Cryptographic authentication of VOEvents
Steve Allen
sla at ucolick.org
Mon Sep 10 11:00:31 PDT 2012
On Mon 2012-09-10T10:42:19 +0200, John Swinbank hath writ:
> In particular, I'm worried about barrier-to-entry. Signing a bucket
> o' bytes has the advantage of simplicity; XML-DSig has the advantage
> of the W3C behind it, and consequent (presumed, at least) legitimacy
> and library support.
One of the features of XML-DSig is the ability to sign only some
portions of the document, or to let multiple different agents sign
different portions. That could allow an authentication agent to sign
only Who and WhereWhen as a means to verify priority of discovery.
In order to avoid the issues of changing URIs the signature could omit
any Reference elements.
Yes, there is a complexity here that makes a barrier to entry, largely
because applying signatures to only portions of documents wants a
consensus on the use cases for those signed VOEvent documents.
--
Steve Allen <sla at ucolick.org> WGS-84 (GPS)
UCO/Lick Observatory--ISB Natural Sciences II, Room 165 Lat +36.99855
1156 High Street Voice: +1 831 459 3046 Lng -122.06015
Santa Cruz, CA 95064 http://www.ucolick.org/~sla/ Hgt +250 m
More information about the voevent
mailing list