Chromium Code Reviews Chromium Code Reviews
Issue 1261403003:
Initial skeletal implementation of the PrincipalService. Also, use the Login()/GetUserBlessing() (Closed)
Base URL: https://github.com/domokit/mojo.git@master| Index: mojo/services/vanadium/security/public/interfaces/principal.mojom |
| diff --git a/mojo/services/vanadium/security/public/interfaces/principal.mojom b/mojo/services/vanadium/security/public/interfaces/principal.mojom |
| new file mode 100644 |
| index 0000000000000000000000000000000000000000..0d933a5f5f64a319777d191c300d12ea605f471d |
| --- /dev/null |
| +++ b/mojo/services/vanadium/security/public/interfaces/principal.mojom |
| @@ -0,0 +1,69 @@ |
| +// Copyright 2015 The Chromium Authors. All rights reserved. |
| +// Use of this source code is governed by a BSD-style license that can be |
| +// found in the LICENSE file. |
| + |
| +module mojo; |
| + |
| +// Represents the name of an application. |url| is the url of the |
| +// application. |qualifier| is a string that allows to tie a specific |
| +// instance of an application to another. |
| +struct AppName { |
|
ataly
2015/07/31 19:04:04
Should this be called "AppInstanceName"?
(In the c
gauthamt
2015/07/31 20:24:16
Done.
|
| + string url; |
| + string? qualifier; |
| +}; |
| + |
| +// Signature represents a digital signature of a message. |
| +struct Signature { |
| + // Purpose of the signature. Can be used to prevent type attacks. |
| + // The actual signature (R, S values for ECDSA keys) is produced by signing |
| + // Hash(Hash(message), Hash(Purpose)). |
| + array<uint8> purpose; |
| + // Cryptographic hash function applied to the message before computing |
| + // the signature. |
| + enum Hash { |
| + SHA1Hash = 1, |
| + SHA256Hash, |
| + SHA384Hash, |
| + SHA512Hash, |
| + }; |
| + Hash hash; |
| + // Pair of integers that make up an ECDSA signature |
| + array<uint8> r; |
| + array<uint8> s; |
| +}; |
| + |
| +// Certificate represents a human-readable name/public-key pair. The private-key |
|
ataly
2015/07/31 19:04:04
Nit: we should say human-readable name and public-
gauthamt
2015/07/31 20:24:16
Done.
|
| +// for a certificate is only available for signing operations within the principal |
| +// service application. |
| +struct Certificate { |
| + string extension; |
| + array<uint8>? publickey; |
| +}; |
| + |
| +// Blessing represents a user identity. |
|
ataly
2015/07/31 19:04:04
How about changing the comment to:
// Blessing is
gauthamt
2015/07/31 20:24:16
Done.
I'd left out binding before as we don't rea
|
| +struct Blessing { |
| + array<Certificate> chain; |
| +}; |
| + |
| +// A service that binds that user identities to an application instance running |
|
ataly
2015/07/31 19:04:04
extra "that"
gauthamt
2015/07/31 20:24:16
Done.
|
| +// in Mojo. |
| +interface PrincipalService { |
| + // Login is called by an application instance (requestor_url/qualifier) that |
|
ataly
2015/07/31 19:04:04
Nit: We use "this" application instance in the com
gauthamt
2015/07/31 20:24:16
Changed it to "Removes the user blessing for the a
|
| + // wants to get a user blessing. The service may obtain the user blessing |
| + // through a third-party authentication flow (eg:oauth2). The user blessing |
| + // is bound to a public/private key-pair that this service generates and |
| + // persists for this application instance. |
| + Login() => (Blessing? user_blessing); |
| + |
| + // Logout removes the user blessing for this application instance. |
| + Logout(); |
| + |
| + // Sign returns a signature on the message using the private key that is |
| + // persisted for this application instance. |
| + Sign(array<uint8> message) => (Signature? signature); |
| + |
| + // GetUserBlessing returns the user blessing for a given application instance. |
| + // It returns an error if the application instance has not invoked Login(). |
| + GetUserBlessing(AppName app_name) => (Blessing? user_blessing); |
| +}; |
| + |
