To exploit public key cryptography for agent security, it would be unavoidable for us to consider construction of agent-oriented PKI, which is expected not only to be suitable for agent-based applications[11], but also can take advantages of autonomous agent to facilitates inter-operability and flexibility.
Unlike the traditional way of PKI implementation, our PKI
implements the authorities of authentication verification
service systems as autonomous software agents, called
security agents,
instead of building a static monolithic hierarchy. Formats of
certificates for various applications can be personalized by the users
or specific applications. The authentication relationship can be
dynamically established even across multi-certificate hierarchies by
use of the security agents.
From the viewpoint of a user, the security agent can be thought of
as a kind of
configurable facilitator that can be employed by any group of agents
or the owner of the agents to construct their own authentication verification
service system. What we mean by ``configurable facilitators'' is that
we do not
pre-specify any particular certification format and hierarchical relationship
in the software (like in other traditional PKI projects), but allow the users
to define the format(s) of the certification(s) and the name space(s) as they
need (customizing). The hierarchical relationship is dynamically formed as
the agents apply/issue their certificates according to the desires of the
applications.
From the viewpoint of PKI structure, a security agent can be thought of as a
node in a dynamically formed hierarchy. More than one authentication
verification systems may cross a node, since a single security agent can
hold multiple certificates with different certificate name (such as ``PGP''
``certificate'', ``RSA PKCS certificate'', ``X community certificate'', etc.),
formats and name spaces-hierarchical relationships. (refer to Figure 2.1).
In order for a security agent to manage public key certifications, it
is capable of performing a basic set of tasks: issue/apply a certificate,
update/revoke a certificate. We note that a security agent could potentially
provide additional capabilities, such as retrieve, transfer, or exchange
credentials among different hierarchy systems, or introduce one agent to
another, or delegate one agent to act on another's behalf, etc. But we leave
those for future work.
Interested reader can refer to [11] for more details.