Confine registered prefix within identity
In prefix registration, confine registered prefix to the signer's identity.
- Add a
prefix_confinementboolean option to RIB configuration. The following rules apply only if this option is set to true.
- A prefix registration/unregistration command is rejected if the signer's identity is not a prefix of the registered prefix.
Updated by Junxiao Shi over 4 years ago
20150605 conference call concludes that ndn-cxx ValidatorConfig or its successor trust schema is incapable of implementing this confinement, because registered prefix is part of
CommandParameters struct that is encoded into a NameComponent, and ValidatorConfig or trust schema is unable to understand or decode this struct.
There are two possible solutions:
- Change ControlCommand or RibMgmt protocol so that the prefix is exposed as multiple NameComponents, such as:
/localhop/nfd/rib/register/org/example/my-prefix/<other-parameters>/<signature>. The trust schema would be able to match the prefix.
- Implement the confinement in
It's decided to take the second approach, in order to avoid the major protocol change which would affect all client libraries and applications.
It's also noted that, with the Management Dispatcher design (#2200), a custom authorization function can be specified for rib/register and rib/unregister commands, which allows easy implementation of the confinement in code.