[Jsdsi-users] Re: Other features offered by JSDSI
Status: Pre-Alpha
Brought to you by:
sajma
Menu
▾
▴
[Jsdsi-users] Re: Other features offered by JSDSI
|
From: Sameer A. <aj...@gm...> - 2006-01-20 14:07:15
|
On 1/20/06, Somaya Aboulwafa <som...@ya...> wrote: > Hi Sameer, > > I understand now that with JSDSI I can do the > following: > 1. Creating and Signing Certificates > 2. Verifying Certificates signatures > 3. Building a certificates path from a group of > certificates > 4. certificates paths validation > > I'd like to know what other features that jsdsi > support. You have listed the main features, but in addition there's: - certificate and s-expression parsing and marshalling - an LDAP certificate storage system (I'm not familiar with this, though) and I'm sure there are others, but I'd have to go look at the APIs... > > Also I would be grateful if you give me an insight on > how (in theory) jsdsi makes certificate paths > validation? A certificate path is essentially a series of certificates that, when taken together, imply another certificate (either a name cert or authorization cert); this implied cert is included with the path to aid in validation. The basic operation of validation is certificate "composition" (the SPKI RFC describes the rules for composing certs).=20 Validation works as follows: the certificates in the path are composed, one after the other, each time checking that the signatures are valid. If the final resulting cert "implies" (grants the same or stronger authorization than) the desired cert, then the path is valid. S > > Thanks you > Somaya > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > -- Sameer http://ajmani.net |
