Trust Management for the World Wide Web



Yüklə 0,79 Mb.
səhifə12/13
tarix26.09.2018
ölçüsü0,79 Mb.
#70469
1   ...   5   6   7   8   9   10   11   12   13

5.4An Execution Trace


This section presents a detail execution trace from my reference REFEREE implementation in the Jigsaw proxy. The REFEREE execution environment is provided with the following bootstrapping information:

identifier

code-fragment

language name

download-applet




http://www.w3.org/PICS/Profiles092/

http://www.w3.org/PICS/Profiles092/




http://www.javasoft.com/jdk1.1/

load-label




http://www.javasoft.com/jdk1.1/

endorse-label


http://www.javasoft.com/jdk1.1/

The bootstrapping statement-list is null, meaning no trusted assertions are unconditionally trusted. Download-applet binds to the following Profiles-0.92 policy:

Policy in English



Download the code from this URL only if a label from either the HTTP header stream or from the bureau "bureau.pcworld.com" says it is virus free (v > 8) according to MIT Code Safety rating, and that rater of the label is endorsed by the MIT auditor.

Profiles-0.92

(invoke "load-label" STATEMENT-LIST URL

"http://web.mit.edu/ratings/CodeSafety.html"

(ALONG-WITH, "http://bureau.pcworld.com"))

(invoke "endorse-label" STATEMENT-LIST


"mailto:auditor@mit.edu" ("http://bureau.mit.edu/"))
(false-if-unknown

(match (("endorse-label" *)


("mailto:auditor@mit.edu" *
((version PICS-1.1) *
(service "http://web.mit.edu/ratings/CodeSafety.html") *
(ratings * (RESTRICT > v 8) * ))))
STATEMENT-LIST))

There are three modules used here, download-applet (interpreted by the Profiles-0.92 interpreter), load-label, and endorse-label. Download-applet module is the top-level module called by the REFEREE filter to interpret the policy shown above. Load-label module fetches labels from the network. Endorse-label module vouches for labels with raters endorsed by a named auditor. The exact behaviors of the three modules are explained in Section 5.3. Figure 17 shows the order in which the REFEREE modules are invoked.

Figure 17 Sample REFEREE Implementation

After the REFEREE filter bootstraps the REFEREE execution environment (step 1), the REFEREE filter is ready to trap requests from the Jigsaw proxy and make queries to the execution environment. When the filter invokes REFEREE with the action name download-applet (step 2), REFEREE queries its module database and gets the module containing the pair download-applet policy and the Profiles-0.92 interpreter (step 3).

The first line of the download-applet policy invokes load-label (step 4). Now assume load-label actually gets one label from the label bureau "http://www.pcworld.com" (step 5) and returns the following to download-applet:

tri-value = true


statement-list = ((()
((version "PICS-1.1")
(service "http://web.mit.edu/ratings/CodeSafety.html")
(by "mailto:mstrauss@research.att.com")
(original (PICS-1.1 ...))
(ratings (s 7) (v 9)))))

Load-label returns true, because a label is found. The statement-list contains a single statement describing the PICS label. The context of the statement is empty, because it is produced by the load-label module itself. The caller download-applet records this statement by prepending the name of the called module, "load-label," onto the context of the statement:

statement-list = ((("load-label")


((version "PICS-1.1")
(service "http://web.mit.edu/ratings/CodeSafety.html")
(by "mailto:mstrauss@research.att.com")
(original (PICS-1.1 ...))
(ratings (s 7) (v 9)))))

onto its local copy of the statement-list.

Now download-applet proceeds to the second line, invoking the module endorse-label to check for an endorsement (step 6). Assuming the endorsing label is found, endorse-label returns a statement-list that gets "endorse-label" prepended to the context, resulting in the following:

tri-value = true


statement-list = ((("endorse-label" "load-label")
(("mailto:auditor@mit.edu")
((version "PICS-1.1")
(service "http://web.mit.edu/ratings/CodeSafety.html")
(by "mailto:mstrauss@research.att.com")
(original (PICS-1.1 ...))
(ratings (s 7) (v 9))))))

Again, the string "endorse-label" is added to the context of this statement to indicate that the rater "mailto:mstrauss@research.att.com" is approved by endorse-label policy. The passed content is wrapped in an expression containing "mailto:auditor@mit.edu", the name of the auditor.

Finally, download-applet proceeds to the last line to check ratings. The match looks for a context with "endorse-label"—if it is missing, the match fails. Because the match succeeds, download-applet returns to the application a tri-value of true and a statement-list of the statements produced by the matcher:

tri-value = true


statement-list = ((("endorse-label" "load-label")
(("mailto:auditor@mit.edu")
((version "PICS-1.1")
(service "http://web.mit.edu/ratings/CodeSafety.html")
(by "mailto:mstrauss@research.att.com")
(original (PICS-1.1 ...))
(ratings (s 7) (v 9))))))

The returned values say the download-applet action should be taken (tri-value is true), and it is justified by the endorsed PICS label in the statement-list. They are returned to the REFEREE filter (step 7), and the filter returns a null reply object to the proxy Client API. The null reply allows the request to resume processing in the Jigsaw proxy.



Yüklə 0,79 Mb.

Dostları ilə paylaş:
1   ...   5   6   7   8   9   10   11   12   13



Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©genderi.org 2024
rəhbərliyinə müraciət
    Ana səhifə
Psixologiya