Apps Messaging: security

[John Taylor]

On 10 Apr 2007, at 13:15, Mark Taylor wrote:

> On Tue, 10 Apr 2007, John Taylor wrote:
>>> John,
>>> I think this is what I proposed before, but if we're starting from
>>> scratch it can be a bit simpler: the register message is
>>>
>>>   secret-id = register*(hub-secret)
>>> and the returned secret-id is used, as per your existing method  
>>> signatures, as sender identification for every communication  
>>> between the application and the hub, e.g.
>>>
>>>   unregister(secret-id)
>>> this application secret-id is never seen by any other application  
>>> though. The hub will maintain a separate and parallel list of ids
>>> which serve as public identifiers for each application to use for
>>> instance as return values for the getApplicationIds() method.
>>
>> Good point - I'll make that change.  Can you think of a situation  
>> where an application would need to know its own public-id?
>
> It is probably wise to make that information available, for instance
> there may be messages which pass around the public IDs of an  
> application
> which originated a data object, and the originating application might
> need to identify itself in this context.  In which case it looks like
>
>    (secret-id,public-id) = register*(hub-secret)
>

Yes, that's probably better than providing a

public-id=getPublicId(secret-id)

which would be vulnerable to brute force.  Alternatively, we could  
define the public id of an app to be a digest of the private id.  Too  
complicated?


> more or less as you originally proposed, but the secret-id is still  
> the one which the application passes to the hub for each call. IIRC  
> this also addresses a point made earlier by Doug(?) to the effect  
> that an application shouldn't have to pass its public ID to the hub  
> each time, since the hub should know it and can fill it in.
>
> -- 
> Mark Taylor   Astronomical Programmer   Physics, Bristol  
> University, UK
> m.b.taylor at bris.ac.uk +44-117-928-8776 http://www.star.bris.ac.uk/ 
> ~mbt/
>