Protocol Operations are defined via ocaml-like interface definition syntax
caveat : Exp int
holder : id -> sk -> holder
trust-checker : id -> boolean
pubs : id -> pk
forge : holder -> subject -> capability -> caveat list -> certificate
delegate : holder -> subject -> certificate -> capability -> caveat list -> certificate
invoke : holder -> certificate -> caveat* -> action -> malformed | bad-id | invocation
ids : invocation -> id list
action : invocation -> action
capabilities : invocation -> (root-id, capability list)
validator : trust-checker -> pubs -> validator
validate : validator -> invocation -> now -> ok | malformed | bad-id | invalid | bad-sign | expired
headers = issuer subject exp?
certificate = certificate? headers capability signature
invocation = certificate+ exp? action signature
Headers are encoded as Protofuf v3 Message + Base64url
Capabilities and action are opaque to protocol, so they just byte arrays encoded by Base64url
Certificate
signature = sign(payload.subject-pk, issuer-sk)
Invocation
signature = sign(payload, issuer-sk)
Verifier
- Checks that root-issuers are trusted
- Resolves subjects in certificates to subject-pks
- Checks every certificate in chain by
(verify(payload))
Verifier
- Resolves subjects of certificate-chains to subject-pks
- Checks that all subject-pks of top-level certificates are the same
- Verifies invocation signature by
verify(payload, subject-pk) - Verifies signatures of every certificate
- not chain signature friendly
- freedom in protocol evolution. For example, we would consider Signature Aggregation algorithms like BLS in the future