The paper describes a system architecture which offers the ability to
host mobile agents (so-called Web-agents) on a Web server. This is done
by a special server extension module called 'server agent environment'
(SAE). The agents may access local data of the Web server and may communicate
with other Web-agents or with human users. The paper discusses the different
security issues that arise in such a system and shows how we address the
problems. Concerning system and network security, we present a solution
based on security packages, protection domains, and agent capabilities.
This provides a flexible way to restrict an agent's possibility to access
the local server data or access the network. Since we also aim at providing
our SAE as a plug-in for other Web servers, we show how this is supported
by our system architecture.