-
Notifications
You must be signed in to change notification settings - Fork 59
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Need a representation of authenticity #129
Comments
Issuer and Realm should be covered by the meta.source property, no? As for checksum, I don't see how putting a checksum in the message really solves anything. If I were a malicious third party and was able to tamper with the message en route, then I could also tamper with the checksum property. So we're back to square one. Essentially, the problem can't be solved internally within the protocol, but externally, in infrastructure. For instance, you could expect a producer to keep a record of what it produced recently. Then, upon receiving a request, if you want to be really sure, you ask the producer, "Did you just produce an event with checksum X?". That could be a feature in Remrem. |
Ok, I'm with you. And then your use of Issuer would be to select the correct decryption key, which is different from current use of meta.source. How about an optional meta.authentication object, containing issuer, realm and encryptedChecksum? |
After a review of the needed security features:
Therefore it is not a feasible suggestion to insert security related information as an optional subset of all messages but make it a mandatory part of events with specific security classing. The reason for classify specific events as secure is to ease the identification of those for validation purpose and ease information handling that wants to reach certain security levels. The ideas here will be the basis for a new proposal where not only secure event types are defined but also the corresponding validation and mechanisms for definitions of authorities. I suggest this issue to be closed. |
I disagree, I don't think the issue should be closed. Supporting authenticity is a valid concern, the only question is how. But when considering how, it is important to keep in mind that we are here strictly limited to the protocol. What features may we design into the protocol such that authentication of messages is facilitated? You are proposing the inclusion of checksum and issuer information - that seems reasonable, let's look at a concrete proposal of that linked to this issue. As for optional/mandatory. From the point of view of a specific implementation, what you suggest makes sense: adopting Eiffel in my organization I want to ensure that certain sensitive events are authenticated before I process them. That decision may not be the same for you in your organization. In other words, it needs to be an optional part of any event - which you may then require in your particular case. |
As per issue eiffel-community#129. This commit adds support for using the Strong Distribution Model for ensuring the integrity of events and authenticity of event authors. This is achieved via an optional meta.security.sdm object, with two required properties: authorIdentity and encryptedDigest. Schemas have been updated accordingly, and one example (ArtP) provided.
As per issue #129. This commit adds support for using the Strong Distribution Model for ensuring the integrity of events and authenticity of event authors. This is achieved via an optional meta.security.sdm object, with two required properties: authorIdentity and encryptedDigest. Schemas have been updated accordingly, and one example (ArtP) provided.
When Eiffel flow is moving closer to the release stage and into delivery, the importance of each event will increase. To safeguard the quality of the pipeline, a way to validate an events authenticity is crucial.
The reason for introducing this issue now is that it has an impact for all messages even though the first usage is not likely to be found in any of the existing CI based flows.
One way to do this is to introduce an optional field in the "meta" area consisting of the following:
In order to have a complete control of secure event handling, an external register of "autorized Issuers per Object" is needed. That particular system is left open for further design.
The text was updated successfully, but these errors were encountered: