Apps Messaging: security
Mark Taylor
m.b.taylor at bristol.ac.uk
Tue Apr 10 05:15:16 PDT 2007
On Tue, 10 Apr 2007, John Taylor wrote:
>> John,
>>
>> I think this is what I proposed before, but if we're starting from
>> scratch it can be a bit simpler: the register message is
>>
>> secret-id = register*(hub-secret)
>>
>> and the returned secret-id is used, as per your existing method signatures,
>> as sender identification for every communication between the application
>> and the hub, e.g.
>>
>> unregister(secret-id)
>>
>> this application secret-id is never seen by any other application though.
>> The hub will maintain a separate and parallel list of ids
>> which serve as public identifiers for each application to use for
>> instance as return values for the getApplicationIds() method.
>
> Good point - I'll make that change. Can you think of a situation where an
> application would need to know its own public-id?
It is probably wise to make that information available, for instance
there may be messages which pass around the public IDs of an application
which originated a data object, and the originating application might
need to identify itself in this context. In which case it looks like
(secret-id,public-id) = register*(hub-secret)
more or less as you originally proposed, but the secret-id is still
the one which the application passes to the hub for each call.
IIRC this also addresses a point made earlier by Doug(?) to the
effect that an application shouldn't have to pass its public ID
to the hub each time, since the hub should know it and can fill it in.
--
Mark Taylor Astronomical Programmer Physics, Bristol University, UK
m.b.taylor at bris.ac.uk +44-117-928-8776 http://www.star.bris.ac.uk/~mbt/
More information about the apps
mailing list