Modules | |
| Communication Access Rights | |
Detailed Description
Our blog discusses much background in the Access Control series and in the Identity series.
We define several novel features to constrain communication patterns with black/grey/white lists and even a honeypot sidetrack. ARPA2 Selectors can be used to require certain remotes, such as those under a domain name, or those with a base identity thereunder.
We also define a form of signature in an ARPA2 Identity, which may incorporate aspects of the communication pattern, to allow the restricted use of a local identity. Aspects that may be included in the signature are the remote domain, remote userid, an expiration day, topics or subject strings – when included, they must match on new submissions in order to be welcome. This allows the creation of addresses that cannot be handed over at will.
The signature framework works in two phases; first, a signature is always validated and blocked when it is wrong, but both absent and correct signatures pass; second, access control can require a minimum set of signature flags, thereby also requiring a signature, when an Access Rules for Communication thinks it is a good idea, such as for the catch-all "@." or a particularly suspect remote.
