Pico Agent in a Tab One Click to Identify?
Pico Agent In A Tab One Click to Identify?
Convener(s): Bruce Conrad
Notes-taker(s): Bruce Conrad
Tags for the session - technology discussed/ideas considered:
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
I invited Sam Curren to join us and his contributions are hereby acknowledged.
We began with the end in mind.
Alice, who has a relationship with Faber College, goes to their website and is recognized as Alice. Just one click.
Alice Links page shown here. It is a simple UI face or surface for her agent, which is running inside this browser tab.
The agent here surfaces one link per agent-to-agent connection which involves a web page.
Faber College page which opens up when Alice clicks on that link in her connections page.
Notice that Alice is recognized, because of the pre-existing agent-to-agent connection between her local agent and Faber College’s agent.
Mallory, looking over Alice’s shoulder (physically or by network package sniffing), tries to impersonate her (simulated here with an incognito browser).
When it is Alice, Faber College recognizes her. Anyone else using the same link will not be recognized because they do not have possession of Alice’s agent.
The fragment portion of a URL is not (normally) sent to the server, although some browsers do this. Even so, it is of no use to Mallory.
Sam described routing agents, and we came up with this diagram.
Two agents are operating inside of Alice’s hardware domain. A local tab has Alice’s agent in it, but a tab with content from Faber College (F.C.) has Faber’s agent for Alice’s machine in it. Both require a routing agent (because Alice is using a hardware edge device).
Alice (her local agent) accepts an invitation to connect from the F.C. agent and a connection is made between them. The URL fragment (introduced by the “#” character) consists in this prototype of simple the DID for Alice’s side of that connection. The F.C. homepage uses that fact to recognize Alice. The same DID used by anyone else will not “work” because the attacker will not have an agent with a connection to F.C. using the same DID.
We then had a very interesting discussion of how this might be applied to a call center application to pre-flight a voice conversation. This was largely between Vic (of HearO) and Sam, and was fascinating. Hopefully it will continue, perhaps over lunch.