User:Zarutian/Authorization Certificates

From Erights

< User:Zarutian(Difference between revisions)
Jump to: navigation, search
(added some notes)
(fix spelling and link to sturdyref)
 
(5 intermediate revisions not shown)
Line 1: Line 1:
This is an idea I have been mulling over a bit.
This is an idea I have been mulling over a bit.
-
An recieptionist (an object), that is reachable via an sturdyref,  
+
An receptionist (an object), that is reachable via an [[sturdyref]],  
-
recivies an sequence of authorization certificates.
+
receives an sequence of authorization certificates.
-
An certificate is an tuple of issuer, instructions and signeture of those two by the issuer.
+
An certificate is an tuple of issuer, instructions and signature of those two by the issuer.
An issuer in above is simply an public key (or fingerprint of the key to identify it).
An issuer in above is simply an public key (or fingerprint of the key to identify it).
The private key counterpart of that key is used to sign the certificate.
The private key counterpart of that key is used to sign the certificate.
-
The recieptionist has an mapping of issuers to avatar objects.
+
The receptionist has an mapping of issuers to avatar objects.
  For each certificate in an sequence
  For each certificate in an sequence
-
   the recieptionist checks the signeture of the certificate
+
   the receptionist checks the signature of the certificate
   if invalid then an exception is thrown
   if invalid then an exception is thrown
-
   the recieptionist then checks if it has an issuer to avatar mapping
+
   the receptionist then checks if it has an issuer to avatar mapping
   if not then an exception is thrown
   if not then an exception is thrown
-
   then the recieptionist invokes the avatar object and passes it the instructions in the cert
+
   then the receptionist invokes the avatar object and passes it the instructions in the cert
   the avatar object then interprets those instructions as its programer sees fit.
   the avatar object then interprets those instructions as its programer sees fit.
-
An facet of the recieptionist handles introductions of new issuers and construction of avatar
+
An facet of the receptionist handles introductions of new issuers and construction of avatar
-
objects for those issuers. (Some such introductions wouldnt out live the session of the current
+
objects for those issuers. (Some such introductions wouldn't out live the session of the current
sequence).
sequence).
-
One type of certificate would be an online challange-response requesting certificate
+
One type of certificate would be an online challenge-response requesting certificate
where an capability to the requester would be passed to an avatar object if it succeeds.
where an capability to the requester would be passed to an avatar object if it succeeds.

Latest revision as of 14:42, 7 July 2008

This is an idea I have been mulling over a bit.

An receptionist (an object), that is reachable via an sturdyref, receives an sequence of authorization certificates.

An certificate is an tuple of issuer, instructions and signature of those two by the issuer. An issuer in above is simply an public key (or fingerprint of the key to identify it). The private key counterpart of that key is used to sign the certificate.

The receptionist has an mapping of issuers to avatar objects.

For each certificate in an sequence
  the receptionist checks the signature of the certificate
  if invalid then an exception is thrown
  the receptionist then checks if it has an issuer to avatar mapping
  if not then an exception is thrown
  then the receptionist invokes the avatar object and passes it the instructions in the cert
  the avatar object then interprets those instructions as its programer sees fit.

An facet of the receptionist handles introductions of new issuers and construction of avatar objects for those issuers. (Some such introductions wouldn't out live the session of the current sequence).

One type of certificate would be an online challenge-response requesting certificate where an capability to the requester would be passed to an avatar object if it succeeds.

Personal tools
more tools