percent /ampersand /quoteright
 /parenleft /parenright /asterisk /plus /comma /hyphen /period /slash
% 0x30
 /zero /one /two /three /four /five /six /seven
 /eight /nine /colon /semicolon /less /equal /greater /question
% 0x40
 /at /A /B /C /D /E /F /G /H /I /J /K /L /M /N /O
% 0x50
 /P /Q /R /S /T /U /V /W
 /X /Y /Z /bracketleft /backslash /bracketright /asciicircum /underscore
% 0x60
 /quoteleft /a /b /c /d /e /f /g /h /i /j /k /l /m /n /o
% 0x70
 /p /q /r /s /t /u /v /w
 /x /y /z /braceleft /bar /braceright /asciitilde
 /.notdef % rubout; ASCII ends
% 0x80
 /.notdef /.notdef /quotesinglbase /florin
 /quotedblbase /ellipsis /dagger /daggerdbl
 /circumflex /perthousand /Scaron /guilsinglleft
 /OE /.notdef /.notdef /.notdef
% 0x90
 /.notdef /.notdef /.notdef /quotedblleft
 /quotedblright /bullet /endash /emdash
 /tilde /trademark /scaron /guilsinglright
 /oe /.notdef /.notdef /Ydieresis
% 0xA0
 /.notdef % nobreakspace
 /exclamdown /cent /sterling
 /currency /yen /brokenbar /section
 /dieresis /copyright /ordfeminine /guillemotleft
 /logicalnot
 /hyphen % Y&Y (also at 45); Windows' softhyphen
 /registered
 /macron
% 0xD0
 /degree /plusminus /twosuperior /threesuperior
 /acute /mu /paragraph /periodcentered
 /cedilla /onesuperior /ordmasculine /guillemotright
 /onequarter /onehalf /threequarters /questiondown
% 0xC0
 /Agrave /Aacute /Acircumflex /Atilde /Adieresis /Aring /AE /Ccedilla
 /Egrave /Eacute /Ecircumflex /Edieresis
 /Igrave /Iacute /Icircumflex /Idieresis
% 0xD0
 /Eth /Ntilde /Ograve /Oacute
 /Ocircumflex /Otilde /Odieresis /multiply
 /Oslash /Ugrave /Uacute /Ucircumflex
 /Udieresis /Yacute /Thorn /germandbls
% 0xE0
 /agrave /aacute /acircumflex /atilde
 /adieresis /aring /ae /ccedilla
 /egrave /eacute /ecircumflex /edieresis
 /igrave /iacute /icircumflex /idieresis
% 0xF0
 /eth /ntilde /ograve /oacute
 /ocircumflex /otilde /odieresis /divide
 /oslash /ugrave /uacute /ucircumflex
 /udieresis /yacute /thorn /ydieresis
] def

%%EndProcSet
%%BeginProcSet: texps.pro
%!
TeXDict begin/rf{findfont dup length 1 add dict begin{1 index/FID ne 2
index/UniqueID ne and{def}{pop pop}ifelse}forall[1 index 0 6 -1 roll
exec 0 exch 5 -1 roll VResolution Resolution div mul neg 0 0]/Metrics
exch def dict begin Encoding{exch dup type/integertype ne{pop pop 1 sub
dup 0 le{pop}{[}ifelse}{FontMatrix 0 get div Metrics 0 get div def}
ifelse}forall Metrics/Metrics currentdict end def[2 index currentdict
end definefont 3 -1 roll makefont/setfont cvx]cvx def}def/ObliqueSlant{
dup sin S cos div neg}B/SlantFont{4 index mul add}def/ExtendFont{3 -1
roll mul exch}def/ReEncodeFont{CharStrings rcheck{/Encoding false def
dup[exch{dup CharStrings exch known not{pop/.notdef/Encoding true def}
if}forall Encoding{]exch pop}{cleartomark}ifelse}if/Encoding exch def}
def end

%%EndProcSet
TeXDict begin 39158280 55380996 1000 600 600 (dist-trust.dvi)
@start /Fa 133[45 45 45 2[45 45 45 45 45 45 45 45 45
45 45 45 45 45 45 45 45 45 45 45 45 6[45 45 45 3[45 45
45 1[45 45 45 4[45 2[45 45 45 45 45 45 2[45 1[45 6[45
45 1[45 45 45 2[45 45 2[45 45 40[{TeXBase1Encoding ReEncodeFont}51
74.7198 /Courier rf /Fb 135[45 2[51 30 35 40 51 51 45
51 76 25 1[30 25 1[45 30 40 51 40 1[45 13[51 66 1[56
71 1[86 3[35 71 2[61 66 66 61 66 6[30 10[25 44[51 2[{
TeXBase1Encoding ReEncodeFont}34 90.9091 /Times-Bold
rf
%DVIPSBitmapFont: Fc cmsy9 9 1
/Fc 1 14 df<ED0FFF92B512F0020314FC020F14FF91263FF80113C0913AFF80001FF049
48C7EA07F8D907F8EC01FED90FE0EC007FD91F80ED1F8049C96C7E017E707E49707E4848
707E4916004848177C0007187E49173E484883A248CBEA0F80A2003EF007C0A2003C1803
007C19E0A200781801A200F819F0A2481800A96C1801A2007819E0A2007C1803A2003C19
C0003E1807A26CF00F80A26C6CEF1F00A26C6C173E6D177E0003187C6C6C5F6D16016C6C
4C5A017E4C5A6D4C5A6D6C4B5AD90FE0037FC7FCD907F8EC01FED901FEEC07F86D6C6CEB
1FF0913A3FF801FFC0020FB6C8FC020314FC020014F0030F90C9FC44477CB54D>13
D E
%EndDVIPSBitmapFont
/Fd 134[37 1[55 37 42 23 32 32 1[42 42 42 60 23 37 23
23 42 42 23 37 42 37 42 42 9[69 2[46 42 51 1[51 60 1[69
1[55 1[28 2[51 51 60 55 51 51 5[28 28 2[42 4[42 42 42
1[21 28 21 41[42 2[{TeXBase1Encoding ReEncodeFont}48
83.022 /Times-Italic rf /Fe 134[37 1[54 3[29 33 2[37
9[33 42 24[58 75[{TeXBase1Encoding ReEncodeFont}8 74.7198
/Times-Bold rf /Ff 133[33 37 37 54 37 37 21 29 25 37
37 37 37 58 21 37 1[21 37 37 25 33 37 33 37 33 8[54 71
2[46 42 50 1[42 54 1[66 46 1[29 25 2[42 46 54 50 50 54
7[37 37 37 37 37 1[37 37 37 37 1[19 25 19 2[25 25 36[42
42 2[{TeXBase1Encoding ReEncodeFont}58 74.7198 /Times-Roman
rf /Fg 105[42 27[37 42 3[46 28 32 37 46 46 42 46 1[23
2[23 46 42 28 37 46 37 46 42 12[55 1[60 16[60 65[{
TeXBase1Encoding ReEncodeFont}24 83.022 /Times-Bold rf
%DVIPSBitmapFont: Fh cmsy10 10 3
/Fh 3 104 df<EB1FF0EBFFFE487F000714C04814E04814F04814F8A24814FCA3B612FE
A96C14FCA36C14F8A26C14F06C14E06C14C0000114006C5BEB1FF01F1F7BA42A>15
D<EC01F8140FEC3F80ECFC00495A495A495AA2130F5CB3A7131F5C133F49C7FC13FEEA03
F8EA7FE048C8FCEA7FE0EA03F8EA00FE137F6D7E131F80130FB3A7801307A26D7E6D7E6D
7EEC3F80EC0FF814011D537ABD2A>102 D<12FCEAFFC0EA07F0EA01FCEA007E7F80131F
80130FB3A7801307806D7E6D7EEB007EEC1FF0EC07F8EC1FF0EC7E00495A495A495A5C13
0F5CB3A7131F5C133F91C7FC137E485AEA07F0EAFFC000FCC8FC1D537ABD2A>I
E
%EndDVIPSBitmapFont
/Fi 105[42 27[37 42 42 60 42 42 23 32 28 42 42 42 42
65 23 42 23 23 42 42 28 37 42 37 42 37 6[51 60 60 78
60 60 51 46 55 60 46 60 60 74 51 60 32 28 60 60 46 51
60 55 55 60 76 4[23 23 42 42 42 42 42 42 42 42 42 42
23 21 28 21 2[28 28 28 65 34[46 46 2[{TeXBase1Encoding ReEncodeFont}76
83.022 /Times-Roman rf /Fj 134[50 1[72 1[55 33 39 44
1[55 50 55 83 28 55 1[28 55 50 33 44 55 44 55 50 7[72
1[100 2[66 1[72 1[61 78 2[66 78 1[39 2[61 1[72 72 66
21[25 44[{TeXBase1Encoding ReEncodeFont}35 99.6264 /Times-Bold
rf /Fk 136[86 1[66 40 47 53 2[60 66 100 1[66 1[33 1[60
40 53 66 1[66 60 12[80 6[113 6[73 1[86 2[86 65[{
TeXBase1Encoding ReEncodeFont}21 119.552 /Times-Bold
rf end
%%EndProlog
%%BeginSetup
%%Feature: *Resolution 600dpi
TeXDict begin
%%BeginPaperSize: a4
a4
%%EndPaperSize

%%EndSetup
%%Page: 1 1
1 0 bop 691 275 a Fk(A)30 b(Framew)o(ork)g(f)m(or)g(Distrib)n(uted)h(T)
-9 b(rust)29 b(Management)1113 470 y Fj(Lalana)c(Kagal,)e(T)n(imoth)o
(y)i(Finin,)g(Y)-9 b(un)26 b(P)n(eng)985 562 y Fi(Computer)19
b(Science)h(and)g(Electrical)f(Engineering)f(Department)1251
653 y(Uni)n(v)o(ersity)h(of)g(Maryland)g(Baltimore)h(County)1239
744 y(1000)e(Hilltop)i(Circle,)h(Baltimore,)e(MD)i(21250)1215
836 y(email)g(:)k Fh(f)p Fi(lkagal1,\002nin,ypeng)p Fh(g)p
Fi(@cs.umb)o(c.ed)o(u)1579 927 y(phone)18 b(:)26 b(410-455-3971)1627
1018 y(f)o(ax)20 b(:)26 b(410-455-3969)689 1374 y Fg(Abstract)-67
1515 y Ff(In)g(this)f(paper)h(we)g(outline)g(an)g(infrastructure)g
(that)f(f)o(acilitates)g(se-)-67 1598 y(curity)j(and)h(trust)f
(management)i(in)e(a)g(multi-agent)g(system.)51 b(Our)-67
1681 y(model)17 b(eases)h(the)f(problem)g(of)g(authorization)h(in)f(a)g
(netw)o(ork)g(of)g(het-)-67 1764 y(erogeneous)32 b(agents)e(and)h(also)
f(contains)g(mechanisms)h(for)f(dele-)-67 1847 y(gation)c(of)g
(authorization)h(information.)45 b(The)25 b(frame)n(w)o(ork)i(allo)n
(ws)-67 1930 y(agents)e(to)f(e)o(xchange)h(trust)f(information)h(using)
f(a)g(series)g(of)g(Inter)o(-)-67 2013 y(action)29 b(Protocols)g(based)
g(on)g(FIP)-7 b(A)27 b(\(F)o(oundation)j(for)e(Intelligent)-67
2096 y(Physical)14 b(Agents\))h(Interaction)g(Protocols)g(\(FIP)-7
b(A)14 b(1998\).)22 b(It)14 b(decen-)-67 2179 y(tralizes)h(security)g
(decisions,)h(enabling)h(more)e(than)h(one)f(agent)h(to)f(be)-67
2262 y(responsible)j(for)e(the)h(v)n(alidation)h(of)e(requests)i(or)e
(for)h(the)g(dele)o(gation)-67 2345 y(of)e(permissions.)23
b(It)14 b(is)h(v)o(ery)g(\003e)o(xible)g(and)h(encourages)h(mobility)e
(be-)-67 2428 y(cause)23 b(the)g(process)g(of)g(requesting)g(services)g
(and)g(granting)h(access)-67 2511 y(is)16 b(di)n(vided)i(into)f(tw)o(o)
g(independent)i(steps.)k(This)16 b(allo)n(ws)h(an)g(agent)g(to)-67
2594 y(disconnect)h(after)f(the)g(\002rst)f(step)h(and)h(reconnect)g
(else)n(where)g(to)f(con-)-67 2677 y(tinue)g(the)f(process)h(of)g
(securing)g(the)f(service.)23 b(The)16 b(model)h(also)g(uses)-67
2760 y(a)30 b(polic)o(y)g(based)h(approach,)j(to)29 b(specify)i(rules)e
(for)h(authorization)-67 2843 y(and)c(dele)o(gation,)h(and)f(a)f
(distrib)o(uted)g(kno)n(wledge)i(base,)h(that)d(con-)-67
2926 y(tains)g(information)h(about)h(the)e(interacting)h(agents.)44
b(W)-6 b(e)25 b(describe)-67 3009 y(an)e(implemented)g(system)g(that)f
(incorporates)i(our)f(frame)n(w)o(ork)g(us-)-67 3092
y(ing)c(X.509)h(certi\002cates)e(and)i(a)e(Prolog)h(kno)n(wledge)i
(base.)683 3191 y Fe(K)n(eyw)o(ords)23 3274 y Ff(Authorization,)e
(security)-5 b(,)19 b(distrib)o(uted)g(trust,)g(agents,)g(X.509)-3
3357 y(certi\002cates,)f(kno)n(wledge)i(representation,)g(role)f
(based,)g(polic)o(y)573 3586 y Fj(Intr)n(oduction)-150
3701 y Fi(Authorization)g(in)i(a)h(distrib)n(uted)e(system)i(is)g
(quite)f(dif)n(ferent)e(from)-150 3792 y(a)32 b(centralized)f(system.)
60 b(T)m(raditionally)-5 b(,)32 b(authorization)d(is)k(com-)-150
3883 y(posed)15 b(of)g(authentication)e(and)i(access)h(control.)22
b(The)15 b(Access)h(Con-)-150 3975 y(trol)34 b(List)h(\(A)m(CL\))e
(\(J.K.Jan)h(1991;)f(M.S.Hw)o(ang)g(1994\),)j(which)-150
4066 y(w)o(orks)30 b(by)f(attaching)g(access)i(control)e(information)f
(of)h(the)i(sub-)-150 4157 y(ject)38 b(to)f(the)g(resource,)j(is)e(a)g
(popular)d(approach.)74 b(Role)37 b(based)-150 4249 y(access)43
b(control)e(\(Blaze,)48 b(Feigenbaum,)e(&)d(K)n(eromytis)e(1999;)-150
4340 y(Sandhu)20 b Fd(et)i(al.)29 b Fi(1996\))20 b(is)i(another)e
(scheme)h(that)h(has)g(been)f(widely)-150 4431 y(used.)39
b(In)25 b(this)g(model,)g(the)g(the)g(lar)o(ge)f(number)f(of)i(users)g
(forces)g(a)-150 4523 y(di)n(vision)c(into)g(groups)f(\(or)h(roles\))h
(and)f(the)h(access)g(information)d(is)-150 4614 y(attached)f(to)h
(roles.)24 b(Ho)n(we)n(v)o(er)17 b(both)h(these)g(schemes)h(are)f
(unable)g(to)-150 4705 y(meet)j(the)g(requirements)e(of)i(a)h(lar)o(ge)
e(distrib)n(uted)g(system)i(because)p -150 4774 499 4
v -150 4847 a Ff(Cop)o(yright)207 4845 y(c)185 4847 y
Fc(\015)33 b Ff(2001,)k(American)c(Association)h(for)f(Arti\002cial)e
(Intelli-)-150 4930 y(gence)20 b(\(www)-5 b(.aaai.or)o(g\).)22
b(All)d(rights)f(reserv)o(ed.)-16 5001 y(T)-6 b(o)22
b(appear)h(in)f(Proceedings)h(of)f(The)h(IJCAI-01)f(W)-6
b(orkshop)23 b(on)f(Au-)-150 5084 y(tonomy)-5 b(,)25
b(Dele)o(gation,)e(and)h(Control.)35 b(This)22 b(research)i(w)o(as)f
(supported)h(in)-150 5167 y(part)f(by)g(the)f(IBM)h(EECOMS)e(program)j
(and)f(the)g(D)m(ARP)-7 b(A)22 b(D)m(AML)g(pro-)-150
5250 y(gram)d(under)h(contract)f(F30602-97-1-0215)2063
1283 y Fi(the)24 b(indi)n(viduals)f(that)i(need)f(to)g(access)h(the)g
(resource)e(may)h(not)h(be)2063 1374 y(kno)n(wn)19 b(ahead)h(of)h
(time,)g(so)g(the)g(A)m(CL)g(or)g(role)f(based)h(information)2063
1466 y(cannot)j(be)i(formed.)41 b(Also)27 b(in)f(a)g(b)n(usiness)h(en)m
(vironment,)d(people)2063 1557 y(are)c(frequently)e(changing)g(jobs)i
(or)g(positions)f(and)h(roles.)2146 1649 y(W)-7 b(e)23
b(try)g(to)g(solv)o(e)f(this)i(problem)d(through)f(the)j(application)f
(of)g(a)2063 1740 y(chain)k(of)g(trust)h(using)f(rights)h(and)f(dele)o
(gations.)43 b(In)26 b(this)i(system,)2063 1832 y(we)f(model)g
(permissions)g(as)h(the)f(rights)g(of)g(an)h(agent.)46
b(W)-7 b(e)28 b(asso-)2063 1923 y(ciate)19 b(rights)f(with)i(actions,)e
(so)i(possession)e(of)h(a)h(right)e(permits)h(the)2063
2014 y(corresponding)14 b(agent)j(to)h(perform)e(a)i(certain)g(action.)
23 b(W)-7 b(e)19 b(are)f(cur)n(-)2063 2106 y(rently)f(e)o(xploring)g
(the)h(use)h(of)g(obligations)d(and)i(the)h(repercussions)2063
2197 y(of)g(f)o(ailing)h(to)g(ful\002ll)h(obligations.)2146
2289 y(Rights)d(or)h(pri)n(vile)o(ges)e(can)h(be)h(gi)n(v)o(en)e(to)i
(trusted)f(agents)g(that)h(are)2063 2380 y(then)25 b(responsible)f(for)
h(agents)g(the)o(y)g(may)g(dele)o(gate)f(this)j(right)e(to.)2063
2472 y(So)31 b(the)h(agents)g(will)g(only)f(dele)o(gate)f(to)i(agents)g
(that)g(the)o(y)f(trust.)2063 2563 y(This)21 b(forms)g(a)g(dele)o
(gation)f(chain.)27 b(If)22 b(an)o(y)e(agent)h(along)f(this)i(chain)
2063 2654 y(f)o(ails)30 b(to)g(meet)f(the)h(requirements)e(associated)h
(with)h(a)h(dele)o(gated)2063 2746 y(right,)17 b(the)i(chain)f(is)h
(brok)o(en)e(and)h(all)h(agents)f(follo)n(wing)f(the)h(f)o(ailure)2063
2837 y(are)25 b(not)g(permitted)g(to)g(perform)f(the)h(action)g
(associated)h(with)g(the)2063 2928 y(right.)2146 3020
y(This)31 b(paper)f(is)i(or)o(ganized)c(as)k(follo)n(ws)f(:)48
b Fd(Related)30 b(W)-8 b(ork)32 b Fi(dis-)2063 3112 y(cusses)20
b(other)f(similar)i(approaches,)d(and)h Fd(The)h(Pr)l(oblem)g
Fi(discusses)2063 3203 y(the)26 b(problem)f(and)i(the)g(tw)o(o)g
(scenarios)f(we)h(tar)o(get.)44 b(W)-7 b(e)28 b(describe)2063
3294 y(our)j(infrastructure)g(brie\003y)h(in)h Fd(Infr)o(astructur)m(e)
p Fi(,)h(the)f(kno)n(wledge)2063 3386 y(base)22 b(is)h(described)e(in)h
Fd(Knowledg)o(e)g(Base)g Fi(and)g(polic)o(y)f(being)g(used)2063
3477 y(in)28 b Fd(P)-7 b(olicy)p Fi(.)48 b Fd(Ontolo)o(gy)26
b Fi(e)o(xplains)h(our)g(ontology)f(and)h Fd(Inter)o(action)2063
3568 y(Pr)l(otocol)e Fi(discusses)h(our)f(protocols)f(for)i(agent)f
(communication.)2063 3660 y(W)-7 b(e)36 b(e)o(xplain)e(the)h(softw)o
(are)g(used)g(in)g Fd(Implementation)e(Details)p Fi(.)2063
3751 y Fd(Futur)m(e)e(W)-8 b(ork)33 b Fi(is)g(a)g(discussion)f(of)f
(future)h(research)f(directions,)2063 3842 y(and)19 b
Fd(Conclusion)g Fi(contains)h(the)g(summary)-5 b(.)2760
4036 y Fj(Related)25 b(W)-7 b(ork)2063 4154 y Fi(Blaze,)50
b(who)44 b(coined)f(the)i(term)f(Distrib)n(uted)g(T)m(rust)g(Manage-)
2063 4245 y(ment,)c(tries)e(to)g(solv)o(e)e(the)i(problem)d(by)i(the)g
(access)h(checking)2063 4337 y(method,)47 b(b)n(ut)d(without)e(an)o(y)h
(authentication)f(\(M.Blaze)h(1996;)2063 4428 y(Blaze)37
b Fd(et)g(al.)76 b Fi(1998\).)d(The)37 b(Simple)f(Public)h(K)n(e)o(y)g
(Infrastruc-)2063 4519 y(ture)27 b(\(SPKI\))h(w)o(as)h(the)f(\002rst)g
(proposed)e(standard)h(for)g(distrib)n(uted)2063 4611
y(trust)38 b(management)f(\(Ellison)h Fd(et)h(al.)80
b Fi(1998\).)e(This)39 b(solution,)2063 4702 y(though)33
b(simple)j(and)f(ele)o(gant,)j(does)d(not)h(help)f(in)h(dele)o
(gations.)2063 4793 y(W)-8 b(.)21 b(Johnston')-5 b(s)20
b(Use-Condition)f(Centered)h(Approach)f(\(Johnston)2063
4885 y(&)41 b(Larsen)g(1996\))f(uses)i(certi\002cates)g(for)f
(use-conditions)e(that)2063 4976 y(are)d(created)f(by)h(those)f
(responsible)g(for)h(the)g(resources.)71 b(This)2063
5067 y(can)33 b(only)h(be)f(used)h(when)g(the)g(resource)e(is)j(simple)
f(enough)e(to)2063 5159 y(be)d(described)f(by)g(use-conditions,)h(b)n
(ut)h(in)f(lar)o(ge)f(systems)i(there)2063 5250 y(could)36
b(be)i(man)o(y)f(types)h(of)f(access)i(lik)o(e)f(read,)k(write,)g(e)o
(x)o(ecute)p eop
%%Page: 2 2
2 1 bop -150 -67 a Fi(etc.)76 b(Another)36 b(trust)i(management)d
(system)i(is)h(TE)g(\(Herzber)o(g)-150 24 y Fd(et)i(al.)84
b Fi(2000\))38 b(from)h(IBM.)h(This)g(s)h(not)e(able)h(to)g(address)f
(all)-150 116 y(the)23 b(rele)n(v)n(ant)f(issues)i(because)e(it)i
(considers)e(only)g(role)h(authoriza-)-150 207 y(tion.)53
b(Dele)o(gation)27 b(logics)j(\(Li,)h(Feigenbaum,)f(&)g(Grosof)e(1999;)
-150 298 y(Grosof)g(&)g(Labrou)f(1999\),)h(from)g(IBM,)g(is)h(v)o(ery)f
(similar)g(to)h(our)-150 390 y(approach,)16 b(ho)n(we)n(v)o(er)f(is)k
(not)e(able)h(to)g(capture)e(adequately)g(the)i(con-)-150
481 y(straints)j(associated)f(with)g(rights)g(and)f(dele)o(gations.)-67
572 y(The)35 b(abo)o(v)o(e)f(mentioned)f(models)i(are)g(v)o(ery)f(po)n
(werful,)j(ho)n(w-)-150 664 y(e)n(v)o(er)22 b(the)o(y)g(do)h(not)f
(meet)h(all)h(the)f(requirements)e(of)i(trust)g(manage-)-150
755 y(ment.)34 b(Generally)22 b(security)g(systems)i(should)e(not)h
(only)f(authenti-)-150 846 y(cate)27 b(users,)g(b)n(ut)g(also)f(allo)n
(w)h(users)f(to)h(dele)o(gate)e(their)h(rights)g(and)-150
938 y(beliefs)e(to)g(other)f(users)h(securely)f(and)g(pro)o(vide)f(a)i
(\003e)o(xible)f(mech-)-150 1029 y(anism)e(for)g(this)h(dele)o(gation.)
j(The)c(abo)o(v)o(e)f(systems)i(either)e(support)-150
1120 y(only)29 b(authentication)e(ignoring)g(dele)o(gation)h
(altogether)m(,)h(or)h(sup-)-150 1212 y(port)f(dele)o(gation)e(to)j
(some)f(e)o(xtent)g(without)f(pro)o(viding)f(the)j(\003e)o(x-)-150
1303 y(ibility)i(needed,)h(or)f(do)g(not)f(pro)o(vide)f(suf)n
(\002cient)i(restrictions)f(on)-150 1394 y(dele)o(gation)18
b(of)i(rights.)-67 1486 y(W)-7 b(e)51 b(dre)n(w)e(on)g(the)h(k)o(e)o(y)
f(points)g(of)g(most)h(of)f(the)h(abo)o(v)o(e-)-150 1577
y(mentioned)19 b(schemes)h(and)g(designed)f(an)i(infrastructure)d(that)
j(uses)-150 1668 y(X.509)28 b(certi\002cates)h(and)f(policies)h(to)g
(enforce)f(security)-5 b(.)50 b(A)30 b(pol-)-150 1760
y(ic)o(y)i(contains)g(basic/axiomatic)f(rights,)k(rights)e(associated)f
(with)-150 1851 y(roles,)j(rules)d(for)f(dele)o(gation,)h(and)g(rules)g
(for)f(checking)g(the)h(v)n(a-)-150 1942 y(lidity)c(of)g(requests.)49
b(X.509)27 b(certi\002cates)i(are)f(used)g(not)g(only)g(for)-150
2033 y(identity)21 b(purposes,)h(b)n(ut)g(also)g(for)g(authorization)e
(and)i(dele)o(gation.)-150 2125 y(Our)17 b(system)g(allo)n(ws)g(agents)
g(to)g(dele)o(gate)f(an)o(y)g(right)h(that)g(the)o(y)g(may)-150
2216 y(ha)n(v)o(e.)23 b(Whether)17 b(these)h(dele)o(gations)d(are)i
(honored)e(depends)h(on)h(the)-150 2307 y(polic)o(y)-5
b(.)37 b(Constraints)24 b(can)h(be)f(added)g(to)h(both)f(the)g(actual)h
(dele)o(ga-)-150 2399 y(tion)17 b(and)f(to)h(the)g(dele)o(gatee,)e
(tightening)g(control)h(on)g(the)h(rights)g(and)-150
2490 y(permissions.)24 b(In)18 b(our)f(model,)h(we)g(use)h(a)g(')l
(redele)o(gatable')c(\003ag)j(that)-150 2581 y(controls)f(whether)g
(the)i(right)e(can)h(be)g(further)f(dele)o(gated.)22
b(W)-7 b(e)20 b(ha)n(v)o(e)-150 2673 y(found)32 b(that)i(these)g
(features)f(of)g(our)g(system)h(address)g(the)f(main)-150
2764 y(issues)c(of)e(trust)h(management,)g(authentication)d(and)j(dele)
o(gation,)-150 2855 y(successfully)-5 b(.)567 3039 y
Fj(The)26 b(Pr)n(oblem)-150 3148 y Fi(W)-7 b(e)21 b(ha)n(v)o(e)d(tried)
i(to)f(solv)o(e)g(the)h(problem)d(of)i(authorization)f(and)g(del-)-150
3239 y(e)o(gation)29 b(in)j(a)f(system)g(that)g(consists)h(of)f(widely)
f(distrib)n(uted)g(re-)-150 3330 y(sources)e(and)g(agents.)49
b(There)28 b(are)h(tw)o(o)f(scenarios)g(that)h(we)g(ha)n(v)o(e)-150
3422 y(tackled;)f(a)e(home/of)n(\002ce)e(automation)g(model)g(and)i(an)
f(electronic)-150 3513 y(supply)39 b(chain)g(management)f(system)i(lik)
o(e)g(EECOMS)g(\(Inger)n(-)-150 3604 y(soll)23 b(Rand)f(2000\).)29
b(W)-7 b(e)24 b(ha)n(v)o(e)d(been)h(successful)g(in)g(implementing)-150
3696 y(the)i(EECOMS)g(scenario)e(and)h(are)h(currently)e(w)o(orking)g
(on)h(an)h(of-)-150 3787 y(\002ce)e(automation)e(scenario)i(with)g
(BlueT)-7 b(ooth)21 b(\(Bluetoothwebsite)-150 3878 y(2001\))d(enabled)h
(de)n(vices.)-150 4046 y Fb(EECOMS)i(:)i(IBM)f(pr)n(oject)-150
4154 y Fi(This)j(w)o(ork)f(is)i(sponsored)d(by)i(the)g(CIIMPLEX)f
(consortium)f(\(In-)-150 4245 y(gersoll)44 b(Rand)g(2000\))e(for)i(the)
g(Extended)f(Enterprise)g(COali-)-150 4337 y(tion)e(for)f(Inte)o
(grated)f(Collaborati)n(v)o(e)h(Manuf)o(acturing)e(Systems)-150
4428 y(\(EECOMS\))15 b(project)f(which)h(is)h(aimed)f(at)g(pro)o
(viding)e(a)j(set)g(of)f(tech-)-150 4519 y(nologies)g(for)h(inte)o
(grated)e(supply)h(chain)h(and)f(b)n(usiness)i(to)f(b)n(usiness)-150
4611 y(electronic)j(commerce.)-67 4702 y(The)31 b(EECOMS)g(project)f
(deals)h(with)h(trust)f(establishment)f(in)-150 4793
y(a)25 b(supply)f(chain)g(management)e(system.)39 b(Generally)-5
b(,)24 b(b)n(uyers)g(and)-150 4885 y(suppliers)e(need)g(to)h(share)g
(certain)f(information)e(with)j(each)g(other)-5 b(.)-150
4976 y(Our)31 b(system)i(sets)f(up)g(authorization)d(and)j(dele)o
(gation)d(rules,)35 b(so)-150 5067 y(that)h(this)g(information)e(may)h
(be)h(accessed)f(only)g(by)h(those)f(au-)-150 5159 y(thorized)30
b(to)i(do)f(so.)59 b(Special)31 b(intelligent)g(agents)g(called)g(')-5
b(secu-)-150 5250 y(rity)18 b(agents')f(are)h(required)e(for)h
(authentication)f(and)h(authorization)2063 -67 y(within)25
b(a)h(particular)e(domain,)i(and)f(are)h(trusted)f(within)g(and)g(out-)
2063 24 y(side)h(the)g(group/compan)o(y)-5 b(.)39 b(The)o(y)25
b(also)h(represent)g(the)g(compan)o(y)2063 116 y(in)c(some)g(sense.)32
b(The)22 b(security)g(agent)f(of)h(the)h(b)n(uyer)e(can)h(gi)n(v)o(e)g
(the)2063 207 y(security)j(agent)g(of)g(the)h(supplier)f(the)h
(permission)e(to)i(access)h(cer)n(-)2063 298 y(tain)e(information,)f
(and)h(the)g(ability)h(to)f(dele)o(gate)f(this)i(right.)40
b(The)2063 390 y(supplier')-5 b(s)26 b(security)g(agent)g(can)h(dele)o
(gate)e(this)i(right)f(to)h(some)g(of)2063 481 y(its)32
b(emplo)o(yees)e(based)h(on)g(the)g(polic)o(y)-5 b(.)57
b(This)31 b(security)g(agent)g(is)2063 572 y(responsible)22
b(for)i(all)h(accesses)g(coming)e(from)g(its)i(compan)o(y)-5
b(.)35 b(The)2063 664 y(emplo)o(yees)19 b(can)h(further)e(dele)o(gate)h
(this)i(right)e(forming)g(a)h(chain)g(of)2063 755 y(dele)o(gation)k
(from)h(the)h(b)n(uyer)f(to)i(the)f(supplier)f(to)i(its)g(emplo)o
(yees.)2063 846 y(If)f(at)g(an)o(y)g(point)f(the)h(dele)o(gation)e(f)o
(ails)j(or)f(is)h(re)n(v)n(ok)o(ed)e(the)h(access)2063
938 y(cannot)j(go)h(through.)55 b(The)30 b(same)h(holds)f(if)h(the)g
(situation)f(is)i(re-)2063 1029 y(v)o(ersed)18 b(and)h(the)h(supplier)f
(gi)n(v)o(es)g(the)h(b)n(uyer)e(access)j(to)f(some)f(of)h(its)2063
1120 y(resources.)2146 1216 y(The)d(system)g(consists)h(of)f(a)h(netw)o
(ork)e(of)h(heterogeneous)e(agents)2063 1307 y(that)37
b(interact)g(to)g(perform)f(certain)h(actions)g(that)g(may)g(or)g(may)
2063 1398 y(not)26 b(need)g(authorization.)43 b(The)26
b(main)g(problem)f(is)j(guaranteeing)2063 1490 y(the)g(authenticity)f
(of)h(requests)g(between)g(these)h(agents,)h(whether)2063
1581 y(within)16 b(a)h(group/compan)o(y)12 b(or)k(between)g(one)g(or)g
(more)g(companies.)2063 1672 y(The)23 b(security)h(agents)f(of)h(a)h
(compan)o(y)c(follo)n(w)j(the)g(compan)o(y)d(pol-)2063
1764 y(ic)o(y)-5 b(.)24 b(This)c(polic)o(y)f(describes)h(certain)f
(rules)i(for)e(rights,)h(dele)o(gation)2063 1855 y(and)25
b(reasoning)g(about)g(them)g(\(refer)g(to)i Fd(P)-7 b(olicy)p
Fi(\).)42 b(These)26 b(security)2063 1946 y(agents)20
b(enforce)g(the)i(security)e(polic)o(y)g(of)h(the)h(compan)o(y)-5
b(.)25 b(The)c(pol-)2063 2038 y(ic)o(y)30 b(is)h(not)f(changed)e
(frequently)g(and)i(usually)g(in)m(v)n(olv)o(es)f(human)2063
2129 y(interv)o(ention.)52 b(T)-7 b(o)30 b(e)o(xpedite)f(the)h
(identi\002cation)f(of)h(each)f(agent,)2063 2220 y(we)24
b(assume)h(that)f(e)n(v)o(ery)f(agent)h(has)h(an)f(Identity)f
(Certi\002cate)i(\(ID\))2063 2312 y(issued)20 b(by)g(a)g(trusted)g
(Certi\002cate)h(Authority)d(\(CA\).)2063 2500 y Fb(Home/Of\002ce)23
b(A)-5 b(utomation)2063 2629 y Fi(Our)17 b(architecture)f(could)g
(apply)h(to)g(the)h(wireless)g(w)o(orld)f(in)h(the)f(fol-)2063
2720 y(lo)n(wing)d(scenario.)23 b(If)15 b(a)h(visiting)f(lecturer)g(at)
h(a)g(Uni)n(v)o(ersity)e(needs)h(to)2063 2812 y(use)j(a)h(projector)d
(in)i(a)h(lecture)f(hall,)g(she/he)g(needs)g(to)g(be)h(dele)o(gated)
2063 2903 y(the)k(right)g(by)g(some)h(authorized)d(personnel.)34
b(If)23 b(the)h(polic)o(y)f(states)2063 2994 y(that)h(all)h(professors)
f(can)g(use)h(the)f(projector)f(and)h(that)h(professors)2063
3085 y(can)19 b(dele)o(gate)g(this)h(right)g(to)g(the)g(lecturer)m(,)f
(the)h(lecturer)f(can)g(obtain)2063 3177 y(the)h(')o(tok)o(en')e(from)h
(a)h(professor)-5 b(.)24 b(Using)c(a)h(hand-held)d(de)n(vice)h(such)
2063 3268 y(as)e(a)g(PD)m(A,)f(mobile)g(phone)f(etc.)24
b(the)17 b(visitor)f(beams)g(her/his)g(identi-)2063 3359
y(fying)i(tok)o(en)h(to)g(the)h(projector)e(along)g(with)i(the)f(dele)o
(gation)f(tok)o(en.)2063 3451 y(The)30 b(projector)f(may)h(or)h(may)f
(not)g(ha)n(v)o(e)g(the)h(processing)f(po)n(wer)2063
3542 y(to)d(reason)g(about)g(these)h(certi\002cates)g(and)f(rights.)47
b(If)27 b(it)i(does)e(not)2063 3633 y(ha)n(v)o(e)e(the)g(capability)-5
b(,)26 b(the)g(agent)f(in)h(the)f(projector)f(sends)i(the)g(to-)2063
3725 y(k)o(en)17 b(\(using)g(wireless)i(or)e(wire)h(line)h
(communication\))14 b(to)k(a)h(')-5 b(smart')2063 3816
y(agent)24 b(that)i(e)n(v)n(aluates)f(the)h(request)f(and)g(returns)f
(the)i(result.)41 b(The)2063 3907 y(agent)22 b(that)h(does)g(the)g
(reasoning)e(needs)h(to)i(check)e(the)h(identity)f(of)2063
3999 y(the)j(requester)f(and)h(then)g(mak)o(e)g(sure)g(that)g(the)h
(requester)e(has)i(the)2063 4090 y(right)e(to)g(access)i(the)e
(projector)-5 b(.)37 b(In)25 b(this)g(case,)h(the)f(requester)e(has)
2063 4181 y(been)f(dele)o(gated)e(the)j(right)f(by)g(a)h(professor)m(,)
f(so)h(the)f(agent)h(should)2063 4273 y(v)o(erify)e(that)j(the)f
(professor)f(has)h(the)h(right)e(to)i(dele)o(gate.)33
b(Once)23 b(the)2063 4364 y(request)16 b(is)i(v)n(alidated,)f(the)g
(visitor)g(can)g(beam)g(her/his)g(slides)h(to)g(the)2063
4455 y(projector)g(agent)i(that)g(starts)h(up)f(the)g(presentation.)
2146 4551 y(W)-7 b(e)43 b(ha)n(v)o(e)e(started)h(e)o(xperimenting)d
(with)j(Bluetooth)f(\(Blue-)2063 4642 y(toothwebsite)30
b(2001\))g(and)i(belie)n(v)o(e)f(that)h(the)f(abo)o(v)o(e)g(scenario)g
(is)2063 4734 y(not)43 b(too)g(f)o(ar)g(in)g(the)h(future)e(\(Lalana)g
(Kagal)h(2001;)f(Chen)h(&)2063 4825 y(Chakraborty)17
b(2001\).)2750 5030 y Fj(Infrastructur)n(e)2063 5159
y Fi(Our)23 b(architecture)f(assumes)h(that)h(each)f(group)f(of)h
(agents,)h(kno)n(wn)2063 5250 y(as)37 b(polic)o(y)f(domains,)j(is)f
(protected)d(by)i(one)f(or)g(more)g(security)p eop
%%Page: 3 3
3 2 bop -150 -67 a Fi(agents.)34 b(These)23 b(agents)g(are)g
(responsible)f(for)g(authorizing)f(access)-150 24 y(to)f
(services/resources)e(within)h(that)g(group.)k(These)c(agents)g(access)
-150 116 y(the)k(polic)o(y)f(and)h(kno)n(wledge)e(base)i(associated)g
(with)g(the)h(domain.)-150 207 y(The)g(kno)n(wledge)e(base,)k(encoded)c
(in)j(Prolog,)f(contains)g(informa-)-150 298 y(tion)k(about)f(the)g
(agents)h(in)g(the)g(domain,)g(including)e(their)i(name,)-150
390 y(role/position,)h(age)f(and)g(other)g(characteristics)g
(associated)h(with)-150 481 y(an)e(emplo)o(yee)f(.)46
b(All)28 b(dele)o(gations)d(are)i(stored)f(with)i(the)f(security)-150
572 y(agents,)35 b(which)d(ha)n(v)o(e)g(the)g(ability)h(to)f(reason)g
(about)g(them.)61 b(An)-150 664 y(agent)19 b(\(requester\))g(can)g(e)o
(x)o(ecute)g(a)h(right)g(or)g(access)g(a)h(resource)d(by)-150
755 y(pro)o(viding)e(it')-5 b(s)20 b(identity)e(information)e(to)j(the)
f(security)h(agent.)k(The)-150 846 y(security)c(agent)h(checks)f(this)h
(information)e(for)h(v)n(alidity)g(and)g(reads)-150 938
y(its)f(policies)f(to)h(v)o(erify)d(that)j(the)f(requester)f(has)h(the)
h(right.)23 b(If)17 b(the)g(re-)-150 1029 y(questing)h(agent)h(does)g
(not)g(ha)n(v)o(e)g(the)g(right,)g(the)g(security)g(agent)f(re-)-150
1120 y(turns)i(an)g(error)f(message.)25 b(Otherwise)20
b(it)h(forw)o(ards)e(the)h(request)g(to)-150 1212 y(the)e(agent)e(in)i
(char)o(ge)e(of)h(the)h(resource,)e(the)i(accessor)f(agent,)g(along)
-150 1303 y(with)26 b(a)g(message)f(indicating)f(that)i(the)g(request)e
(is)j(authorized)c(by)-150 1394 y(the)g(security)f(agent.)31
b(As)23 b(the)g(security)f(agent)g(is)h(trusted)f(by)g(e)n(v)o(ery)-150
1486 y(other)30 b(agent)h(in)g(the)g(system,)j(the)d(requesting)f
(agent)g(is)j(granted)-150 1577 y(access.)55 b(If)30
b(the)g(accessor)g(agent)f(has)h(the)g(computing)e(po)n(wer)h(to)-150
1668 y(reason)24 b(about)g(certi\002cates,)i(rights)f(and)f(dele)o
(gations)f(the)i(request)-150 1760 y(can)20 b(be)g(sent)h(directly)e
(to)h(it,)h(instead)f(of)g(via)g(the)g(security)g(agent.)-67
1856 y(The)h(requester)f(can)g(also)i(obtain)e(access)h(to)g(a)h
(certain)e(resource)-150 1947 y(that)15 b(it)i(pre)n(viously)c(could)h
(not)h(access,)i(through)c(a)j(dele)o(gation)d(from)-150
2039 y(an)32 b(authorized)e(agent)i(\(dele)o(gator\).)58
b(An)32 b(authorized)e(agent)h(\(an)-150 2130 y(agent)c(with)h(the)f
(ability)g(to)h(dele)o(gate)e(a)i(certain)f(right\))f(dele)o(gates)-150
2221 y(the)15 b(right)g(by)g(sending)f(a)h(message)h(to)f(the)g
(security)g(agent.)23 b(The)14 b(del-)-150 2312 y(e)o(gation)19
b(has)j(to)f(be)g(appro)o(v)o(ed)d(by)j(the)g(security)f(agent)h(and)f
(should)-150 2404 y(conform)29 b(to)i(its)h(policies.)57
b(The)31 b(requester)f(approaches)f(the)i(se-)-150 2495
y(curity)26 b(agent)h(with)g(its)h(identity)f(information)d(and)j(a)g
(request)g(for)-150 2586 y(permission.)51 b(The)29 b(security)g(agent)f
(v)o(eri\002es)h(the)h(identity)e(of)h(the)-150 2678
y(requester)23 b(and)g(checks)h(with)g(its)h(policies)f(to)g(mak)o(e)f
(sure)h(that)g(the)-150 2769 y(requester)d(can)h(be)g(gi)n(v)o(en)e
(access)j(to)f(the)g(resource.)29 b(The)22 b(ne)n(w)f(del-)-150
2860 y(e)o(gation)j(mak)o(es)h(the)h(request)f(v)n(alid.)41
b(The)25 b(security)g(agent)g(gener)n(-)-150 2952 y(ates)c(an)g
(authorization)d(tick)o(et/certi\002cate)i(which)h(contains)e(a)j(Pro-)
-150 3043 y(log)27 b(\(Swedish)f(Institute)h(2001b\))d(lik)o(e)j
(statement)g(gi)n(ving)e(the)i(re-)-150 3134 y(quester)d(permission)g
(to)h(access)h(the)f(resource.)38 b(This)25 b(message)g(is)-150
3226 y(sent)20 b(to)h(the)f(requesting)f(agent.)24 b(These)c
(statements)g(are)g(dated)g(and)-150 3317 y(are)k(v)n(alid)f(only)g
(for)h(a)g(certain)f(period)g(of)g(time.)36 b(While)25
b(the)f(state-)-150 3408 y(ments)19 b(are)g(v)n(alid,)g(the)h
(requesting)d(agent)i(can)g(use)h(them)f(as)h(tick)o(ets)-150
3500 y(to)g(access)g(the)f(resource.)24 b(This)19 b(allo)n(ws)h(the)f
(entire)h(process)f(of)g(v)o(er)n(-)-150 3591 y(i\002cation)h(and)h
(reasoning)e(to)h(be)h(skipped,)e(and)i(the)f(requester)g(gets)-150
3682 y(access)26 b(to)g(the)f(resource)g(as)h(soon)f(as)h(the)g
(authorizing)d(statement)-150 3774 y(is)e(recognized)d(and)i(v)o
(eri\002ed)f(by)h(the)g(accessor)g(agent.)-67 3870 y(All)38
b(the)f(reasoning)e(about)h(rights)h(and)g(dele)o(gations)e(is)j(han-)
-150 3961 y(dled)27 b(by)h(a)g(set)h(of)e(Prolog)g(rules)h(causing)f
(incorrect)f(dele)o(gations)-150 4053 y(and)i(statements)h(to)g(be)g
(trapped)f(by)g(Prolog')-5 b(s)29 b(backw)o(ard)e(chain-)-150
4144 y(ing)19 b(mechanism)g(and)g(pre)n(v)o(ented)e(from)i(going)f
(through.)23 b(W)-7 b(e)21 b(ha)n(v)o(e)-150 4235 y(rules)g(that)g
(cause)g(constraints)f(on)h(rights)g(to)g(be)g(propagated)d(when)-150
4327 y(a)j(dele)o(gation)d(occurs.)-67 4423 y(A)30 b(dele)o(gatee)e(is)
j(an)f(agent)f(that)h(dele)o(gates)e(a)j(certain)e(right)g(to)-150
4514 y(another)d(agent)h(or)h(group)d(of)j(agents.)47
b(It)28 b(has)g(the)f(permission)g(to)-150 4606 y(perform)d(a)j
(certain)e(action)h(and)g(also)g(the)g(ability)g(to)h(further)d(del-)
-150 4697 y(e)o(gate)g(this)i(right.)38 b(A)26 b(dele)o(gatee)d(will)j
(only)e(dele)o(gate)g(to)h(an)g(agent)-150 4788 y(that)i(it)h(trusts)g
(since)g(the)f(dele)o(gatee)e(is)k(held)d(responsible)g(for)h(the)-150
4880 y(actions)20 b(of)g(the)g(agents)g(it)h(has)f(dele)o(gated)f(to.)
-67 4976 y(W)-7 b(e)25 b(use)f(X.509)e(certi\002cates)i(for)f(identity)
g(certi\002cates)h(and)f(for)-150 5067 y(encapsulating)34
b(dele)o(gations.)70 b(The)35 b(ITU-T)g(Recommendation,)-150
5159 y(X.509,)20 b(has)i(been)e(implemented)f(as)j(a)g(de)f(f)o(acto)g
(standard.)27 b(X.509)-150 5250 y(focuses)21 b(on)g(de\002ning)f(a)i
(mechanism)e(by)h(which)f(information)f(can)2063 -67
y(be)h(made)h(a)n(v)n(ailable)f(in)i(a)f(secure)g(w)o(ay)g(to)g(a)g
(third-party)-5 b(.)25 b(X.509v3)2063 24 y(speci\002cations)c(de\002ne)
h(a)g(certi\002cate)g(as:)30 b Fd(user)22 b(certi\002cate;)g(public)
2063 116 y(k)o(e)n(y)15 b(certi\002cate;)h(certi\002cate:)22
b(The)15 b(public)g(k)o(e)n(ys)g(of)h(a)g(user)-9 b(,)16
b(to)o(g)o(ether)2063 207 y(with)21 b(some)g(other)g(information,)e(r)m
(ender)m(ed)h(unfor)m(g)o(eable)f(by)i(enci-)2063 298
y(pherment)k(with)i(the)f(private)g(k)o(e)n(y)h(of)f(the)g
(certi\002cation)g(authority)2063 390 y(whic)o(h)19 b(issued)i(it.)2707
582 y Fj(Kno)o(wledge)k(Base)2063 700 y Fi(W)-7 b(e)23
b(use)g(a)h(number)c(of)j(predicates)f(to)h(represent)e(the)i
(information)2063 792 y(\003o)n(wing)14 b(in)i(the)g(system.)23
b(W)-7 b(e)17 b(also)f(describe)f(the)h(agents)f(in)h(the)f(pol-)2063
883 y(ic)o(y)22 b(domain)g(and)h(store)g(this)g(information)e(in)i(a)h
(kno)n(wledge)d(base.)2063 974 y(A)j(security)f(agent)g(uses)i(this)f
(kno)n(wledge)e(along)h(with)h(the)g(polic)o(y)2063 1066
y(while)19 b(granting)f(permission)h(to)h(an)g(agent.)k(W)-7
b(e)21 b(encode)e(in)h(Prolog)2063 1157 y(details)i(about)g(the)g
(name,)g(role,)g(etc.)32 b(of)22 b(the)h(agent.)30 b(All)24
b(informa-)2063 1248 y(tion)f(the)g(system)h(learns)g(is)g(also)g
(added)f(to)g(the)h(kno)n(wledge)d(base;)2063 1340 y(dele)o(gations)d
(and)h(requests.)2063 1516 y Fb(Request)2063 1625 y Fi(An)26
b(agent)g(requests)g(a)h(security)f(agent)g(to)h(perform)e(some)h
(action)2063 1708 y(on)i(his)h(behalf.)51 b(The)28 b(security)h(agent)f
(will)i(perform)d(this)i(action)2063 1791 y(only)19 b(if)h(the)h(agent)
e(has)i(the)f(ability)g(to)g(do)g(so.)2063 1909 y Fa
(request\(<fromAgent>,<action>\))2146 2026 y Fi(An)d(agent)f(can)h
(also)h(request)e(for)h(permission)f(to)h(perform)e(a)j(cer)n(-)2063
2110 y(tain)e(action.)23 b(If)15 b(the)h(requested)f(agent)g(is)i
(satis\002ed)g(with)f(the)g(agent')-5 b(s)2063 2193 y(credentials,)24
b(this)h(request)e(will)i(result)g(in)f(a)h(dele)o(gation)d(from)i(the)
2063 2276 y(requestee)19 b(to)h(the)g(requestor)-5 b(.)2063
2393 y Fa(requestPermission\(<fromAgent>,<actio)o(n>\))2063
2570 y Fb(Delegation)2063 2687 y Fi(An)25 b(agent)f(can)h(e)o(x)o
(ecute)f(an)o(y)h(action)f(that)i(it)g(has)f(the)g(right)g(to)g(e)o(x-)
2063 2779 y(ecute,)j(or)e(has)h(been)g(has)g(been)f(dele)o(gated)f(the)
i(right)f(to)h(e)o(x)o(ecute.)2063 2870 y(It)d(can)h(also)g(dele)o
(gate)e(this)i(right)f(to)h(other)f(agents,)h(if)g(it)g(has)g(been)2063
2961 y(authorized)16 b(to)i(subsequently)e(dele)o(gate.)23
b(The)18 b(agent)f(can)h(also)h(del-)2063 3053 y(e)o(gate)g(all)j(the)f
(axiomatic)f(rights)g(that)h(it)h(possesses.)27 b(A)22
b(dele)o(gation)2063 3144 y(itself)j(is)h(a)g(right)e(which)h(can)f(be)
h(dele)o(gated.)38 b(In)25 b(other)f(w)o(ords,)i(an)2063
3235 y(agent)c(could)g(be)h(gi)n(v)o(en)e(the)i(ability)g(to)g(perform)
e(some)i(action)g(b)n(ut)2063 3327 y(not)e(to)h(further)e(dele)o(gate)h
(it,)h(gi)n(v)o(en)f(the)h(right)f(to)h(some)g(action)f(and)2063
3418 y(the)g(permission)f(to)h(dele)o(gate)f(it,)i(or)f(the)g(ability)g
(to)g(dele)o(gate)f(some)2063 3509 y(action)f(b)n(ut)h(not)g(the)g
(ability)g(to)h(e)o(x)o(ecute)e(it.)2146 3601 y(So,)33
b(an)d(agent)g(can)g(dele)o(gate)f(an)o(y)h(')l(dele)o(gatable')d
(right.)55 b(This)2063 3693 y(leads)15 b(to)h(a)g(chain)g(of)f(dele)o
(gation,)f(and)h(if)h(an)o(y)f(one)g(link)h(is)h(no)e(longer)2063
3784 y(v)n(alid)22 b(the)h(access)h(is)g(denied.)33 b(W)-7
b(e)24 b(also)g(allo)n(w)f(for)g(constraints)f(on)2063
3875 y(rights,)d(dele)o(gations)f(and)i(ability)g(to)g(re-dele)o(gate.)
2146 3967 y(One)i(of)h(the)g(main)g(features)f(in)h(our)f(system)i(is)f
(that)h(f)o(alse)f(dele-)2063 4058 y(gations)18 b(are)h(not)g(rejected)
f(as)i(soon)f(as)h(the)o(y)e(enter)h(the)g(system,)h(b)n(ut)2063
4150 y(are)j(stored)f(for)h(later)g(e)n(v)n(aluation)f(of)h(a)g
(possible)g(security)g(breach.)2063 4241 y(An)17 b(agent)g(has)h(the)g
(ability)f(to)h(mak)o(e)f(an)o(y)g(dele)o(gation,)f(b)n(ut)i(whether)
2063 4332 y(it)i(is)g(honored)d(depends)h(on)h(v)n(arious)g(f)o
(actors,)g(including)e(the)j(secu-)2063 4424 y(rity)h(polic)o(y)-5
b(,)20 b(the)i(agent')-5 b(s)22 b(rights,)f(and)h(the)f(rights)h(of)f
(the)h(agents)f(in)2063 4515 y(the)f(dele)o(gation)e(chain.)2146
4607 y(The)35 b(statement)g(that)g(is)h(used)g(to)f(describe)g(dele)o
(gations)e(and)2063 4698 y(constraints)19 b(on)h(dele)o(gations)e(is)j
(:)2063 4825 y Fa(delegate\(IssueTime,)41 b(StartTime,)i(EndTime,)2107
4908 y(From,)h(To,)h(canDo\(X,)e(Action,)h(CDC\),)2466
4991 y(IDC,)g(Redelegatable\))2063 5124 y Fh(\017)d Fi(IssueT)m(ime)19
b(:)26 b(when)20 b(the)g(statement)g(w)o(as)h(issued)2063
5250 y Fh(\017)41 b Fi(StartT)m(ime)19 b(:)26 b(when)20
b(the)g(dele)o(gation)e(becomes)h(v)n(alid)p eop
%%Page: 4 4
4 3 bop -150 -67 a Fh(\017)41 b Fi(EndT)m(ime)19 b(:)26
b(when)19 b(the)h(dele)o(gation)e(becomes)i(in)m(v)n(alid)-150
55 y Fh(\017)41 b Fi(From)20 b(:)26 b(dele)o(gator)18
b(agent)-150 177 y Fh(\017)41 b Fi(T)-7 b(o)20 b(:)26
b(dele)o(gatee)19 b(agent)-150 299 y Fh(\017)41 b Fi
(canDo\(X,Action,CDC\))17 b(:)k(dele)o(gated)d(action,)h(X)h(has)g(the)
g(right)-67 391 y(to)g(the)h(action,)e(only)g(if)i(X)g(satis\002es)g
(the)f(condition)f(CDC)-150 513 y Fh(\017)41 b Fi(IDC)21
b(:)g(condition)d(on)i(the)g(dele)o(gation)-150 635 y
Fh(\017)41 b Fi(Redele)o(gatable)23 b(:)34 b(true)23
b(if)i(the)f(dele)o(gator)m(,)f(T)-7 b(o,)25 b(has)g(the)f(permis-)-67
726 y(sion)c(to)h(redele)o(gate)d(the)i(action)-150 870
y Fg(T)-6 b(ypes)22 b(of)f(delegations)82 b Fi(Our)21
b(w)o(ork)g(in)h(the)f(EECOMS)h(scenario)-150 961 y(in)m(v)n(olv)o(ed)
17 b(se)n(v)o(eral)i(dif)n(ferent)f(types)i(of)f(dele)o(gations)f
(which)h(we)g(de-)-150 1052 y(scribe)h(here)g(and)f(gi)n(v)o(e)h
(simple)g(e)o(xamples.)-150 1179 y Fh(\017)41 b Fi(T)m(ime)28
b(Bound)e(Dele)o(gation)g(:)41 b(It)27 b(is)i(a)f(dele)o(gation)d(that)
j(is)h(v)n(alid)-67 1271 y(only)19 b(for)h(a)h(certain)e(time)i(period)
-67 1405 y Fa(delegate\(1105001120,1105001121,)40 b(1110001120,)337
1488 y(From,)j(X,)i(canDo\(Y,)e(Action,)h(CDC\),)337
1571 y(employee\(X,abc\),)e(Flag\))-67 1713 y Fi(This)33
b(dele)o(gation)e(is)j(only)e(v)n(alid)g(between)g(1105001121)d(and)-67
1804 y(1110001120.)-150 1926 y Fh(\017)41 b Fi(Group)23
b(Dele)o(gation)f(:)34 b(It)24 b(can)g(be)g(used)g(to)g(dele)o(gate)f
(rights)g(to)i(a)-67 2018 y(group)18 b(of)i(agents)g(who)g(satisfy)g
(certain)g(conditions)-67 2152 y Fa(delegate\(IssueTime,)42
b(StartTime,)h(EndTime,)337 2235 y(From,)g(X,)i(canDo\(Y,)e(Action,)h
(CDC\),)337 2318 y(\(employee\(X,abc\),age\(X,24\)\),)c(Flag\))-67
2460 y Fi(This)27 b(dele)o(gates)g(the)g(right)f(to)i(perform)d
Fd(Action)i Fi(to)g(a)h(group)d(of)-67 2551 y(emplo)o(yees)19
b(of)h Fd(abc)g Fi(who)f(are)h(24)g(years)g(old.)-150
2673 y Fh(\017)41 b Fi(Action)25 b(Restricted)h(Dele)o(gation)d(:)37
b(This)25 b(forces)g(the)h(dele)o(gatee)-67 2765 y(to)d(satisfy)h
(certain)f(conditions)e(before)h(the)h(action)g(can)g(be)g(car)n(-)-67
2856 y(ried)d(out)-67 2990 y Fa(delegate\(IssueTime,)42
b(StartTime,)h(EndTime,)337 3073 y(From,)g(X,)337 3156
y(canDo\(Y,)g(Action,)h(name\(Y,john\))e(\),)337 3239
y(\(employee\(X,abc\),age\(X,24\)\),)e(Flag\))-67 3381
y Fi(Only)25 b(emplo)o(yees)g(of)h Fd(abc)f Fi(who)g(are)h(24)f(and)h
(named)e Fd(john)h Fi(can)-67 3472 y(e)o(x)o(ecute)k(this)h(action,)i
(though)d(all)h(emplo)o(yees)f(aged)h(24)g(ha)n(v)o(e)-67
3564 y(been)20 b(dele)o(gated)e(the)i(right.)-150 3686
y Fh(\017)41 b Fi(Redele)o(gatable)20 b(Dele)o(gation)g(:)30
b(In)21 b(this)i(dele)o(gation,)d(a)i(right)f(can)-67
3777 y(be)f(dele)o(gated)e(along)i(with)g(the)g(right)g(to)g(re-dele)o
(gate)e(the)i(right.)-67 3911 y Fa(delegate\(IssueTime,)42
b(StartTime,)h(EndTime,)337 3994 y(From,)g(To,)i(canDo\(X,)e(Action,)h
(CDC\),)337 4077 y(IDC,)g(true\))-67 4219 y Fi(This)20
b(statement)g(allo)n(ws)g(the)h(recipient)e(to)h(further)e(dele)o(gate)
h(the)-67 4311 y(right.)-150 4433 y Fh(\017)41 b Fi(Strictly)19
b(Redele)o(gatable)f(Dele)o(gation)g(:)25 b(This)20 b(statement)f(allo)
n(ws)-67 4524 y(a)h(right)f(to)h(be)f(re-dele)o(gated)e(without)h(gi)n
(ving)h(the)g(dele)o(gatee)f(the)-67 4615 y(right)i(to)g(actually)g(do)
f(the)i(action.)-67 4749 y Fa(delegate\(IssueTime,)42
b(StartTime,)h(EndTime,)337 4832 y(From,)g(john,)337
4915 y(canDo\(Y,)g(Action,)h(notname\(Y,john\)\),)337
4998 y(IDC,)g(true\))-67 5141 y Fd(john)24 b Fi(is)i(gi)n(v)o(en)e(the)
h(right)f(to)h(further)e(dele)o(gate)h(the)h(action,)g
Fd(Ac-)-67 5232 y(tion)p Fi(,)20 b(b)n(ut)g(not)g(the)g(permission)f
(to)h(e)o(x)o(ecute)f(the)h(action)g(himself.)2927 -67
y Fj(P)n(olicy)2063 62 y Fi(Each)26 b(domain)g(has)i(a)f(polic)o(y)f
(associated)h(with)h(it)g(\(Lupu)d(&)j(Slo-)2063 154
y(man)f(1997;)g(Lupu)g Fd(et)h(al.)49 b Fi(1995\).)e(This)29
b(polic)o(y)e(consists)h(of)g(au-)2063 245 y(thorization)e(policies)i
(and)g(dele)o(gation)e(policies.)49 b(Authorization)2063
336 y(policies)26 b(deal)g(with)h(the)f(rules)g(for)g(checking)f(the)h
(v)n(alidity)g(of)g(re-)2063 428 y(quests)h(for)h(actions.)47
b(An)28 b(e)o(xample)e(of)i(a)g(rule)g(for)f(authorization)2063
519 y(w)o(ould)i(be)g(checking)f(the)i(identity)f(certi\002cate)h(of)f
(an)h(agent)f(and)2063 610 y(v)o(erifying)22 b(that)k(the)f(agent)g
(has)g(an)h(axiomatic)e(right.)39 b(Dele)o(gation)2063
702 y(policies)28 b(describe)g(rules)h(for)f(dele)o(gation)e(of)j
(rights.)50 b(A)29 b(rule)f(for)2063 793 y(dele)o(gation)d(w)o(ould)h
(be)i(checking)d(that)j(an)f(agent)g(has)g(the)h(ability)2063
884 y(to)g(dele)o(gate)f(before)g(allo)n(wing)g(the)i(dele)o(gation)d
(to)i(be)h(appro)o(v)o(ed.)2063 976 y(A)24 b(polic)o(y)f(also)i
(contains)f(basic)g(or)g(axiomatic)f(rights,)i(and)f(rights)2063
1067 y(associated)19 b(with)g(roles.)25 b(W)-7 b(e)20
b(introduce)e(the)h(concept)f(of)h(primiti)n(v)o(e)2063
1158 y(or)f(axiomatic)f(rights,)h(which)g(are)g(rights)g(that)g(all)h
(indi)n(viduals)e(pos-)2063 1250 y(sess)28 b(and)e(that)i(are)f(stored)
f(in)h(the)g(global)g(polic)o(y)-5 b(.)44 b(F)o(or)26
b(e)o(xample,)2063 1341 y(e)n(v)o(ery)20 b(citizen)i(of)g(India)f(has)h
(the)g(right)f(to)i(v)n(ote,)f(and)f(an)o(yone)f(who)2063
1432 y(o)n(wns)28 b(a)g(database)g(has)g(the)h(right)e(to)i(dele)o
(gate)e(the)h(right)g(to)g(read)2063 1524 y(from/write)c(to)i(that)f
(database.)41 b(These)25 b(are)h(basic)g(rights)f(that)h(are)2063
1615 y(not)20 b(often)g(e)o(xpressed,)f(b)n(ut)i(used)f(implicitly)-5
b(.)26 b(All)21 b(policies)f(are)h(de-)2063 1706 y(scribed)i(in)i
(Prolog.)37 b(A)25 b(polic)o(y)e(can)i(be)f(vie)n(wed)g(as)h(a)g(set)g
(of)g(rules)2063 1798 y(for)20 b(a)h(particular)f(domain)f(that)i
(de\002nes)g(what)g(permissions)f(a)i(user)2063 1889
y(has)e(and)g(what)g(permissions)f(she/he)h(can)g(obtain.)2146
1985 y(Users)25 b(of)g(the)g(system)h(are)f(generally)f(assigned)g
(roles.)40 b(A)26 b(role)2063 2076 y(is)d(de\002ned)f(as)h(a)g
(collection)f(of)g(rights)h(and)f(duties)h(\(Sandhu)d
Fd(et)k(al.)2063 2167 y Fi(1996;)g(Lupu)g(&)h(Sloman)g(1997;)f(Lupu)g
Fd(et)i(al.)41 b Fi(1995\).)e(Roles)26 b(are)2063 2258
y(arranged)c(in)j(a)g(hierarchy)-5 b(,)23 b(so)i(that)g(rights)g(can)f
(be)h(inherited.)38 b(An)2063 2350 y(entity)29 b(has)h(a)h(right)e(if)i
(it)f(is)h(mentioned)d(in)j(the)f(polic)o(y)f(or)g(if)i(the)2063
2441 y(right)24 b(has)h(been)f(dele)o(gated)e(to)j(it)h(by)e(another)f
(entity)i(that)g(has)g(the)2063 2532 y(ability)h(to)i(dele)o(gate.)44
b(Dele)o(gations)26 b(generally)g(\003o)n(w)h(do)n(wnw)o(ards)2063
2624 y(in)e(the)h(role)f(hierarchy)-5 b(,)24 b(and)h(are)g(from)g(a)h
(higher)e(role)h(to)h(a)g(lo)n(wer)2063 2715 y(role.)60
b(Ho)n(we)n(v)o(er)31 b(our)h(frame)n(w)o(ork)e(does)i(not)g(strictly)g
(adhere)f(to)2063 2806 y(role)16 b(based)h(access,)h(and)e(allo)n(ws)i
(rights)e(and)h(dele)o(gations)e(to)i(be)g(as-)2063 2898
y(signed)i(to)i(indi)n(viduals)e(and)h(groups.)k(This)d(o)o(v)o
(ercomes)d(the)j(dra)o(w-)2063 2989 y(backs)e(of)h(Access)h(Control)f
(Lists)h(and)e(Role)i(Based)g(Access.)2063 3126 y Fg(Rights)82
b Fi(As)28 b(rights)e(are)g(used)h(throughout)c(the)k(system,)h(we)f
(de-)2063 3217 y(scribe)f(the)h(syntax)f(in)i(more)e(detail.)45
b(In)26 b(our)h(system,)h(we)f(model)2063 3309 y(permissions)22
b(as)i(rights)f(that)h(an)f(agent)g(possesses.)35 b(W)-7
b(e)24 b(associate)2063 3400 y(rights)19 b(with)h(actions,)f(so)h(a)g
(right)f(implies)h(that)f(the)h(corresponding)2063 3491
y(agent)f(is)i(permitted)e(to)i(perform)d(a)i(certain)g(action.)2146
3587 y(Our)d(system)g(encodes)g(rights)g(into)g(a)h(logical)f(form)f
(in)h(Prolog)g(as)2063 3678 y(the)j(follo)n(wing)e(:)2063
3818 y Fa(rightToDo\(agentName,)41 b(Action,)j(Constraint\))2063
3957 y Fh(\017)d Fi(agentName)18 b(:)26 b(URI)21 b(for)e(the)i(agent)
2063 4091 y Fh(\017)41 b Fi(Action)64 b(:)115 b(representation)63
b(of)i(the)g(ability)g(e)o(g.)159 b(ac-)2146 4182 y(cessDB\(db5,read\))
2063 4315 y Fh(\017)41 b Fi(Constraint)64 b(:)114 b(restriction)64
b(on)g(the)g(right,)75 b(e)o(g.)158 b(em-)2146 4407 y(plo)o
(yee\(agentName,XYZ\))2146 4550 y(Using)24 b(this)h(statement,)g(all)f
(kinds)g(of)g(permissions)g(on)g(actions)2063 4642 y(can)e(be)h
(speci\002ed.)33 b(An)23 b(agent)f(is)i(gi)n(v)o(en)d(the)i(right)f(to)
h(do)g(a)g(certain)2063 4733 y(action)15 b(based)h(on)g(a)h
(constraint.)22 b(An)16 b(agent)g(can)g(e)o(x)o(ecute)f(the)h(action)
2063 4824 y(only)j(if)h(it)h(satis\002es)h(all)f(the)f(constraints.)
2860 5029 y Fj(Ontology)2063 5159 y Fi(Our)d(approach)e(uses)j(a)g
(simple)f(ontology)f(of)h(agents,)g(propositions)2063
5250 y(and)i(actions)h(which)g(are)g(brie\003y)f(described)g(belo)n(w)
-5 b(.)p eop
%%Page: 5 5
5 4 bop -150 -67 a Fh(\017)41 b Fi(Agents)20 b(:)27 b(An)20
b(agent)g(is)i(an)e(entity)g(in)h(the)f(system,)h(which)f(could)-67
24 y(be)g(a)h(program)d(or)i(a)g(human.)-150 150 y Fh(\017)41
b Fi(Propositions)21 b(:)31 b(W)-7 b(e)24 b(use)f(tw)o(o)g
(propositions,)e(ability)h(and)h(dele-)-67 241 y(gate)d(:)-67
375 y Fg(\226)41 b Fi(Ability)17 b(is)h(a)f(property)e(that)i(an)g
(agent)g(has.)24 b(An)17 b(ability)f(is)i(true)16 467
y(if)j(an)f(agent)f(has)i(the)f(right)f(to)i(perform)d(the)i(action.)16
584 y Fa(canDo\(<agent>,<action>,<constraintsOnAc)o(tion>\))-67
710 y Fg(\226)41 b Fi(Dele)o(gate)23 b(is)j(a)f(proposition)d(asserted)
i(into)g(a)h(database)f(say-)16 801 y(ing)h(that)g(one)g(agent)g(dele)o
(gates)f(to)h(another)f(agent)g(the)i(right)16 892 y(to)20
b(perform)f(some)h(action.)16 1009 y Fa
(delegate\(<issueTime>,<startTime>,<endTi)o(me>,)420
1092 y(<fromAgent>,<toAgent>,<ability>,)420 1175 y
(<constraintOnDelegation>,)420 1259 y(<redelegateFlag>\))-150
1384 y Fh(\017)41 b Fi(Action)19 b(is)i(what)f(an)g(agent)f(can)g
(perform)f(and)h(is)i(closely)f(link)o(ed)-67 1467 y(to)g(abilities.)
-67 1601 y Fa(accessDB\(db5,read\))395 1794 y Fj(Interaction)26
b(Pr)n(otocols)-150 1912 y Fi(W)-7 b(e)28 b(ha)n(v)o(e)e(de)n(v)o
(eloped)e(a)i(set)i(of)e(Interaction)f(Protocols)g(based)h(on)-150
2003 y(FIP)-8 b(A)19 b(\(FIP)-8 b(A)20 b(1998\))c(for)i(communication)e
(between)i(the)h(agents)f(in)-150 2094 y(the)k(domain.)31
b(Each)22 b(agent)f(communication)f(is)j(an)g(object)f(kno)n(wn)-150
2186 y(as)30 b(Signed)f(Message)g(Object)g(\(SMO\).)g(An)h(SMO)g
(consists)g(of)f(a)-150 2277 y(list)22 b(of)e(certi\002cates,)g(the)h
(request)e(or)i(the)f(authorization)e(statement)-150
2368 y(signed)d(with)g(the)h(senders)f(pri)n(v)n(ate)f(k)o(e)o(y)-5
b(,)16 b(and)f(other)f(required)g(\002elds.)-150 2460
y(The)22 b(rele)n(v)n(ant)e(certi\002cates)j(are)e(included)g(as)i
(part)e(of)h(the)g(commu-)-150 2551 y(nication)c(data)h(structure)f(to)
h(e)o(xpedite)f(the)h(authorization)e(process.)-150 2642
y(The)k(SMO)h(contains)f(tw)o(o)g(te)o(xt)h(\002elds,)g
Fd(msg)g Fi(and)e Fd(signedMsg)p Fi(.)28 b(F)o(or)-150
2734 y(e)o(xample,)e(if)g(an)f(agent)h(after)f(acquiring)f(a)i(dele)o
(gation)e(for)h(a)h(par)n(-)-150 2825 y(ticular)32 b(right,)i(wished)e
(to)g(perform)e(the)j(action,)h(it)f(w)o(ould)e(send)-150
2916 y(a)e(request)g(SMO)g(to)g(the)g(agent)g(controlling)d(the)j
(resource.)50 b(The)-150 3008 y(SMO)28 b(w)o(ould)f(contain)g(the)h
(requesting)e(agent')-5 b(s)28 b(identity)f(certi\002-)-150
3099 y(cate)32 b(and)f(the)h(dele)o(gation)e(certi\002cate.)59
b(The)31 b(clear)h(te)o(xt)g(request)-150 3190 y(for)e(access)h(w)o
(ould)f(be)h(in)f(the)h Fd(msg)g Fi(\002eld)g(of)f(the)h(SMO)g(and)f
(the)-150 3281 y Fd(signedMsg)23 b Fi(\002eld)h(w)o(ould)f(consist)g
(of)h(the)f(signed)g(request)g(for)g(ac-)-150 3373 y(cess.)43
b(The)25 b(recei)n(ving)g(agent)g(w)o(ould)g(v)o(erify)g(the)h
(certi\002cates)g(and)-150 3464 y(check)20 b(the)g(signed)g(request)g
(against)g(the)g(clear)h(te)o(xt)f(request.)25 b(If)20
b(all)-150 3555 y(the)g(checks)g(went)g(through,)e(the)i(request)g(w)o
(ould)f(be)h(permitted.)-150 3731 y Fb(Pr)n(olog)25 b(Pr)n(edicates)
-150 3849 y Fi(The)20 b(Interaction)e(Protocols)i(use)g(certain)g
(prolog)e(predicates,)h(em-)-150 3941 y(bedded)g(into)g(SMOs,)i(that)f
(are)h(described)d(belo)n(w)i(:)-150 4075 y Fh(\017)41
b Fi(An)26 b(agent)f(requests)h(another)e(agent)i(to)g(perform)e(some)i
(action)-67 4166 y(on)j(his)i(behalf.)52 b(The)30 b(latter)g(agent)f
(will)i(perform)c(this)k(action)-67 4257 y(only)19 b(if)i(the)f(former)
f(agent)g(has)i(the)f(ability)-5 b(.)-67 4400 y Fa
(request\(<fromAgent>,<action>\))-150 4542 y Fh(\017)41
b Fi(An)17 b(agent)g(requests)g(permission)f(from)g(another)g(agent)h
(who)g(has)-67 4625 y(the)25 b(ability)f(to)h(dele)o(gate.)36
b(This)25 b(results)g(in)f(an)h(error)e(or)i(a)g(dele-)-67
4708 y(gation)c(depending)e(on)j(the)g(credentials)f(of)g(both)h(the)g
(requestor)-67 4791 y(and)e(the)g(requestee.)-67 4925
y Fa(requestPermission\(<fromAgent>,<action>\))-150 5067
y Fh(\017)41 b Fi(An)19 b(agent)g(can)f(ask)i(a)f(security)g(agent)f
(if)i(it)f(has)h(the)f(right)f(to)h(per)n(-)-67 5159
y(form)h(the)g(action.)26 b(This)21 b(results)g(in)g(a)g
Fd(tell)h Fi(with)f(the)f(proposition)-67 5250 y(being)f(a)i
Fd(canDo)e Fi(\(refer)g(to)h Fd(Ontolo)o(gy)p Fi(\).)2146
-67 y Fa(ask\(<fromAgent>,<toAgent>,<action>\))2063 83
y Fh(\017)41 b Fi(Idele)o(gate)17 b(is)k(the)f(action)f(of)h(dele)o
(gating)d(the)j(ability)g(to)g(perform)2146 174 y(the)g(action)f(from)h
(one)f(agent)h(to)g(another)-5 b(.)2146 316 y Fa
(idelegate\(<startTime>,<endTime>,<fro)o(mAgent)o(>,)2594
399 y(<toAgent>,<ability>,)2594 482 y(<constraintOnDelegation>,)2594
565 y(<redelegateFlag>\))2063 706 y Fh(\017)41 b Fi(An)27
b(agent)g(can)g(tell)i(another)d(agent)h(a)h(proposition)d(that)j(it)g
(be-)2146 789 y(lie)n(v)o(es)20 b(is)h(true.)2146 922
y Fa(tell\(<fromAgent>,<toAgent>,<proposit)o(ion>\))2063
1097 y Fb(Example)2063 1214 y Fi(Let)31 b(us)g(assume)g(that)g(there)f
(are)h(tw)o(o)h(or)o(ganizations,)e(ABC)i(and)2063 1305
y(XYZ,)25 b(that)h(are)f(collaborating)e(on)i(a)h(certain)f(project.)41
b(If)25 b(a)h(Soft-)2063 1397 y(w)o(are)k(Consultant)g(\(SC\))i(w)o
(orking)d(with)i(ABC)h(needs)e(to)h(access)2063 1488
y(a)c(database)f(of)h(her/his)f(client,)j(XYZ,)e(she/he)f(\002rst)i
(needs)e(to)i(get)2063 1579 y(the)21 b(correct)g(authorization)f(from)g
(her/his)i(supervisor)-5 b(.)28 b(Let)22 b(us)g(as-)2063
1671 y(sume)e(that)g(the)g(supervisor)f(has)h(the)g(right)g(to)g
(access)h(the)f(database)2063 1762 y(\(a)i(rightT)-7
b(oDo)21 b(refer)h(to)h Fd(Rights)p Fi(\))f(and)g(that)h(the)g(right)f
(can)g(be)h(dele-)2063 1853 y(gated.)29 b(So)22 b(the)g(supervisor)f
(sends)h(a)g(certi\002cate)g(with)h(the)f(follo)n(w-)2063
1945 y(ing)h(content)g(containing)f(a)i(dele)o(gate)e(to)i(SC)h(.)36
b(SC)25 b(then)f(uses)g(this)2063 2036 y(certi\002cate)c(to)h(create)g
(a)g(SMO)g(and)g(sends)f(this)i(SMO)f(to)g(the)g(secu-)2063
2127 y(rity)e(agent)f(of)i(ABC.)g(Before)f(the)g(authorization)e(is)j
(gi)n(v)o(en)e(at)i(ABC)2063 2219 y(the)28 b(security)g(agent)g(will)i
(check)d(all)j(SC')-5 b(s)30 b(credentials)e(by)g(look-)2063
2310 y(ing)g(at)i(its)g(polic)o(y)d(and)i(the)g(SMO.)g(It)g(checks)g
(if)g(SC)h(is)g(w)o(orking)2063 2401 y(for)22 b(ABC,)j(whether)e(XYZ)g
(is)i(indeed)e(her/his)g(client)g(etc.)36 b(This)24 b(is)2063
2493 y(required)17 b(because)h(otherwise)g(it)h(could)f(lead)h(to)g(a)g
(breach)f(in)h(secu-)2063 2584 y(rity)-5 b(.)37 b(The)24
b(security)g(agent)g(returns)g(an)h(authorization)d(certi\002cate.)2063
2675 y(SC)27 b(needs)g(to)g(sho)n(w)f(this)i(authorization)c
(certi\002cate,)29 b(along)c(with)2063 2767 y(her/his)e(other)g
(certi\002cates,)i(to)f(the)g(security)f(agent)h(at)g(XYZ.)g(The)2063
2858 y(security)d(agent)g(at)h(XYZ)g(will)g(double)f(check)g(all)h(the)
g(credentials,)2063 2949 y(making)27 b(sure)h(that)h(the)f(security)g
(agent)g(of)g(ABC)i(is)f(trusted)f(and)2063 3040 y(SC)21
b(indeed)e(has)h(the)g(right)g(to)g(access)h(the)f(database.)k(It)d
(will)g(create)2063 3132 y(a)f(certi\002cate)h(and)e(send)h(it)h(back)f
(to)h(the)f(SC.)h(SC)h(can)e(no)n(w)f(use)i(this)2063
3223 y(as)f(a)h(')o(tick)o(et')e(to)i(access)f(the)h(database.)2063
3398 y Fb(Pr)n(otocols)2063 3515 y Fg(Request)26 b(f)n(or)g(Action)82
b Fi(An)26 b(agent)f(requesting)g(a)i(certain)e(action)2063
3606 y(of)g(another)f(agent)g(outside)h(the)h(compan)o(y)-5
b(,)23 b(creates)j(a)g(SMO)f(with)2063 3697 y(its)32
b(ID)f(certi\002cate)g(and)f(sends)h(it)h(to)f(the)g(security)f(of)n
(\002cer)h(along)2063 3789 y(with)f(other)g(certi\002cates)h(that)f
(strengthen)f(his)i(case.)57 b(The)30 b(secu-)2063 3880
y(rity)24 b(of)n(\002cer)g(checks)g(the)g(credentials)g(supplied)f(by)h
(the)h(requester)2063 3971 y(permitting)i(the)j(request)f(to)g(go)g
(through)e(only)i(if)h(all)f(SMOs)i(are)2063 4063 y(v)n(alid.)37
b(If)24 b(it)h(is)h(an)e(inter)n(-compan)o(y)e(information)g(request,)i
(the)h(re-)2063 4154 y(quest)j(is)i(sent)f(to)f(the)h(security)f(of)n
(\002cer)g(of)h(the)f(recipient')-5 b(s)28 b(com-)2063
4245 y(pan)o(y)-5 b(.)23 b(There)18 b(the)i(request)f(and)g(the)h
(attached)f(credentials)g(are)g(v)o(er)n(-)2063 4337
y(i\002ed)h(once)g(again)g(and)g(then)g(forw)o(arded)e(to)j(the)g
(agent)f(controlling)2063 4428 y(access)25 b(to)g(the)g(information)d
(with)j(an)g(additional)e(attachment)h(re-)2063 4519
y(con\002rming)j(the)j(authenticity)e(of)i(the)f(request.)53
b(F)o(or)30 b(actions)f(on)2063 4611 y(an)h(agent)g(within)g(the)h
(compan)o(y)d(such)j(a)g(high)e(de)o(gree)h(of)g(secu-)2063
4702 y(rity)24 b(may)g(not)g(be)h(necessary)-5 b(.)37
b(The)24 b(recipient,)h(if)g(intelligent,)g(can)2063
4793 y(v)n(alidate)g(the)g(SMO)i(and)e(reason)g(whether)g(the)h(action)
f(should)g(be)2063 4885 y(allo)n(wed.)f(Otherwise)c(the)h(recipient)e
(could)g(ask)i(the)f(security)g(of)n(\002-)2063 4976
y(cer)g(to)g(process)g(the)g(message)g(for)g(it.)2146
5067 y(W)-7 b(e)20 b(illustrate)g(the)g(w)o(orking)e(of)h(Request)h
(for)f(Action)g(by)h(an)f(e)o(x-)2063 5159 y(ample.)50
b(ABC)30 b(and)e(XYZ)h(are)g(tw)o(o)g(companies)e(represented)g(by)2063
5250 y(their)k(security)g(agents,)k(SA-ABC)e(and)e(SA-XYZ.)h(XYZ)g(is)h
(the)p eop
%%Page: 6 6
6 5 bop -150 -67 a Fi(client)28 b(of)g(ABC.)h(Marty)e(is)i(a)g(design)e
(engineer)f(in)j(ABC,)g(where)-150 24 y(design)38 b(engineers)g(can)h
(access)g(their)g(client')-5 b(s)39 b(database,)k(db5.)-150
116 y(The)19 b(follo)n(wing)e(steps)j(illustrate)f(ho)n(w)g(the)g
(authorization)e(actually)-150 207 y(tak)o(es)k(place.)-171
334 y(1.)41 b(SA-XYZ)27 b(accesses)g(the)g(compan)o(y)e(polic)o(y)h
(for)g(XYZ)h(and)f(the)-67 426 y(global)19 b(shared)h(polic)o(y)-171
548 y(2.)41 b(SA-ABC)28 b(accesses)f(the)g(compan)o(y)e(polic)o(y)g
(for)i(ABC)h(and)e(the)-67 639 y(global)19 b(shared)h(polic)o(y)-171
761 y(3.)41 b(SA-XYZ)31 b(sends)g(a)h(message)f(to)g(SA-ABC)h(saying)f
(that)g(SA-)-67 853 y(ABC)e(has)e(the)g(right)g(to)h(dele)o(gate)d
(access)j(to)g(db5,)g(which)e(is)j(a)-67 944 y(database)20
b(in)g(XYZ,)g(to)g(all)h(emplo)o(yees.)-67 1078 y Fa(tell\(sa-xyz,)43
b(sa-abc,)112 1161 y(idelegate\(StartTime,)f(EndTime,)h(sa-xyz,)561
1244 y(sa-abc,)g(canDo\(X,accessDB\(db5\),)561 1327 y
(employee\(X,abc\)\),)f(true,true\)\))-67 1462 y Fi(SA-ABC)21
b(asserts)g(the)g(proposition)-67 1589 y Fa(delegate\(IssueTime,)42
b(StartTime,)h(EndTime,)g(sa-xyz,)337 1672 y(sa-abc,)g
(canDo\(X,accessDB\(db5\),)337 1755 y(employee\(X,abc\)\),true,true\))
-67 1882 y Fi(SA-ABC)31 b(gi)n(v)o(es)e(all)i(Design)e(Engineers)f(the)
i(right)g(to)f(access)-67 1965 y(db5,)19 b(b)n(ut)h(not)g(the)g
(ability)g(to)h(dele)o(gate.)-67 2092 y Fa(tell\(sa-abc,sa-abc,)157
2175 y(idelegate\(StartTime,)42 b(EndTime,)h(sa-abc,)247
2258 y(X,)h(canDo\(X,)g(accessDB\(db5\),true\),)247 2342
y(role\(X,designEngineer\),false\)\))-67 2469 y Fi(This)30
b(causes)g(a)g(dele)o(gate)f(statement)g(to)h(be)g(inserted)f(into)h
(the)-67 2552 y(kno)n(wledge)18 b(base.)-67 2679 y Fa
(delegate\(IssueTime,)42 b(StartTime,)h(EndTime,)g(sa-abc,)-22
2762 y(X,)h(canDo\(Z,)g(accessDB\(db5\),true\),)337 2845
y(role\(X,designEngineer\),false\))-171 2972 y Fi(4.)d(Marty)26
b(requires)g(some)g(information)e(from)i(database,)h(db5,)h(at)-67
3055 y(XYZ.)22 b(He)h(sends)g(a)f(request)g(to)h(SA-ABC)g(along)f(with)
g(his)h(cer)n(-)-67 3138 y(ti\002cate.)-67 3265 y Fa
(request\(marty,accessDB\(db5\)\))-171 3401 y Fi(5.)41
b(SA-ABC)30 b(kno)n(ws)e(that)i(the)f(request)f(is)i(from)e(Marty)h
(because)-67 3492 y(of)24 b(his)g(certi\002cate.)37 b(It)24
b(then)g(checks)f(the)h(rules)g(to)h(see)f(if)h(Marty)-67
3584 y(as)i(a)g(Design)f(Engineer)f(has)h(access)h(to)g(db5.)42
b(As)27 b(this)g(is)h(true,)-67 3675 y(SA-ABC)d(sends)f(a)g(request)f
(to)i(SA-XYZ)e(with)h(its)h(certi\002cate.)-67 3766 y(This)f(message)g
(says)g(that)g(Marty)f(requires)g(some)g(information)-67
3857 y(from)c(db5)g(and)h(includes)g(Marty')-5 b(s)20
b(certi\002cate.)-171 3980 y(6.)41 b(SA-XYZ)27 b(v)o(eri\002es)g(both)g
(the)g(certi\002cates)g(and)g(checks)g(it)h(pol-)-67
4071 y(ic)o(y)g(to)f(see)i(if)f(SA-ABC)h(has)f(the)f(right)h(to)g(dele)
o(gate)e(the)i(right)-67 4162 y(to)h(access.)51 b(As)30
b(SA-ABC)f(does)g(ha)n(v)o(e)f(the)h(right)f(to)h(dele)o(gate,)-67
4254 y(SA-XYZ)19 b(appro)o(v)o(es)e(the)i(access)h(and)f(sends)g(the)g
(request)g(to)g(the)-67 4345 y(agent)h(controlling)e(access)j(to)f(the)
g(database.)-171 4467 y(7.)41 b(If)k(Harry)-5 b(,)51
b(a)46 b(programmer)c(at)k(ABC,)g(tries)g(to)g(access)g(the)-67
4559 y(database,)26 b(db5,)f(his)g(request)g(will)h(f)o(ail)f(because)g
(the)g(SA-ABC)-67 4650 y(has)20 b(only)g(gi)n(v)o(en)f(design)g
(engineers)g(the)h(right.)-150 4793 y Fg(Request)f(f)n(or)g(A)l
(uthorization)81 b Fi(This)19 b(request)f(is)i(v)o(ery)e(similar)h(to)
-150 4885 y(the)27 b(Request)h(for)e(Action)h(dif)n(fering)f(in)h(the)h
(request)e(for)h(permis-)-150 4976 y(sion)21 b(used.)27
b(Also)21 b(the)g(security)f(agent)g(sends)h(the)g(requester)f(a)h(cer)
n(-)-150 5067 y(ti\002cate)26 b(containing)d(the)i(authorization.)37
b(As)25 b(long)f(as)i(the)f(certi\002-)-150 5159 y(cate)19
b(is)h(v)n(alid,)f(the)g(agent)g(can)g(access)g(the)g(right)g(without)f
(the)h(secu-)-150 5250 y(rity)h(agent)f(ha)n(ving)g(to)i(go)e(through)f
(the)i(whole)g(reasoning)f(process)2063 -67 y(again.)41
b(After)26 b(a)h(request)e(for)h(authorization,)f(the)h(agent)g(can)f
(dis-)2063 24 y(connect)18 b(and)i(then)g(perform)e(a)j(request)e(for)h
(action.)2146 117 y(The)e(e)o(xample)f(belo)n(w)g(describes)h(the)g
(authorization)f(process)g(in)2063 208 y(detail.)41 b(In)25
b(this)h(case,)i(Harry)-5 b(,)25 b(a)h(programmer)d(at)j(ABC,)h
(requires)2063 299 y(some)20 b(information)d(from)i(database,)h(db5,)f
(at)i(XYZ)f(his)h(client.)2042 435 y(1.)41 b(SA-XYZ)26
b(accesses)i(the)f(compan)o(y)d(polic)o(y)i(for)g(XYZ)h(and)g(the)2146
526 y(global)19 b(shared)g(polic)o(y)-5 b(.)2042 653
y(2.)41 b(SA-ABC)27 b(accesses)h(the)f(compan)o(y)d(polic)o(y)i(for)g
(ABC)i(and)f(the)2146 744 y(global)19 b(shared)g(polic)o(y)-5
b(.)2042 863 y(3.)41 b(SA-XYZ)16 b(sends)h(message)f(to)h(SA-ABC)g
(saying)f(that)h(SA-ABC)2146 946 y(has)g(the)g(right)f(to)h(dele)o
(gate)e(access)j(to)f(db5,)g(which)f(is)i(a)f(database)2146
1029 y(in)j(XYZ,)g(to)g(all)h(emplo)o(yees.)2146 1164
y Fa(tell\(sa-xyz,sa-abc,)2370 1247 y(idelegate\(StartTime,)41
b(EndTime,)j(sa-xyz,)2459 1330 y(sa-abc,)g(canDo\(X,accessDB\(db5\),)
2459 1413 y(employee\(X,abc\)\),)e(true,true\)\))2146
1548 y Fi(SA-ABC)27 b(asserts)g(the)f(proposition)f(into)h(its)h(o)n
(wn)f(kno)n(wledge)2146 1631 y(base.)2146 1766 y Fa
(delegate\(IssueTime,)41 b(StartTime,)i(EndTime,)h(sa-xyz,)2549
1849 y(sa-abc,)g(canDo\(X,accessDB\(db5\),)2549 1932
y(employee\(X,abc\)\),true,true\))2146 2067 y Fi(Then,)24
b(SA-ABC)i(decides)e(to)h(gi)n(v)o(e)f(all)i(Design)e(Engineers)g(the)
2146 2150 y(right)f(to)h(access)h(the)f(database)f(and)h(the)g(right)f
(to)h(dele)o(gate)f(this)2146 2233 y(right)c(further)-5
b(.)2146 2368 y Fa(tell\(sa-abc,sa-abc,)2325 2451 y
(idelegate\(StartTime,)41 b(EndTime,)j(sa-abc,)f(X,)2415
2534 y(canDo\(Z,)g(accessDB\(db5\),true\),)2415 2618
y(role\(X,designEngineer\),true\)\))2146 2753 y Fi(This)20
b(causes)g(a)h(dele)o(gate)e(statement)h(to)g(be)g(inserted)2146
2888 y Fa(delegate\(IssueTime,)41 b(StartTime,)i(EndTime,)h(sa-abc,)
2549 2971 y(X,)h(canDo\(Z,)e(accessDB\(db5\),true\),)2549
3054 y(role\(X,designEngineer\),true\))2042 3197 y Fi(4.)e(Harry)-5
b(,)22 b(a)i(programmer)m(,)c(needs)j(to)g(use)g(a)h(database,)f(db5,)g
(from)2146 3288 y(XYZ.)28 b(He)g(requests)g(his)g(supervisor)m(,)g
(Marty)-5 b(,)29 b(for)f(permission)2146 3380 y(to)20
b(access)h(db5.)2146 3524 y Fa(requestPermission\(harry,marty,access)o
(DB\(db5)o(\)\))2042 3668 y Fi(5.)41 b(Marty)22 b(is)i(a)f(design)f
(engineer)f(and)i(he)g(gi)n(v)o(es)f(all)h(programmers)2146
3751 y(the)d(right)f(to)i(access)f(db5.)2146 3886 y Fa
(tell\(marty,sa-abc,)2325 3969 y(idelegate\(StartTime,)41
b(EndTime,)j(marty,X,)2415 4052 y(canDo\(X,accessDB\(db5\),true\),)2415
4135 y(role\(X,programmer\),false\)\))2146 4270 y Fi(SA-ABC)21
b(asserts)g(the)f(follo)n(wing)f(clause)h(:)2146 4405
y Fa(delegate\(IssueTime,StartTime,EndTime)o(,)39 b(marty,X,)2549
4488 y(canDo\(X,accessDB\(db5\),true\),)2549 4571 y
(role\(X,programmer\),false\))2042 4706 y Fi(6.)i(No)n(w)31
b(Harry)g(sends)h(a)h(request)e(to)h(SA-ABC)h(along)e(with)h(his)2146
4789 y(certi\002cate)2146 4924 y Fa(request\(harry,accessDB\(db5\)\))
2042 5067 y Fi(7.)41 b(SA-ABC)20 b(kno)n(ws)e(that)h(the)g(request)g
(is)h(from)e(Harry)g(because)h(of)2146 5159 y(his)g(certi\002cate.)24
b(It)c(then)e(checks)h(the)g(rules)g(to)g(see)g(if)h(Harry)-5
b(,)17 b(as)j(a)2146 5250 y(programmer)m(,)13 b(is)k(allo)n(wed)f(to)h
(access)g(db5.)22 b(Marty)16 b(has)h(gi)n(v)o(en)e(all)p
eop
%%Page: 7 7
7 6 bop -67 -67 a Fi(programmers)23 b(access)i(to)h(db5,)f(so)h(Harry)e
(has)i(the)f(right.)40 b(SA-)-67 24 y(ABC)20 b(sends)f(a)h(request)e
(to)h(SA-XYZ)g(with)g(its)h(certi\002cate.)25 b(This)-67
116 y(message)e(says)h(that)f(Harry)f(requires)g(some)h(information)e
(from)-67 207 y(db5)e(and)h(includes)f(its)j(o)n(wn)d(and)h(Harry')-5
b(s)20 b(certi\002cate.)-171 355 y(8.)41 b(SA-XYZ)31
b(v)o(eri\002es)f(that)h(the)g(message)f(is)i(coming)d(from)h(SA-)-67
446 y(ABC)21 b(and)f(if)g(requires)f(double)f(checks)h(Harry')-5
b(s)20 b(id.)25 b(It)20 b(can)g(also)-67 537 y(log)32
b(the)g(request.)61 b(But)33 b(it)g(trusts)f(SA-ABC)i(and)d(the)i
(request)-67 629 y(is)d(appro)o(v)o(ed)c(and)i(sent)h(to)g(the)g
(access)h(agent)e(controlling)f(the)-67 720 y(database.)344
949 y Fj(Implementation)f(Details)-150 1100 y Fi(All)38
b(the)f(agents)g(are)h(Ja)n(v)n(a)f(Servlets)h(that)f(communicate)f
(using)-150 1191 y(HTTP)-9 b(.)38 b(The)g(kno)n(wledge)e(base)i(is)h
(Prolog)f(\(Swedish)f(Institute)-150 1282 y(2001b\))21
b(and)h(the)h(reasoning)e(is)j(carried)e(by)h(rules)g(written)f(in)i
(Pro-)-150 1374 y(log.)62 b(The)33 b(polic)o(y)f(is)h(also)g(encoded)e
(in)i(Prolog.)62 b(The)33 b(security)-150 1465 y(agents)26
b(ha)n(v)o(e)f(a)h(Jasper)g(\(Swedish)f(Institute)h(2001a\))e(interf)o
(ace)h(to)-150 1556 y(Prolog.)565 1785 y Fj(Futur)n(e)h(W)-7
b(ork)-150 1936 y Fi(W)g(e)22 b(are)e(trying)f(to)i(model)e
(obligations)g(and)h(actions)g(to)h(be)f(carried)-150
2028 y(out)e(if)g(an)h(agent)e(f)o(ails)i(to)f(ful\002ll)h(its)g
(obligations.)j(W)-7 b(e)20 b(are)e(planning)-150 2119
y(to)i(associate)h(a)f(le)n(v)o(el)g(of)g(trust)g(with)g(each)g(agent,)
f(and)g(modify)g(that)-150 2210 y(based)h(on)g(the)g(ful\002llment)f
(of)h(obligations.)-67 2313 y(F)o(or)j(our)h(implementation,)e(we)i
(had)f(concentrated)f(on)h(Prolog.)-150 2404 y(No)n(w)30
b(we)g(are)g(upgrading)d(to)j(XML)g(\(XML)g(2000\))e(for)h(describ-)
-150 2496 y(ing)24 b(rights,)h(dele)o(gations)d(and)i(authorizations,)f
(and)h(XML)h(signa-)-150 2587 y(tures)30 b(\(XML-Signature)e(2000\))g
(instead)i(of)g(X.509)f(certi\002cates.)-150 2678 y(W)-7
b(e)29 b(are)e(also)h(w)o(orking)e(on)h(other)g(issues)i(related)e(to)h
(Distrib)n(uted)-150 2770 y(T)m(rust)19 b(Management.)j(If)d(an)f
(agent)h(is)g(able)g(to)g(access)g(certain)f(pub-)-150
2861 y(lic)30 b(policies)g(of)g(the)f(agent)g(that)h(is)h(in)f(char)o
(ge)e(of)i(authorization,)-150 2952 y(then)g(it)i(will)g(be)e(in)h(a)h
(better)e(position)g(to)h(ful\002ll)g(those)g(require-)-150
3044 y(ments.)d(This)22 b(leads)f(to)h(the)f(problem)f(of)h(di)n
(viding)f(the)h(polic)o(y)f(into)-150 3135 y(pri)n(v)n(ate)d(and)g
(public)g(sections)h(and)f(to)h(the)g(problem)e(of)i(making)e(the)-150
3226 y(public)29 b(polic)o(y)g(a)n(v)n(ailable.)53 b(W)-7
b(e)31 b(are)f(still)h(deciding)d(whether)h(the)-150
3318 y(polic)o(y)19 b(should)h(be)h(made)f(do)n(wnloadable)d(through)i
(HTTP)h(or)h(sent)-150 3409 y(to)g(an)o(y)f(agents)g(that)h(request)f
(it.)27 b(Another)20 b(possible)g(impro)o(v)o(ement)-150
3500 y(w)o(ould)k(be)g(for)g(a)g(security)g(agent)g(to)g(return)f(a)i
(list)h(of)e(rules)g(that)g(it)-150 3592 y(used)f(to)h(come)f(to)h(the)
f(decision,)h(in)f(case)h(the)g(authorization)d(pro-)-150
3683 y(cess)26 b(f)o(ails.)41 b(This)25 b(allo)n(ws)h(the)f(requester)f
(to)h(\002gure)g(out)f(where)h(its)-150 3774 y(credentials)19
b(f)o(ailed)h(and)g(correct)f(the)h(f)o(aults.)606 4003
y Fj(Conclusion)-150 4154 y Fi(The)f(central)g(idea)h(of)f(the)h(paper)
f(is)h(to)g(use)g(a)g(system)g(of)f(rights)h(and)-150
4245 y(dele)o(gations)c(along)i(with)g(certi\002cates)g(to)h(f)o
(acilitate)f(trust)h(manage-)-150 4337 y(ment.)43 b(The)27
b(requester)e(can)h(access)h(a)g(foreign)e(resource)g(by)h(pro-)-150
4428 y(viding)i(its)j(identity)d(information)f(to)j(the)f(agent)g
(controlling)e(the)-150 4519 y(resource)20 b(along)h(with)h(an)o(y)e
(dele)o(gations)g(it)i(may)f(ha)n(v)o(e.)28 b(The)22
b(agent)-150 4611 y(controlling)13 b(the)j(resource)e(uses)i(its)g
(policies)g(to)f(v)o(erify)f(the)i(identity)-150 4702
y(and)j(dele)o(gations)f(of)i(the)g(requester)m(,)e(granting)g(it)j
(permission)e(only)-150 4793 y(if)25 b(e)n(v)o(erything)e(is)j(v)n
(alid.)39 b(W)-7 b(e)27 b(were)e(able)g(to)g(e)n(v)n(aluate)f(our)h
(infras-)-150 4885 y(tructure)c(and)h(interaction)f(protocols)g(by)h
(implementing)f(a)i(multi-)-150 4976 y(agent)i(scenario,)h(EECOMS.)g(W)
-7 b(e)27 b(also)g(belie)n(v)o(e)d(that)i(this)h(infras-)-150
5067 y(tructure)d(will)i(be)f(v)o(ery)f(helpful)g(in)h(the)h(home/of)n
(\002ce)d(automation)-150 5159 y(scenario)g(where)h(the)g(mobile)f
(user)h(has)g(to)g(be)g(authorized)e(before)-150 5250
y(she/he)e(can)g(use)g(an)o(y)g(service.)2825 -67 y Fj(Refer)n(ences)
2104 65 y Fi(Blaze,)26 b(M.;)i(Feigenbaum,)c(J.;)k(K)n(eromytis,)c(A.;)
k(and)c(Ioannidis,)2104 156 y(J.)30 b(1998.)e(The)19
b(k)o(e)o(ynote)g(trust-management)e(system.)2104 275
y(Blaze,)31 b(M.;)i(Feigenbaum,)28 b(J.;)33 b(and)28
b(K)n(eromytis,)h(A.)g(D.)56 b(1999.)2104 367 y(The)23
b(role)g(of)g(trust)g(management)e(in)j(distrib)n(uted)e(systems)i
(secu-)2104 458 y(rity)-5 b(.)29 b(In)19 b Fd(Secur)m(e)h(Internet)g
(Pr)l(o)o(gr)o(amming)p Fi(,)e(185\226210.)2104 577 y
(Bluetoothwebsite.)28 b(2001.)f(The)20 b(of)n(\002cial)g(bluetooth)f
(website.)2104 696 y(Chen,)i(H.,)h(J.)g(A.)g(F)-7 b(.)23
b(T)-6 b(.,)21 b(and)g(Chakraborty)-5 b(,)19 b(D.)34
b(2001.)e(Dynamic)2104 787 y(service)20 b(disco)o(v)o(ery)e(for)i
(mobile)g(computing:)k(Intelligent)19 b(agents)2104 879
y(meet)h(jini)h(in)f(the)g(aether)-5 b(.)2104 998 y(Ellison,)48
b(C.)c(M.;)55 b(Frantz,)48 b(B.;)55 b(Lampson,)48 b(B.;)55
b(Ri)n(v)o(est,)49 b(R.;)2104 1089 y(Thomas,)32 b(B.)f(M.;)k(and)30
b(Ylonen,)h(T)-6 b(.)62 b(1998.)e(SPKI)31 b(certi\002cate)2104
1180 y(theory)-5 b(.)27 b(Internet)19 b(Draft.)2104 1300
y(FIP)-8 b(A.)30 b(1998.)e(Fipa)20 b(98)g(speci\002cation.)2104
1419 y(Grosof,)28 b(B.,)i(and)d(Labrou,)h(Y)-11 b(.)54
b(1999.)d(An)28 b(approach)d(to)j(using)2104 1510 y(xml)21
b(and)f(a)i(rule-based)d(content)h(language)f(with)i(an)g(agent)f(com-)
2104 1601 y(munication)e(language.)2104 1720 y(Herzber)o(g;)33
b(Mass;)j(Mihaeli;)g(Naor;)f(and)29 b(Ra)n(vid.)62 b(2000.)e(Ac-)2104
1812 y(cess)22 b(control)e(meets)h(public)f(k)o(e)o(y)g
(infrastructure,)f(or:)26 b(Assigning)2104 1903 y(roles)j(to)f
(strangers.)55 b(In)29 b Fd(RSP:)e(21th)h(IEEE)g(Computer)g(Society)
2104 1994 y(Symposium)19 b(on)h(Resear)m(c)o(h)f(in)h(Security)g(and)g
(Privacy)p Fi(.)2104 2113 y(Ingersoll)28 b(Rand,)i(Q.)58
b(2000.)d(Ciimple)o(x)29 b(consortium,)g(consor)n(-)2104
2205 y(tium)22 b(for)f(inte)o(grated)g(intelligent)g(manuf)o(acturing)e
(planning)h(and)2104 2296 y(e)o(x)o(ecution.)2104 2415
y(J.K.Jan,)32 b(C.C.Chang,)f(S.)60 b(1991.)e(A)31 b(dynamic)d(k)o(e)o
(y-lock-pair)2104 2507 y(access)21 b(control)e(scheme.)28
b Fd(Computer)20 b(and)g(Security)f Fi(10.)2104 2626
y(Johnston,)41 b(W)-8 b(.,)43 b(and)37 b(Larsen,)k(C.)86
b(1996.)e(A)38 b(use-condition)2104 2717 y(centered)91
b(approach)g(to)i(authenticated)e(global)g(capa-)2104
2808 y(bilities:)128 b(Security)71 b(architectures)f(for)h(lar)o
(ge-scale)f(dis-)2104 2900 y(trib)n(uted)77 b(collaboratory)e(en)m
(vironments.)211 b(http://www-)2104 2991 y(itg.1bl.go)o
(v/Security/Arch/pub)o(lication)o(s.htm)o(l.)2104 3110
y(Lalana)23 b(Kagal,)g(Vlad)g(K)m(orole)n(v)-5 b(,)22
b(H.)h(C.)h(A.)f(J.)h(T)-6 b(.)23 b(F)-7 b(.)40 b(2001.)d(Cen-)2104
3201 y(taurus)28 b(:)44 b(A)29 b(frame)n(w)o(ork)e(for)i(indoor)e
(mobile)h(services.)58 b Fd(Inter)n(-)2104 3293 y(national)33
b(Confer)m(ence)h(on)h(Distrib)n(uted)g(Computing)e(Systems,)2104
3384 y(April)20 b(2001)p Fi(.)2104 3503 y(Li;)56 b(Feigenbaum;)f(and)43
b(Grosof.)105 b(1999.)f(A)44 b(logic-based)2104 3594
y(kno)n(wledge)35 b(representation)g(for)h(authorization)f(with)i(dele)
o(ga-)2104 3686 y(tion.)27 b(In)19 b Fd(PCSFW:)g(Pr)l(oceedings)f(of)i
(The)f(12th)g(Computer)g(Secu-)2104 3777 y(rity)f(F)-9
b(oundations)15 b(W)-8 b(orkshop)p Fi(.)22 b(IEEE)17
b(Computer)f(Society)h(Press.)2104 3896 y(Lupu,)g(E.,)h(and)f(Sloman,)g
(M.)23 b(1997.)f(A)c(polic)o(y)f(based)g(role)g(object)2104
3987 y(model.)2104 4107 y(Lupu,)22 b(E.)i(C.;)h(Marriott,)e(D.)g(A.;)i
(Sloman,)e(M.)h(S.;)h(and)e(Y)-5 b(ialelis,)2104 4198
y(N.)23 b(1995.)d(A)e(polic)o(y)d(based)i(role)f(frame)n(w)o(ork)f(for)
i(access)g(control.)2104 4317 y(M.Blaze,)j(J.Feigenbaum,)d(J.)29
b(1996.)d(Decentralized)19 b(trust)g(man-)2104 4408 y(agement.)28
b Fd(IEEE)20 b(Pr)l(oceedings)f(of)h(the)g(17th)f(Symposium)p
Fi(.)2104 4527 y(M.S.Hw)o(ang,)27 b(W)-8 b(.G.Tzeng,)28
b(W)-8 b(.)52 b(1994.)e(A)27 b(tw)o(o-k)o(e)o(y-lock-pair)2104
4619 y(access)19 b(control)d(method)h(using)g(prime)h(f)o(actorization)
e(and)h(times-)2104 4710 y(tamp.)29 b Fd(IEICE)20 b(T)-5
b(r)o(ansactions)19 b(Inf)o(.)h(and)f(Syst)h Fi(E77-D)g(No.9.)2104
4829 y(Sandhu,)29 b(R.)g(S.;)k(Co)o(yne,)c(E.)g(J.;)k(Feinstein,)d(H.)e
(L.;)33 b(and)28 b(harles)2104 4920 y(E.)e(Y)-9 b(ouman,)26
b(C.)49 b(1996.)e(Role-based)25 b(access)i(control)d(models.)2104
5012 y Fd(IEEE)c(Computer)f Fi(20\(2\):38\22647.)2104
5131 y(Swedish)h(Institute,)g(S.)g(I.)h(o.)f(C.)h(S.)29
b(2001a.)f(Jasper)-5 b(.)2104 5250 y(Swedish)20 b(Institute,)g(S.)g(I.)
h(o.)f(C.)h(S.)29 b(2001b)m(.)e(Sicstus)21 b(prolog.)p
eop
%%Page: 8 8
8 7 bop -108 -67 a Fi(XML-Signature.)24 b(2000.)i(Xml-signature)18
b(syntax)g(and)h(process-)-108 24 y(ing,)g(w3c)h(candidate)f
(recommendation)e(31)j(october)e(2000.)-108 138 y(XML.)39
b(2000.)f(Extensible)23 b(markup)e(language)h(\(xml\))g(1.0)h(\(sec-)
-108 230 y(ond)c(edition\))g(w3c)h(recommendation)d(6)j(october)f
(2000.)p eop
%%Trailer
end
userdict /end-hook known{end-hook}if
%%EOF