A Work Diagram

Let's take a further look at the work diagram in the design of the RETSINA project:
Policy making with AgentEditor: AgentEditor is the interface for the human to build their agent based on RETSINA. Defining security policy is part of specification of the task for which the agent is being built, or say, customized by the owner of the agent. Conceptually, the policy is specified with the interface as follow:

1. Specify the expected security requirements for both incoming and outgoing message, such as whether there is a need to verify the origin of a query message, or whether a reply message must be signed so that the receiving agent can verify the authenticity of it.
2. Define the credential requirements for acceptable queries or other messages. For example, which certificate could be valid for a querying agent to query which kind of information, or how many authorities are required for an agent to validate a query.
3. Check the correctness and consistency of policy specification. For example, if it is specified that an incoming query must be authenticated, then the corresponding outgoing message must be specified as confidential message, which must be encrypted with the intended receiving agent's public key - this would be embodied when the protocol is generated by the planner (see below).

Policy making is an active research and development field as application of cryptography [26] and security usability.
Protocol Generation: In RETSINA, a planner takes charge of planning to fulfill the agent's goals and tasks. To meet the security requirements defined by human, the planner will generates a set of security protocols according to the methodology discussed in the last subsection, which described what security operations are needed comprehensively on what objects to satisfy the required security mechanisms. The protocol specifies all the concrete operations and the objects of the operation in each step. The generated protocol will be checked by means of some automatic checking procedure. Automatic protocol checking is another active research and development field in application of cryptography[30], and its application on agent security could be an exclusive research topic. The approved security protocols will be saved in protocol database (PDB).
Operation Execution: When the customization of agent is finished, the security policy would have been specified and the protocols would have been generated and saved in PDB. Once a task is given, a protocol matching the task is chosen from protocol database (PDB), and will be conducted as a part of procedure of execution of the task. An execution monitor will monitor the execution of the protocol. The security execution module is the functional module that executes the concrete security operations.