Re: Web Scripting Languages (was: Re: two-way communication in html)

Prentiss Riddle (riddle@is.rice.edu)
Tue, 7 Mar 1995 22:22:56 +0500


> From alvin@eyepoint.com Tue Mar 7 16:30:49 1995
> Subject: Re: Web Scripting Languages (was: Re: two-way communication in html)
> From: Alvin Starr <alvin@eyepoint.com>
> To: riddle@is.rice.edu
> Date: Tue, 7 Mar 1995 17:29:56 -0500
>
> > However, the assumption that it is possible to create a safe
> > interpreted environment for intelligent agents troubles me. The issue
> > is not just one of prohibiting agents from making arbitrary system
> > calls. Isn't it the case that any non-trivial application requires
> > access to data which are in some way sensitive, and that sensitive data
> > by definition would be vulnerable to misuse by a malicious agent?
> > (This is most obvious in the case of agents with write access, but
> > potentially true even if agents have only read access.) My point is
> > that if my data are sensitive, I will want to retain control of the
> > *algorithms* used to access them. Or am I missing something?
>
> I would argue that the agent is not as important as who's agent is it.
> If you give a person access to your system then what is wrong with giving
> their agent the same access. In this way all of the standard security rules
> that apply to normal users should apply to their agents.

Good point. Although I would like to be able to provide many classes
of services to people (or their agents) to whom I would never grant,
say, a Unix shell account.

A separate issue, but one we should consider as well, is that an
"intelligent" agent might be unintelligent enough to make certain
mistakes that a human would never make. I'm thinking of things like
getting into an infinite loop and issuing the same query a million
times (poorly programmed WWW robots are a current example of this).
The kinds of software pathology they've been worrying about for years
in the RISKS Digest all apply to intelligent agents, and both the
designers of agents and the designers of services that agents interact
with need to be aware of them. For this reason, it might be that I
would be willing to grant a human more access than I would grant his or
her robotic agent.

-- Prentiss Riddle ("aprendiz de todo, maestro de nada") riddle@rice.edu
-- Systems Programmer and RiceInfo Administrator, Rice University
-- 2002-A Guadalupe St. #285, Austin, TX 78705 / 512-323-0708
-- Opinions expressed are not necessarily those of my employer.