Skip to content

Security

Security is a critical aspect of the UIM Protocol, ensuring that interactions between AI agents and web services are secure, private, and compliant with relevant regulations. This section provides detailed information about the security aspects of the protocol.

1. Security Overview

The UIM Protocol incorporates several security mechanisms to protect the integrity, confidentiality, and availability of data and services:

  • Authentication: Verifying the identity of AI agents and web services
  • Authorization: Controlling access to resources and actions
  • Encryption: Protecting data in transit and at rest
  • Policy Enforcement: Ensuring compliance with usage policies and regulations
  • Rate Limiting: Preventing abuse and ensuring fair usage
  • Audit Logging: Tracking and monitoring activities for security and compliance purposes

2. Authentication

Authentication is the process of verifying the identity of an entity (in this case, an AI agent or web service). The UIM Protocol uses Policy Adherence Tokens (PATs) as the primary authentication mechanism.

2.1 Policy Adherence Tokens (PATs)

PATs are JSON Web Tokens (JWTs) that are issued by web services to AI agents after the agents have agreed to the service's policies. PATs serve as both authentication and authorization tokens, containing claims about the identity of the AI agent and the permissions granted to it.

2.1.1 PAT Structure

PATs are structured as JWTs with the following claims:

  • iss (Issuer): The service identifier that issued the token
  • sub (Subject): The AI agent identifier that the token was issued to
  • exp (Expiration Time): The time after which the token is no longer valid
  • nbf (Not Before): The time before which the token is not valid
  • jti (JWT ID): A unique identifier for the token
  • scope: An array of permitted intents and operations
  • pol (Policy): A reference to the policy that the token adheres to
  • lmt (Limits): Rate limiting parameters and other usage constraints

2.1.2 PAT Issuance

The PAT issuance process involves the following steps:

  1. Policy Retrieval: The AI agent retrieves the policy from the web service's policy endpoint.
  2. Policy Agreement: The AI agent reviews the policy and decides whether to agree to it.
  3. Signature Generation: If the AI agent agrees to the policy, it digitally signs the policy using its private key.
  4. PAT Request: The AI agent sends a request to the web service's PAT issuance endpoint, including its identifier, the signed policy, and its public key.
  5. Verification: The web service verifies the AI agent's signature using the provided public key.
  6. PAT Issuance: If the signature is valid, the web service issues a PAT to the AI agent.

2.1.3 PAT Usage

The AI agent includes the PAT in the Authorization header of each request to the web service, using the Bearer scheme:

Authorization: Bearer <PAT>

The web service verifies the PAT's signature, expiration time, and other claims before processing the request.

3. Authorization

Authorization is the process of determining whether an authenticated entity has permission to perform a specific action or access a specific resource. In the UIM Protocol, authorization is primarily handled through the scope claim in the PAT.

3.1 Scope-Based Authorization

The scope claim in the PAT specifies the intents and operations that the AI agent is authorized to perform. Each scope entry typically follows the format:

<intent_uid>:<operation>

For example:

example.com:search-products:v1:execute

This scope entry authorizes the AI agent to execute the search-products intent (version 1) provided by example.com.

3.2 Rate Limiting

Rate limiting is an important aspect of authorization, preventing abuse and ensuring fair usage of resources. The lmt claim in the PAT specifies the rate limits that apply to the AI agent.

Example lmt claim:

"lmt": {
  "rate": 100,
  "period": 3600
}

This limits the AI agent to 100 requests per hour (3600 seconds).

4. Encryption

Encryption is used to protect data in transit and at rest, ensuring that sensitive information remains confidential.

4.1 Transport Layer Security (TLS)

All communications between AI agents and web services MUST use TLS (HTTPS) to encrypt data in transit. This protects against eavesdropping, tampering, and message forgery.

4.2 Key Management

Both AI agents and web services MUST securely manage their cryptographic keys:

  • Private Keys: Must be stored securely and never shared.
  • Public Keys: Can be shared freely but must be verified to prevent man-in-the-middle attacks.
  • Key Rotation: Keys should be rotated periodically to limit the impact of key compromise.

5. Policy Enforcement

Policy enforcement ensures that AI agents adhere to the policies defined by web services. These policies may include usage limits, billing agreements, data handling requirements, and compliance with regulations.

5.1 Policy Definition

Policies are defined using the Open Digital Rights Language (ODRL) Information Model 2.2, which provides a standardized way to express permissions, prohibitions, and obligations.

5.2 Policy Verification

Web services verify that AI agents adhere to policies by:

  • Checking PAT Validity: Ensuring that the PAT is valid and has not expired.
  • Verifying Scope: Confirming that the requested operation is within the scope of the PAT.
  • Enforcing Rate Limits: Ensuring that the AI agent has not exceeded the rate limits specified in the PAT.
  • Monitoring Compliance: Tracking the AI agent's activities to ensure compliance with the policy.

6. Audit Logging

Audit logging is essential for security monitoring, compliance, and incident response. Both AI agents and web services should maintain logs of security-relevant events.

6.1 Events to Log

  • Authentication Events: Successful and failed authentication attempts.
  • Authorization Events: Access granted or denied to resources.
  • Policy Events: Policy agreements, PAT issuance, and policy violations.
  • Intent Execution: Execution of intents, including parameters and results.
  • Error Events: Security-related errors and exceptions.

6.2 Log Content

Each log entry should include:

  • Timestamp: When the event occurred.
  • Event Type: The type of event (e.g., authentication, authorization).
  • Actor: The entity that performed the action (e.g., AI agent, web service).
  • Action: The action that was performed.
  • Resource: The resource that was accessed.
  • Result: The outcome of the action (e.g., success, failure).
  • Details: Additional context-specific information.

7. Security Best Practices

7.1 For AI Agents

  • Secure Key Storage: Store private keys securely, using hardware security modules (HSMs) when possible.
  • Policy Validation: Validate policies before agreeing to them, ensuring they are reasonable and do not pose security risks.
  • PAT Management: Securely store PATs and renew them before they expire.
  • Input Validation: Validate all input from web services to prevent injection attacks.
  • Error Handling: Handle errors gracefully without exposing sensitive information.

7.2 For Web Services

  • Secure Key Storage: Store private keys securely, using HSMs when possible.
  • Input Validation: Validate all input from AI agents to prevent injection attacks.
  • Rate Limiting: Implement rate limiting to prevent abuse.
  • Monitoring: Monitor for suspicious activities and potential security breaches.
  • Regular Security Assessments: Conduct regular security assessments to identify and address vulnerabilities.

8. Compliance Considerations

8.1 Data Protection Regulations

Web services must comply with relevant data protection regulations, such as the General Data Protection Regulation (GDPR) in the European Union or the California Consumer Privacy Act (CCPA) in the United States.

8.2 Industry-Specific Regulations

Depending on the industry, additional regulations may apply, such as the Health Insurance Portability and Accountability Act (HIPAA) for healthcare or the Payment Card Industry Data Security Standard (PCI DSS) for financial services.

8.3 Compliance Documentation

Web services should maintain documentation of their compliance efforts, including:

  • Privacy Policies: Clearly stating how data is collected, used, and protected.
  • Terms of Service: Outlining the terms under which the service is provided.
  • Data Processing Agreements: Defining the responsibilities of data processors.
  • Security Policies: Documenting security measures and practices.

9. Conclusion

Security is a fundamental aspect of the UIM Protocol, ensuring that interactions between AI agents and web services are secure, private, and compliant with relevant regulations. By following the security guidelines and best practices outlined in this section, implementers can create secure and trustworthy UIM Protocol implementations.