Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1453)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: mojo/services/vanadium/security/public/interfaces/principal.mojom

Issue 1261403003: Initial skeletal implementation of the PrincipalService. Also, use the Login()/GetUserBlessing() (Closed) Base URL: https://github.com/domokit/mojo.git@master
Patch Set: indentation Created 5 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« examples/bank_app/customer.cc ('K') | « mojo/services/vanadium/security/public/interfaces/BUILD.gn ('k') | services/BUILD.gn » ('j') | services/vanadium/security/principal_service.go » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: mojo/services/vanadium/security/public/interfaces/principal.mojom
diff --git a/mojo/services/vanadium/security/public/interfaces/principal.mojom b/mojo/services/vanadium/security/public/interfaces/principal.mojom
new file mode 100644
index 0000000000000000000000000000000000000000..8c22b3f726669fbc506d1765c394a411be1e3b11
--- /dev/null
+++ b/mojo/services/vanadium/security/public/interfaces/principal.mojom
@@ -0,0 +1,46 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+module vanadium;
+
+// Represents the name of an application. |url| is the url of the
+// application. |qualifier| is a string that allows to tie a specific
+// instance of an application to another.
+struct AppInstanceName {
+ string url;
+ string? qualifier;
+};
+
+// Certificate represents a human-readable name and public-key pair. The private-key
+// for a certificate is only available for signing operations within the principal
+// service application.
+struct Certificate {
+ string extension;
+ array<uint8>? publickey;
ashankar 2015/08/19 05:50:38 Should we mention that this is the DER representat
gautham 2015/08/19 17:45:51 Done.
+};
+
+// Blessing is a credential binding a user identity to a public key. The corresponding
+// private key is only available for signing within the PrincipalService application.
+struct Blessing {
+ array<Certificate> chain;
+};
+
+// A service that binds user identities to an application instance running in Mojo
+interface PrincipalService {
+ // Login is called by an application instance (requestor_url/qualifier) that
+ // wants to get a user blessing. The service may obtain the user blessing
+ // through a third-party authentication flow (eg:oauth2). The user blessing
+ // is bound to a public/private key-pair that this service generates and
+ // persists for this application instance. Returns null if login fails.
+ Login() => (Blessing? user_blessing);
+
+ // Removes the user blessing for the application instance that invokes the
+ // Logout method.
+ Logout();
+
+ // GetUserBlessing returns the user blessing for a given application instance.
+ // It returns an error if the application instance has not invoked Login().
+ GetUserBlessing(AppInstanceName app) => (Blessing? user_blessing);
+};
+
« examples/bank_app/customer.cc ('K') | « mojo/services/vanadium/security/public/interfaces/BUILD.gn ('k') | services/BUILD.gn » ('j') | services/vanadium/security/principal_service.go » ('J')

Powered by Google App Engine
This is Rietveld 408576698