Alternatie proposal for digital signatures

Roy Williams roy at cacr.caltech.edu
Wed Mar 12 16:06:30 PDT 2008 

Bob
As VOEvent Chair, I thank you for joining our group, it is high time we 
became involved with smaller observatories. Thank you particularly for 
this excellent report on a signature system for VOEvents.

May I ask if you could build the report like an IVOA Note (see examples 
in [1]) and submit it that way? It means either HTML or a Word document 
with the recommended styling [2]. This makes your contribution much more 
visible.

Our upcoming Interop meeting is 19-23 May, in Trieste, Italy. We will 
have a VOEvent session on signatures, and I invite you to talk there if 
you could manage to get all that way!

Once again, welcome!
Roy


[1] http://www.ivoa.net/Documents/
[2] http://www.ivoa.net/Documents/latest/DocStdProc.html




Bob Denny wrote:
> Hello all --
>
> First let me introduce myself - I'm a software developer making my living (for
> 10 years) doing a commercial off-the-shelf automation system for small and
> medium sized observatories. I attended the Hotwiring workshop and enjoyed it
> thoroughly. I have finally been able to act on my wishes (and customer
> requests!) and have created a VOEvent receiver for my dispatch scheduling
> software. I want to thank Alasdair Alan for his recent copious help in getting
> me off the ground in that endeavour.
>
> In the course of developing the receiver I realized, like the rest of you, that
> VOEvent messages need digital signatures. I read though the archived traffic
> here to see where the thought processes are, and I recalled Steve Allen's
> digisig paper at Hotwiring (which I got a copy of via the just-published
> proceedings).
>
> I thought I'd take a pass at digital signatures, with the goals of:
>
> * Elective implementation at the originating and receiving end
> * No impact on the VOEvent message or schema; decoupled from issues like
>   canonicalization and schema evolution
> * No impact on existing parsers
> * Flexible/adaptable trust model
> * Minimal implementation requirements
> * Use of free/open-source tools that run on any platform (that matters)
> * No cost/low pain: no involvement with Certification Authorities
>
> I designed and built a working model so as to prove its feasibility and check
> speed issues. I talked with one of your members this morning and he encouraged
> me to post it here for discussion. So...
>
> http://solo.dc3.com/~rdenny/VoDigiSig.pdf   (informal/unpublished paper)
> http://solo.dc3.com/~rdenny/VoDigiSig.zip   (sources for implementation)
>
> I should mention that any language can be used; Perl was used for the working
> model because it seems pervasively used in the astronomy community.
>
>   -- Bob
>
>
>
>   

-- 

California Institute of Technology
626 395 3670

More information about the voevent mailing list