security?

[greenpdx]

Years ago FIPA (Foundation Intelligent Physical Agents) had something like this. Security was a a huge concern. A language with designed to be agent is a great idea. Now the security of the operating environment for that language needs to be designed.

Cool Idea!

There needs to be a agent system for this Internet of Things.

[c3d]

Yes. Security is a major concern, as was shown in the discussion on Slashdot. I wanted to have a release to test other aspects, but security is high on the to-do list.

Design constraints and ideas:

1. Performance and size. I don't want to double the size of the code just to have cryptography. Libcryptopp for example is about 3.8x the size of Eliot! The way I wanted to do that was by implementing for example one-time pad XOR cryptography, provided I can find a way to generate the one-time pad that is reasonably safe and efficient (which, granted, is not obvious).

2. Feature-based. It's not a file system, but a language, so you want to grant access to protected features (e.g. functions or variables). The way I planned to do it was by encapsulating features that require access in a module, and having module import to security checks before populating the symbol table. A feature that is no granted is not visible, it's just no in the symbol table at all.

3. Respects language semantics and scoping rules: A function may need a protected feature, that should not necessarily grant access to the whole program. Again, this can be achieved simply by obeying normal scoping rules, i.e. if a function imports a module, the calling function does not inherit the symbols.

I have relatively precise ideas on how to do that, because the pro version of Tao3D, which uses a language quite similar to Eliot, has some features that require specific licenses, and supports code encryption. But Tao3D does not have constraints on size, so we just use libcryptopp and that works in that case.