[Ndn-lib] ndn-cxx: extract identity from signed Interest
shijunxiao at email.arizona.edu
Fri Feb 27 08:49:59 PST 2015
Are you saying that, trust model should rather be defined in terms of
certificates or namespaces, not in terms of identities?
Suppose in real world, the owner of a house at 555 Main St, 85701 is
allowed to turn on lights in the house.
So, the trust model shall be defined as: a command is authorized if it has
a valid signature, signed by a certificate that can be verified from one of
the trust anchors, and covers /85701/MainSt/555/lights namespace.
Is this correct?
On Thu, Feb 26, 2015 at 11:16 PM, Alex Afanasyev <
alexander.afanasyev at ucla.edu> wrote:
> I can state my opinion on that. There is no such concept as “identity”
> for the certificate. Identity and key name are ways to organize hierarchy
> of certificates locally and does not require certificate name to be
> “converted” to identity.
> On the other hand. Within hierarchical trust model, certificate's name
> defines which namespace it covers. I think, with the current code this can
> be extracted using ndn regular expressions. In theory, this relates
> specifically to the trust model (validator) and not sure how this should
> really be exposed (or whether it needs to be exposed) to the application.
> On Feb 26, 2015, at 7:48 PM, Junxiao Shi <shijunxiao at email.arizona.edu>
> Dear folks
> Does the library provide any abstractions for extracting the identity of a
> signed Interest?
> Yours, Junxiao
> asked on behalf of Steve <
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Ndn-lib