Active, Persistent, Secure Agents
Tabriz Internet applications are truly unique in the industry because their agents are active, persistent, and secure. This section examines these attributes in more detail and shows how they play a key role in making Tabriz AgentWare and Tabriz Agent Tools the most complete solution for developing interactive Internet services.
The Importance of Being Active
While other so-called network agents are highly restricted in their mobility, Tabriz agents can travel anywhere on any type of network--interacting with other agents, gathering information, monitoring changes to that information, even automating transactions. This creates an entirely new class of capabilities that are not possible using other technologies.
Moreover, because Telescript is an object-oriented language, developers don't have to write low-level code to enable this unlimited mobility. This saves development time and improves time-to-market of new applications or releases.
Persistence Pays Off
Tabriz agents are inherently built to deliver persistence at three distinctly different levels.
First, Tabriz agents never give up a requested search until the user instructs them to. If the user needs to get on a particular Web site that's frequently busy, the agent will keep trying while the user does something else. If the user needs updates to constantly changing information, such as stock quotes or air fares, agents can monitor the Internet and post changes as often as the user wants them to.
Second, the Telescript engine automatically saves all instructions and state information for each agent. State is preserved from page to page, as the agent moves from place to place, even while disconnected from the Web browser, and on subsequent user logins. State is also preserved across multiple Tabriz agent servers and in system reboots or restarts. So even if the network goes down, agents retain their instructions and the information they've located for the user. When the network comes back up, they're back on the job.
Third, active agents take persistence to a new dimension by continuing to perform their requested tasks even while the user is off-line. Tabriz agents attempt to execute their instructions at all times, regardless of whether there is a live connection with the user or not. Thus, the user can simply log on, specify a request, along with a preference for notification (email, pager, fax, etc.), log off, and wait to be notified that the request has been served.
Security on Multiple Levels
Clearly, comprehensive security is an absolute prerequisite to the viability of agent technology. Network administrators cannot afford to let unknown and untrusted agents access the network at will; users require an assurance of privacy; businesses need protection against unauthorized access to sensitive information. That is why General Magic has made inherent security design center in the development of Tabriz agent products; and that is why Tabriz delivers unmatched security at multiple levels.
Safety Mechanisms: Telescript itself is a "safe" programming language, which means that its programs either do what they are supposed to do or fail with no disruption to any other resource. Telescript is also an interpreted language, which ensures that agents created with Telescript have no direct access to system resources.
Authentication: The Telescript language provides each agent with an authenticated, unforgeable identity called an authority. An authority uniquely identifies the Telescript user and specifies the user's permissions. Telescript also allows one agent or place to discern the authority of another. At the network level, this enables organizations to set up very powerful authentication mechanisms--requiring, for example, mutual authentication using RSA public key encryption, session key negotiation using perfect-forward security, and session encryption using RC4.
Access Control and Privacy: Tabriz agent products use encapsulation techniques to create public "operation wrappers" for agents. This enables host Web sites to perform their own access checks against the agents. The requested process, the identity of the requester, and the location of the client can all be verified, and permissions can be granted accordingly.
The extent of authorized operations for each Tabriz agent is specified through permits. The Telescript language enables four kinds of permits to be generated:
- Native permits, which are assigned by whoever creates the process
- Local permits, which can be imposed by a place on an entering agent or on a process created in that place
- Regional permits, which are imposed by the Telescript engine place and only apply within a particular engine or set of engines that comprise a region
- Temporary permits, which are in effect for limited time periods
Permits provide fine granularity in specifying how long an agent may remain at a place, how much memory the agent may be allowed to take up, what priority the agent's request may receive, and so on. These permits are contained in public, read-only form, so network administrators can control both access and resource consumption by enabling agents to enter under specified terms. An agent or place can discern its capabilities but cannot increase them.
Using Tabriz AgentWare, a Web site administrator can also constrain the authorized actions of agents that are allowed on-site. For example, agents can be prevented from taking specified objects with them during a "go"; or prevented from copying or modifying objects.
Network Security: Tabriz AgentWare is a distributed processing environment that supports agent mobility across multiple hosts. Ensuring network security, therefore, is critically important. Tabriz networks provide:
- A privileged region authority for network management and administration
- The ability to set region-based administrative policies--including, for example, controls on entering the region, policies for granting regional permits, and management and auditing policies
- Inter-region secure channels
The Solution | The Strategy