<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<font face="Times New Roman, Times, serif">The same general approach
was explored earlier in this paper (in the context of CCNx, but
applicable to NDN):<br>
</font><br>
<meta http-equiv="content-type" content="text/html;
charset=windows-1252">
J. Kurihara, C. A. Wood, and E. Uzun, <br>
<a href="http://sprout.ics.uci.edu/projects/ndn/papers/ccnac15.pdf">An
Encryption-Based Access Control Framework for Content-Centric
Networking</a>, <br>
<i> in IFIP Networking</i>, Toulouse, France, 2015.<br>
<br>
Cheers,<br>
Gene Tsudik<br>
<br>
<br>
<br>
<div class="moz-cite-prefix">On 3/19/17 12:43 PM, Lan Wang (lanwang)
wrote:<br>
</div>
<blockquote
cite="mid:198DC159-E532-4AB5-BB8D-38BE79689215@memphis.edu"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
Jongdeog’s question is about access control. Rather than
emulating how the current solutions work, an NDN producer can
encrypt the data and distribute the data decryption key to the
user (using the user’s public key to encrypt the data decryption
key). See "Name-Based Access Control." Y. Yu, A. Afanasyev, L.
Zhang.<br class="">
NDN, Technical Report NDN-0034. <a moz-do-not-send="true"
href="https://named-data.net/publications/techreports/ndn-0034-2-nac/"
class="">https://named-data.net/publications/techreports/ndn-0034-2-nac/</a><br
class="">
<div class="">
<div style="color: rgb(0, 0, 0); font-family: Helvetica;
font-style: normal; font-variant: normal; font-weight: normal;
letter-spacing: normal; line-height: normal; orphans: 2;
text-align: -webkit-auto; text-indent: 0px; text-transform:
none; white-space: normal; widows: 2; word-spacing: 0px;
-webkit-text-size-adjust: auto; -webkit-text-stroke-width:
0px; word-wrap: break-word; -webkit-nbsp-mode: space;
-webkit-line-break: after-white-space; " class="">
<div style="color: rgb(0, 0, 0); font-family: Helvetica;
font-style: normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height: normal;
orphans: 2; text-align: -webkit-auto; text-indent: 0px;
text-transform: none; white-space: normal; widows: 2;
word-spacing: 0px; -webkit-text-size-adjust: auto;
-webkit-text-stroke-width: 0px; word-wrap: break-word;
-webkit-nbsp-mode: space; -webkit-line-break:
after-white-space; " class="">
<span class="Apple-style-span" style="border-collapse:
separate; font-variant-ligatures: normal;
font-variant-position: normal; font-variant-numeric:
normal; font-variant-alternates: normal;
font-variant-east-asian: normal; line-height: normal;
border-spacing: 0px;">
<div style="word-wrap: break-word; -webkit-nbsp-mode:
space; -webkit-line-break: after-white-space; " class="">
<div class=""><br class="Apple-interchange-newline">
Lan</div>
</div>
</span></div>
</div>
</div>
<br class="">
<div>
<blockquote type="cite" class="">
<div class="">On Mar 19, 2017, at 7:19 AM, Junxiao Shi <<a
moz-do-not-send="true"
href="mailto:shijunxiao@email.arizona.edu" class="">shijunxiao@email.arizona.edu</a>>
wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<div dir="ltr" class="">
<div class="">Hi Jongdeog</div>
<div class=""><br class="">
</div>
<div class="">First of all, any NDN application, including
ndnping, has a "producer and consumer model". I guess
you mean "server and client model". The client can
download from the server, and can upload to the server.
During the upload, the client would act as a producer
while the server acts as a consumer.</div>
<div class=""><br class="">
</div>
<div class="">In web technology, "log-in" means session
management. A Windows 7 era example: Alice wants to
access her Hotmail mailbox. She visits
<a moz-do-not-send="true" href="http://hotmail.com/"
class="">hotmail.com</a>, which redirects her to
Windows Live ID sign-in page. Over there, she either
types her username and password, or selects a smartcard
via Windows CardSpace. Windows Live ID issues a token
(as a browser cookie) to Alice, which is accepted by <a
moz-do-not-send="true" href="http://hotmail.com/"
class="">hotmail.com</a> and Alice is able to access
her mailbox. When she finishes, pressing sign-out
revokes the token so that nobody else can use it.</div>
<div class=""><br class="">
</div>
<div class="">
<div class="">
<div class="">The session token / session cookie in
web technology is equivalent to certificate in NDN.</div>
</div>
The NDN equivalent of the above, assuming using
smartcard, is: Alice issues a certificate for her
Hotmail session and have it signed by her smartcard, she
can then access Hotmail with this certificate. Session
ends when the certificate expires.</div>
<div class="">The case with username+password is more
complicated in NDN, but still doable: Alice generates
a key pair, and sends a certificate request along with
the username+password to Windows Live ID sign-in service
(the message is encrypted by Windows Live ID site's
public key). After obtaining a certificate from Windows
Live ID, Alice can issue herself a Hotmail session
certificate.</div>
<div class=""><br class="">
</div>
<div class="">Yours, Junxiao<br class="">
</div>
<div class="gmail_extra"><br class="">
<div class="gmail_quote">On Thu, Mar 9, 2017 at 3:56 PM,
Lee, Jongdeog <span dir="ltr" class="">
<<a moz-do-not-send="true"
href="mailto:jlee700@illinois.edu" target="_blank"
class="">jlee700@illinois.edu</a>></span>
wrote:<br class="">
<blockquote class="gmail_quote" style="margin:0px 0px
0px
0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid">
<div class="">
<div style="font-family: tahoma; font-size: 10pt;
direction: ltr;" class="">Dear all,<br class="">
<div class=""><br class="">
Hope all of you are doing fine. I have a
question regarding NDN log-in mechanism.<br
class="">
<br class="">
Given that we have producer and consumer
model, what would be a secure (possibly
standard) log-in mechanism? Or there is no
such thing in NDN world by assuming that all
producer and consumer have public-private key
pairs?<br class="">
<br class="">
Best wishes,<br class="">
<div style="font-family:tahoma;font-size:13px"
class="">
<div
style="font-family:tahoma;font-size:13px"
class="">
<div class="">Jongdeog Lee (JD)</div>
</div>
</div>
</div>
</div>
</div>
<br class="">
<br class="">
</blockquote>
</div>
<br class="">
</div>
</div>
_______________________________________________<br class="">
Ndn-interest mailing list<br class="">
<a moz-do-not-send="true"
href="mailto:Ndn-interest@lists.cs.ucla.edu" class="">Ndn-interest@lists.cs.ucla.edu</a><br
class="">
<a class="moz-txt-link-freetext" href="http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest">http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest</a><br
class="">
</div>
</blockquote>
</div>
<br class="">
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Ndn-interest mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Ndn-interest@lists.cs.ucla.edu">Ndn-interest@lists.cs.ucla.edu</a>
<a class="moz-txt-link-freetext" href="http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest">http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest</a>
</pre>
</blockquote>
<br>
</body>
</html>