Markus, thank you for the follow up. 2010/6/16 Markus Sabadello <[email protected]>
> Hello Nuno, > > In the meantime there has been some discussion on the OASIS XDI TC list on > these access control questions: > > http://lists.oasis-open.org/archives/xdi/201005/msg00004.html > http://lists.oasis-open.org/archives/xdi/201006/msg00007.html > > The consensus seems to be that there can be different ways in which people > can authenticate to an XDI endpoint (e.g. by signature, password, OAuth > token, etc). And that - like you suggest - if the XDI endpoint "belongs to > you", link contract enforcement is bypassed. > > Markus > > > On Wed, May 19, 2010 at 2:32 AM, Nuno Rosa <[email protected]> wrote: > >> Hi Markus. >> >> Yes it really helped. I forgot to decode the key string. >> >> In the meanwhile if you could give a clarification on that flow: >> The message structure we send to the i-broker to retrieve account details >> (http://www.ibrokerkit.com/components/XdiFrontExamples/) >> >> =web*markus >> $is$a >> = >> $password >> "secret" >> $get >> / >> =web*markus >> +city >> +country >> >> >> If a subject has a $password predicate should the sender always be capable >> to operate on it (providing the secret) without signing the message and >> avoid link contracts? >> Will it be a part of XDI specification or let for implementors to decide? >> >> Thank you, >> Nuno R. >> >> 2010/5/19 Markus Sabadello <[email protected]> >> >> Hello Nuno, >>> >>> First of all, this is EXACTLY what we in the XDI world are envisioning, >>> i.e. a flow like this: >>> 1. User (or web service acting on behalf of user) retrieves >>> private/public key pair associated with the i-name. This is done by sending >>> an XDI message to the i-broker (e.g. freexri.com) that includes the >>> i-name's password >>> 2. User (or web service acting on behalf of user) can now send signed XDI >>> messages to XDI endpoints. >>> 3. XDI endpoints can discover the user's certificate using XRI resolution >>> and therefore verify the incoming XDI messages. >>> >>> Now to your question: >>> >>> I'm not familiar with the methods you are using. I normally do it like >>> this: >>> >>> import java.security.KeyFactory; >>> import java.security.PrivateKey; >>> import java.security.spec.PKCS8EncodedKeySpec; >>> >>> import org.apache.commons.codec.binary.Base64; >>> import org.eclipse.higgins.xdi4j.Graph; >>> import org.eclipse.higgins.xdi4j.messaging.Message; >>> import org.eclipse.higgins.xdi4j.messaging.MessageEnvelope; >>> import org.eclipse.higgins.xdi4j.messaging.Operation; >>> import org.eclipse.higgins.xdi4j.signatures.Signatures; >>> import org.eclipse.higgins.xdi4j.xri3.impl.XRI3Segment; >>> >>> public class Test { >>> >>> public static final String ENCRYPTION_ALGORITHM = "RSA"; >>> >>> public static void main(String[] args) throws Exception { >>> >>> String strKey = "MIIEwAI....."; >>> >>> KeyFactory keyFactory = >>> KeyFactory.getInstance(ENCRYPTION_ALGORITHM); >>> PKCS8EncodedKeySpec privateKeySpec = new >>> PKCS8EncodedKeySpec(Base64.decodeBase64(strKey.getBytes())); >>> PrivateKey privateKey = >>> keyFactory.generatePrivate(privateKeySpec); >>> >>> MessageEnvelope envelope = MessageEnvelope.newInstance(); >>> Message message = envelope.newMessage(new >>> XRI3Segment("=markus")); >>> Operation operation = message.createGetOperation(); >>> Graph operationGraph = operation.createOperationGraph(null); >>> operationGraph.createStatement(new XRI3Segment("=markus"), new >>> XRI3Segment("+email")); >>> >>> Signatures.sign(message.getSubject(), privateKey); >>> >>> System.out.println(envelope.toString()); >>> } >>> } >>> >>> Does that help? Let me know if you still have trouble or other >>> questions.. >>> >>> Markus >>> >>> On Tue, May 18, 2010 at 12:24 PM, Nuno Rosa <[email protected]>wrote: >>> >>>> Hi, >>>> >>>> freexri.com issued a certificate associated with my i-name and i got a >>>> private key to sign messages and grant authenticity; >>>> but i'm having a hard time trying to sign xdi message envelopes. >>>> Here's a snippet of my code: >>>> >>>> final String strKey = "MIIEvwIBADANB...." >>>> [...] >>>> DerValue dv = new DerValue(strKey); >>>> envelope.sign(PKCS8Key.parseKey(dv)); >>>> >>>> >>>> it throws the following error: >>>> >>>> *Exception in thread "main" java.io.IOException: corrupt private key* >>>> * **at sun.security.pkcs.PKCS8Key.parseKey(PKCS8Key.java:104)* >>>> * >>>> * >>>> * >>>> * >>>> Can you give me some hints, example on how to sign it? >>>> >>>> Best regards, >>>> Nuno R. >>>> >>>> _______________________________________________ >>>> higgins-dev mailing list >>>> [email protected] >>>> https://dev.eclipse.org/mailman/listinfo/higgins-dev >>>> >>>> >>> >>> _______________________________________________ >>> higgins-dev mailing list >>> [email protected] >>> https://dev.eclipse.org/mailman/listinfo/higgins-dev >>> >>> >> >> _______________________________________________ >> higgins-dev mailing list >> [email protected] >> https://dev.eclipse.org/mailman/listinfo/higgins-dev >> >> > > _______________________________________________ > higgins-dev mailing list > [email protected] > https://dev.eclipse.org/mailman/listinfo/higgins-dev > >
_______________________________________________ higgins-dev mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/higgins-dev
