Building secure agents on the semantic web

Abstract

Security for agents on the semantic Web is vital because they usually handle a lot of privacy related information. Using this information such like financial information, agents purchase goods, reserve hotels, flights, and cars and make a contract with others on behalf of their users. These features bring them more subtle attacks and dangers. For example, sensitive information about the user may be disclosed or sabotaged by malicious parties. In this paper, we suggest a method to build secure agents on the semantic Web as a solution to this problem. Especially because agents have charges of different and various roles on the distributed systems and platforms on the semantic Web, required qualification for access to resource is dynamically changed according to the case. Therefore, at the first, we discuss the requirement of agent security on the semantic Web and propose a method that the agent dynamically exchanges its authentication and authorization information using SAML (security assertion markup language). Because SAML doesn't need to share same security infrastructure and allows applications to exchange authentication and authorization information, it is suitable for securing the agent that plays various roles in heterogeneous platforms, dynamically changes their requirements, and acts on behalf of users with diverse access permission on the semantic Web. In addition to this, since SAML is based on XML, it has an advantage of easy integration and extension without modification of legacy system and protocol on the semantic Web