Feature #1529
closed
PIB service
Description
SecPublicInfo is a database containing public information of keys (such as identity, public key, and certificates).
When an application needs to sign a data (or interest), SecPublicInfo provides the information that can help the application to select the appropriate signing key and the corresponding certificate of the signing key.
For now, SecPublicInfo is implemented as a file-based database with sqlite3 interfaces.
Such an implementation may have following issues:
- Language Dependency: the public information should be platform-independent, i.e., applications and libraries developed in different languages should be able to get the public information.
- Flexibility: If people want to develop a new library that will use the public information, they should follow a standard protocol or interface, instead of a detailed implementation.
- Access Control: all the public information is stored in a file. Anyone who has the access to the file can change the public information, so that application may sign data based on wrong information.
- Multi-User Support: The file containing the database is a file under a user's home directory, so that each user has its own public information database which is not shared with other users. However, for system-level applications (such as nrd and nfd), they may need users' public information. For users, public information of system level application would also be useful.
Therefore, it would be better to make SecPublicInfo as a service which provides an lookup interface and also serves as a guard of the public information.
Here is a rough idea about this service (detailed protocol design will be posted on wiki page):
- The service is still implemented as an NDN application and runs as a daemon.
- Read operations (lookups) will be implemented as normal interests.
- Write operation (adding/deleting/modifying) will be implemented as command interests (to enable access control)
- The service will also publish certificates in the database.
Design doc is available at http://redmine.named-data.net/projects/ndn-cxx/wiki/PublicKey_Info_Base
Updated by Alex Afanasyev over 10 years ago
- Category set to Security
- Target version set to v0.2
Updated by Yingdi Yu over 10 years ago
- Status changed from New to In Progress
- % Done changed from 0 to 20
Updated by Junxiao Shi over 10 years ago
- Target version changed from v0.2 to v0.3
20140612 conference call approves to defer this to 0.3.
Updated by Yingdi Yu over 10 years ago
- Description updated (diff)
- % Done changed from 20 to 30
Updated by Yingdi Yu over 10 years ago
- Status changed from In Progress to Code review
- % Done changed from 30 to 100
Updated by Junxiao Shi almost 10 years ago
- Blocks Feature #2181: Disallow unsolicited Data from local apps added
Updated by Junxiao Shi over 9 years ago
- Blocked by Feature #2279: Signal: allow only owner to emit events added
Updated by Junxiao Shi over 9 years ago
- Status changed from Code review to In Progress
Yingdi reveals at 20150218 conference call that further progress of PIB service is blocked by "the new EventEmitter" aka Signal, which is in fact completed two months ago.
Yingdi agrees to resume working on PIB service.
Since additional work is needed in this issue, Status is reverted to 'In Progress'.
Updated by Junxiao Shi over 9 years ago
- Tracker changed from Task to Feature
- Subject changed from Make SecPublicInfo as a service to PIB service
- Target version changed from v0.3 to v0.4
- Start date deleted (
04/23/2014)
Updated by Junxiao Shi over 9 years ago
- Blocks Feature #1794: Make KeyChain use PIB Service added
Updated by Junxiao Shi over 9 years ago
- Related to Feature #3018: PIB service added
Updated by Junxiao Shi over 9 years ago
- Status changed from In Progress to Abandoned
As decided in 20150720 conference call, PIB service is placed into ndn-tools repository (#3018). ndn-cxx feature-pib branch will be pruned.