[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SPKI verification in pseudocode
You can find below a sketch of a pseudocode for verifying if `self' has
authorised `requested_action' for `subject'. It returns true/false. It
does this by reading the sequence construct `seq' that has been supplied
by the subject or perhaps built by the verifier itself. All syntax
checks have been omitted.
This reflects my current understanding of the draft. Here most of the
intelligence needed has been transferred from the verifier to the
subject. Note that the function fails if the sequence has irrelevant
It does not support threshold subjects. We will probably need a more
complex mechanism for that.
I've used a Python-like pseudocode. I hope you can follow.
- Markku-Juhani Saarinen <email@example.com>
-- start of the pseudocode --
def permission(seq, self, subject, requested_action):
i = 1 # the 0th element should read 'sequence'
last_obj = NULL # the last object encountered
red_5tuple = NULL # the current 5-tuple
# walk trough the sequence
while i < len(seq):
switch seq[i]: # this is the first element in each sublist
# i.e. the object identifier
last_obj = seq[i]
if seq[i] == 'hash':
# seq[i] should give the name of the hash algorithm
this_5tuple = 5tupleize(related_certificate(seq[i]))
# reduce the current 5 tuple
if red_5tuple == NULL:
red_5tuple = this_5tuple
red_5tuple = 5_tuple_reduction(red_5tuple, this_5tuple)
# ok, proceed in the list
i = i + 1
# ok, we have read the sequence.
# see if it permits the requested action for the subject
if red_5tuple.issuer != self or red_5tuple.subject != subject:
if time() not in red_5tuple.valid:
if intersection(red_5tuple.auth, requested_action) != requested_action: