An issue of Authenticity


The scene: You are an agent1 in a universe populated by agents. Agents hold tokens2 via which they address messages to other agents.3 Such tokens may be sent in messages. Agents in this universe wish to establish and maintain reputations. Note here that I may trust an agent that you don’t and vice-versa.

Some agents produce other agents. Such an agent may have a reputation for producing agents with some other reputation. In this note any trusted class is the yield of some particular agent called the source of the class.

In short you trust the source. Situations arise, however, where agent A requests of some source the birth of agent B. Subsequently A passes the B’s token to C. C trusts the source but does not trust B. How is C to be assured that The token is for the trusted agent?
I believe that the general solution is for you to ask the trusted source whether A was his yield. If tokens may be compared for equality in this universe then the source may consult a list of his yields and provide an accurate answer.

In some universes it is prohibitive or very expensive to keep such a list and the cost would fall on the wrong party. The search is necessarily linear since sorting is impossible with EQ as the only compare operation between tokens. Such lists contravene garbage collection when being on such a list is the sole reason for preserving an agent.

In LISP, posit an operation SEAL that joins two values to produce an anonymous atom (without a print name), and a corresponding operation UNSEAL that reverses SEAL. The defining equations are:

(EQ (UNSEAL x (SEAL x y)) y)
(ATOM (SEAL x y))
(OR (EQ (UNSEAL x (SEAL z y)) NIL) (EQ x z))

Now, for the above case, B passes to me a sealed token to the trusted service and I call the source who unseals the token and returns it to me. I am thus assured that I have a token to an authentic agent. A unique atom is generated as the class is invented (with gensym perhaps) and the source keeps that atom as the seal unique to this class.

In scheme this can be coded as:

(DEFINE SEAL (X Y) (

1 Think object, encapsulated instance or some such.

2 Think capabilities, ports or references.

3 Calling may serve here in place of messaging.