mojo/services/vanadium/security/public/interfaces/principal.mojom - Issue 1261403003: Initial skeletal implementation of the PrincipalService. Also, use the Login()/GetUserBlessing()

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: mojo/services/vanadium/security/public/interfaces/principal.mojom

Issue 1261403003: Initial skeletal implementation of the PrincipalService. Also, use the Login()/GetUserBlessing() (Closed) Base URL: https://github.com/domokit/mojo.git@master

Patch Set: code-review comments Created 5 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: mojo/services/vanadium/security/public/interfaces/principal.mojom

diff --git a/mojo/services/vanadium/security/public/interfaces/principal.mojom b/mojo/services/vanadium/security/public/interfaces/principal.mojom

new file mode 100644

index 0000000000000000000000000000000000000000..9c58834801e7adac99767c3dc0a137cc84896112

--- /dev/null

+++ b/mojo/services/vanadium/security/public/interfaces/principal.mojom

@@ -0,0 +1,49 @@

+// Use of this source code is governed by a BSD-style license that can be

+// found in the LICENSE file.

+module vanadium;

+// Represents the name of an application. |url| is the url of the

+// application. |qualifier| is a string that allows to tie a specific

+// instance of an application to another.

+struct AppInstanceName {

+ string url;

+ string? qualifier;

+};

+// Certificate represents a human-readable name and public-key (DER encoded) pair.

+// The private-key for a certificate is only available for signing operations

+// within the principal service application.

+struct Certificate {

+ string extension;

+ array<uint8>? publickey;

+};

+// Blessing is a credential binding a user identity to a public key. The corresponding

+// private key is only available for signing within the PrincipalService application.

+struct Blessing {

+ array<Certificate> chain;

+};

+// ChainSeparator is the separator used to join name extensions in a certificate chain.

+const string ChainSeparator = "/";

+// A service that binds user identities to an application instance running in Mojo

+interface PrincipalService {

+ // Login is called by an application instance (requestor_url/qualifier) that

+ // wants to get a user blessing. The service may obtain the user blessing

+ // through a third-party authentication flow (eg:oauth2). The user blessing

+ // is bound to a public/private key-pair that this service generates and

+ // persists for this application instance. Returns null if login fails.

+ Login() => (Blessing? user_blessing);

+ // Removes the user blessing for the application instance that invokes the

+ // Logout method.

+ Logout();

+ // GetUserBlessing returns the user blessing for a given application instance.

+ // It returns an error if the application instance has not invoked Login().

+ GetUserBlessing(AppInstanceName app) => (Blessing? user_blessing);

+};

« no previous file with comments | « mojo/services/vanadium/security/public/interfaces/BUILD.gn ('k') | services/BUILD.gn » ('j') | no next file with comments »