I was thinking about this and it might be interesting (although very difficult) to completely specify the agent in XML...then the agent could be compressed and encrypted easily.
Currently my thinking on this is that we have an option for security, without it the system does no authentication. With it, SSL is used and before accepting an agent the connecting server must be authenticated in some way. Probably with a public key/private key exchange.
Although, we should be able to support mutiple authentication methods...so when a server contacts another, the first thing that happens is that the server announces what types of authentication it supports. Then the connecting server can decide which to use, depending on what support it may have available.
There is large concern that a user's profile (carried by an agent) can be compromised and email addresses, credit card numbers and other sensitive information be revealed unwittingly. We'll have to allow an option to encrypt all data carried by the agent, so that only authorized data may be accessed.
We should also apply good accounting practices, keeping track of who accesses what personal data, etc.
Before releasing any data, authentication needs to occur if we allow any agent to agent communication.
the servers can be registered for...by agents or other programs. A garbage collection-like thread could periodically check all the handles to make sure the server is still needed. We should also provide for 'persistent' servers...the ability for an agent or program to request that a server remain available even if the requesting object is no longer present on the server host.
This could be part of the initial startup sequence, where a current list of active agents is exchanged.