[Jsdsi-users] Re: Other features offered by JSDSI
Status: Pre-Alpha
Brought to you by:
sajma
Menu
▾
▴
[Jsdsi-users] Re: Other features offered by JSDSI
|
From: Somaya A. <som...@ya...> - 2006-01-20 14:31:30
|
Hi, Now what I have understood is that, for one to implement certificate based access control, assume the following scenario: Alice offers a service X and it has an access control rule stating what credentials are required for accessing X. Bob wants to access service X offered by Alice. Bob then sends Alice his request with some certificates he owns. Alice then will : 1- Build a certificates path for Bobs certificates using jsdsi resulting in a final certificate (call it Result_Certificate) 2- Build a virtual certificate thats equivalent to its access control rule (call it Temp_Certificate) 3- Make a validation using jsdsi between the (Result_Certificate) and the Temp_Certificate (which is done internally by checking whether Result_Certificate "implies" Temp_Certificate. Do I have any misunderstanding? What about certificates revocation and CRL and ACL and all this stuff ? If Alice receive a certificate from bob, how could she makes sure that this certificate is not revoked and that it is currently valid? Is this the developers job as well? Many Thanks Somaya --- Sameer Ajmani <aj...@gm...> wrote: > On 1/20/06, Somaya Aboulwafa > <som...@ya...> wrote: > > Hi Sameer, > > > > I understand now that with JSDSI I can do the > > following: > > 1. Creating and Signing Certificates > > 2. Verifying Certificates signatures > > 3. Building a certificates path from a group of > > certificates > > 4. certificates paths validation > > > > I'd like to know what other features that jsdsi > > support. > > You have listed the main features, but in addition > there's: > - certificate and s-expression parsing and > marshalling > - an LDAP certificate storage system (I'm not > familiar with this, though) > and I'm sure there are others, but I'd have to go > look at the APIs... > > > > > Also I would be grateful if you give me an insight > on > > how (in theory) jsdsi makes certificate paths > > validation? > > A certificate path is essentially a series of > certificates that, when > taken together, imply another certificate (either a > name cert or > authorization cert); this implied cert is included > with the path to > aid in validation. The basic operation of > validation is certificate > "composition" (the SPKI RFC describes the rules for > composing certs). > Validation works as follows: the certificates in the > path are > composed, one after the other, each time checking > that the signatures > are valid. If the final resulting cert "implies" > (grants the same or > stronger authorization than) the desired cert, then > the path is valid. > > S > > > > > Thanks you > > Somaya > > > > > > __________________________________________________ > > Do You Yahoo!? > > Tired of spam? Yahoo! Mail has the best spam > protection around > > http://mail.yahoo.com > > > > > -- > Sameer > http://ajmani.net > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com |
