Feature #2856

Confine registered prefix within identity

Added by Junxiao Shi over 6 years ago. Updated over 6 years ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:
3.00 h


In prefix registration, confine registered prefix to the signer's identity.

  • Add a prefix_confinement boolean option to RIB configuration. The following rules apply only if this option is set to true.
  • A prefix registration/unregistration command is rejected if the signer's identity is not a prefix of the registered prefix.

Related issues

Blocked by NFD - Task #2857: Refactor RibManager to use ManagementDispatcherClosedJunxiao Shi

Blocked by NFD - Bug #2063: CommandValidator uses deprecated CommandInterestValidatorClosedJunxiao Shi10/13/2014


Updated by Junxiao Shi over 6 years ago

20150605 conference call concludes that ndn-cxx ValidatorConfig or its successor trust schema is incapable of implementing this confinement, because registered prefix is part of CommandParameters struct that is encoded into a NameComponent, and ValidatorConfig or trust schema is unable to understand or decode this struct.

There are two possible solutions:

  • Change ControlCommand or RibMgmt protocol so that the prefix is exposed as multiple NameComponents, such as: /localhop/nfd/rib/register/org/example/my-prefix/<other-parameters>/<signature>. The trust schema would be able to match the prefix.
  • Implement the confinement in RibManager code.

It's decided to take the second approach, in order to avoid the major protocol change which would affect all client libraries and applications.

It's also noted that, with the Management Dispatcher design (#2200), a custom authorization function can be specified for rib/register and rib/unregister commands, which allows easy implementation of the confinement in code.


Updated by Junxiao Shi over 6 years ago

  • Blocked by Task #2857: Refactor RibManager to use ManagementDispatcher added

Updated by Junxiao Shi over 5 years ago

  • Blocked by Bug #2063: CommandValidator uses deprecated CommandInterestValidator added

Also available in: Atom PDF