[Ndn-lib] ndn-cxx: extract identity from signed Interest

Alex Afanasyev alexander.afanasyev at ucla.edu
Fri Feb 27 15:55:53 PST 2015


> On Feb 27, 2015, at 8:49 AM, Junxiao Shi <shijunxiao at email.arizona.edu> wrote:
> 
> Hi Alex
> 
> Are you saying that, trust model should rather be defined in terms of certificates or namespaces, not in terms of identities?

Trust model should be defined.  How it is a different question.  In my opinion, the only way to define it is in terms of names (data names vs. certificate names).  Other elements such as “identity” can be introduced, but it is specific to a particular trust model.

> Suppose in real world, the owner of a house at 555 Main St, 85701 is allowed to turn on lights in the house.
> So, the trust model shall be defined as: a command is authorized if it has a valid signature, signed by a certificate that can be verified from one of the trust anchors, and covers /85701/MainSt/555/lights namespace.
> Is this correct?

Other trust models can exist that not necessarily follow this strict hierarchy.  There could be other trust models and there could be discontinuities within the certificate chain hierarchy.

> 
> Yours, Junxiao
> 
> On Thu, Feb 26, 2015 at 11:16 PM, Alex Afanasyev <alexander.afanasyev at ucla.edu <mailto:alexander.afanasyev at ucla.edu>> wrote:
> I can state my opinion on that.  There is no such concept as “identity” for the certificate.  Identity and key name are ways to organize hierarchy of certificates locally and does not require certificate name to be “converted” to identity.
> 
> On the other hand.  Within hierarchical trust model, certificate's name defines which namespace it covers.  I think, with the current code this can be extracted using ndn regular expressions.  In theory, this relates specifically to the trust model (validator) and not sure how this should really be exposed (or whether it needs to be exposed) to the application.
> 
>> Alex
> 
>> On Feb 26, 2015, at 7:48 PM, Junxiao Shi <shijunxiao at email.arizona.edu <mailto:shijunxiao at email.arizona.edu>> wrote:
>> 
>> Dear folks
>> 
>> Does the library provide any abstractions for extracting the identity of a signed Interest?
>> 
>> Yours, Junxiao
>> asked on behalf of Steve <http://redmine.named-data.net/issues/2200#note-24 <http://redmine.named-data.net/issues/2200#note-24>>
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/ndn-lib/attachments/20150227/6b27f8d8/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://www.lists.cs.ucla.edu/pipermail/ndn-lib/attachments/20150227/6b27f8d8/attachment.bin>


More information about the Ndn-lib mailing list