Right now, Identity objects are HashedObject derivatives and are stored as any other object. They contain some information about the holder of the identity -just an info map, I usually use just two fields (info.name and info.type) but it's really application defined- and a key pair. Whenever an object is assigned an author (by means of obj.setAuthor(id), when it is saved in the store that id object will be looked up in the store and used to cryptographically sign obj. Hence the store is functioning as an identity & key store as well. A trick is used to prevent the private part of the key pair being synchronized whenever the identity is sent to other peers: the hash of the private part is replaced by a custom computation that's done on-the-fly, so that the Identity object has no hash-references pointing to the private key that would make the synchronizer to actually send it.
I'd like to move the identity / signing part to a different module, and allow for the application to impose limitations to what things can be signed with each loaded identity. I'd also like to make this more explicit, and not rely on any exceptional behavior.
Right now,
Identityobjects areHashedObjectderivatives and are stored as any other object. They contain some information about the holder of the identity -just an info map, I usually use just two fields (info.nameandinfo.type) but it's really application defined- and a key pair. Whenever an object is assigned an author (by means ofobj.setAuthor(id), when it is saved in the store thatidobject will be looked up in the store and used to cryptographically signobj. Hence the store is functioning as an identity & key store as well. A trick is used to prevent the private part of the key pair being synchronized whenever the identity is sent to other peers: the hash of the private part is replaced by a custom computation that's done on-the-fly, so that theIdentityobject has no hash-references pointing to the private key that would make the synchronizer to actually send it.I'd like to move the identity / signing part to a different module, and allow for the application to impose limitations to what things can be signed with each loaded identity. I'd also like to make this more explicit, and not rely on any exceptional behavior.