Multi-agent systems are set to become one of the largest classes of
distributed dynamic computations -- but only if an adequate security
can be provided. Without a correct security mechanism, systems suffer 
from fundamental insecurities -- reflected in limited host privileges,
a lack of user trust and severe administrative constraints limiting
utility.

By considering both the historical contributions of computer security
and the needs of agent-based systems, we present requirements for
distributed security which emphasize the importance and the
separation of identification of responsibility from transmission
of rights. Existing security models are evaluated against these
requirements and generally found wanting. Consequently we propose 
a surprisingly simple but demonstrably powerful security model for
multi-agent systems in which fine-grained trust contexts are generated
automatically; which supports the transmission of rights, and hence
delegation of responsibility; and which supports accountability and
auditing -- but which is also provably correct in polynomial time.
We illustrate this scheme by means of several typical agent security
scenarios, highlighting how current models fall short.