User:Zarutian/Authorization Certificates

From Erights

(Difference between revisions)
Jump to: navigation, search
Line 10: Line 10:
The recieptionist has an mapping of issuers to avatar objects.
The recieptionist has an mapping of issuers to avatar objects.
For each certificate in an sequence
For each certificate in an sequence
-
  the recieptionist checks the signeture of the certificate
+
1. the recieptionist checks the signeture of the certificate
-
  if invalid then an exception is thrown
+
if invalid then an exception is thrown
-
  the recieptionist then checks if it has an issuer to avatar mapping
+
3. the recieptionist then checks if it has an issuer to avatar mapping
-
  if not then an exception is thrown
+
if not then an exception is thrown
-
  then the recieptionist invokes the avatar object and passes it the instructions in the cert
+
4. then the recieptionist invokes the avatar object and passes it the instructions in the cert
-
  the avatar object is free to interpret those instructions as its programer sees fit.
+
5. the avatar object then interprets those instructions as its programer sees fit.

Revision as of 01:19, 1 July 2008

This is an idea I have been mulling over a bit.

An recieptionist (an object), that is reachable via an sturdyref, recivies an sequence of authorization certificates.

An certificate is an tuple of issuer, instructions and signeture of those two by the issuer. An issuer in above is simply an public key (or fingerprint of the key to identify it). The private key counterpart of that key is used to sign the certificate.

The recieptionist has an mapping of issuers to avatar objects. For each certificate in an sequence 1. the recieptionist checks the signeture of the certificate if invalid then an exception is thrown 3. the recieptionist then checks if it has an issuer to avatar mapping if not then an exception is thrown 4. then the recieptionist invokes the avatar object and passes it the instructions in the cert 5. the avatar object then interprets those instructions as its programer sees fit.

Personal tools
more tools