Skip to content
This repository has been archived by the owner on Nov 2, 2021. It is now read-only.

cred_delegates

Jump to bottom
Ulf Wiger edited this page Jul 26, 2016 · 1 revision

Background

Currently, credentials (regulating which services can be registered/invoked), can only be signed by the root authority. We would like to be able to delegate signing authority, while controlling which services can be granted.

Proposal

Add a "delegates" field to the credential structure.

"delegates": [
   {"keys": ["PubKey1"],
    "right_to_invoke": ["Pattern1"],
    "right_to_register": ["Pattern11"]}
  ]

When delegates are specified in a credential signed by the root authority, the owner of the given public keys (exemplified by "PubKey1" above), can create new credentials, signed with the corresponding private key. The service names given in the "right_to_invoke" and "right_to_register" must be sub-patterns of the ones given in the matching delegate entry.

Example

Given a delegate D with the following public key (PEM-encoded): MIIBI...FQIDAQAB, and given that we want to delegate authority to control access to the HVAC, we want D to be able to create a credential - let's call it Cred(D) - with the following content:

{
  "right_to_invoke": ["genivi.org/android/mN2XDXuzT3K4TEZkLwB2Lg/hvac/seat_heat_left"]
}

In a credential provided (and signed) by the root authority, we could include something like this:

"delegates": [
  {"keys": ["MIIBI...FQIDAQAB"],
   "right_to_invoke": ["genivi.org/android/mN2XDXuzT3K4TEZkLwB2Lg/hvac"]
  }
 ]

When validating the credential created by D, we perform the following steps:

  • Validate the cred signature. This could be done most simply by first trying the root public key, then the public keys of any know delegates.
  • Verify that the "right_to_invoke" and "right_to_register" lists in Cred(D) only contain patterns for which there is a corresponding prefix in the delegate entry. If wildcards are present in the patterns of Cred(D) they must either correspond to wildcards in the same position in the delegate entry, or be in the tail part following a matching prefix. That is, the patterns in Cred(D) can be more specific as, but not more general than, matching patterns in the delegate entry.
Clone this wiki locally