Applying security policies through agent roles: A JAAS based approach

Agents are an emerging technology that grants programmers a new way to exploit distributed resources. Role is a powerful concept that can be used to model agent interactions, both between different agents and between agents and environments. Roles allow agents to dynamically acquire capabilities to perform specific tasks, and therefore enable separation of concerns and code reusability in software development and maintenance. Permissions and security issues related to role’s use should be carefully taken into account, especially when the agent scenario becomes open, including even mobile agents. In a Java agent scenario, we believe that the standard policy file mechanism does not suffice, because a fine grain permission management is required. This paper focuses on how to exploit the Java Authentication and Authorization Service (JAAS) at the role level in order to apply authorizations and local policies to Java agents for controlling the use of their roles.