[Ndn-lib] ndn-cxx: extract identity from signed Interest

Junxiao Shi shijunxiao at email.arizona.edu
Fri Feb 27 08:49:59 PST 2015


Hi Alex

Are you saying that, trust model should rather be defined in terms of
certificates or namespaces, not in terms of identities?

Suppose in real world, the owner of a house at 555 Main St, 85701 is
allowed to turn on lights in the house.
So, the trust model shall be defined as: a command is authorized if it has
a valid signature, signed by a certificate that can be verified from one of
the trust anchors, and covers /85701/MainSt/555/lights namespace.
Is this correct?

Yours, Junxiao

On Thu, Feb 26, 2015 at 11:16 PM, Alex Afanasyev <
alexander.afanasyev at ucla.edu> wrote:

> I can state my opinion on that.  There is no such concept as “identity”
> for the certificate.  Identity and key name are ways to organize hierarchy
> of certificates locally and does not require certificate name to be
> “converted” to identity.
>
> On the other hand.  Within hierarchical trust model, certificate's name
> defines which namespace it covers.  I think, with the current code this can
> be extracted using ndn regular expressions.  In theory, this relates
> specifically to the trust model (validator) and not sure how this should
> really be exposed (or whether it needs to be exposed) to the application.
>
>> Alex
>
> On Feb 26, 2015, at 7:48 PM, Junxiao Shi <shijunxiao at email.arizona.edu>
> wrote:
>
> Dear folks
>
> Does the library provide any abstractions for extracting the identity of a
> signed Interest?
>
> Yours, Junxiao
> asked on behalf of Steve <
> http://redmine.named-data.net/issues/2200#note-24>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/ndn-lib/attachments/20150227/ee04459e/attachment.html>


More information about the Ndn-lib mailing list