Discover Vendors/Products News
How Apache & Plan 9 will defeat Microsoft's Passport
These keys are related via a hypothetical mathematical construct known as a one-way function. In these, the computational cost of creating two keys is trivial but the computational cost of finding the second key from knowledge of the first is thought to be very high. Thus a PKI user can publish one key while keeping the other secret, thereby creating a situation in which the ability to decrypt something with the public key asserts that it was encrypted with the private key and, by extension, can only be the work of the only holder of that private key. This therefore ensures that the sender cannot repudiate the encrypted data and so amounts to a digital signature.
One of the most interesting things about this specification is its use of SAML (Security Assertion Markup language) to define and control the messaging structures used in an actual implementation of the specification. Full details, including protocols and the SAML schemas needed, are available at https://www.projectliberty.org/ but, basically, the liberty specification handles authorization in a three-stage process with all communications structured via SAML and flowing through the user's browser or other software agent.
The link for this article located at LinuxWorld is no longer available.