summaryrefslogtreecommitdiff
path: root/lib/libkeynote/keynote.5
diff options
context:
space:
mode:
Diffstat (limited to 'lib/libkeynote/keynote.5')
-rw-r--r--lib/libkeynote/keynote.520
1 files changed, 2 insertions, 18 deletions
diff --git a/lib/libkeynote/keynote.5 b/lib/libkeynote/keynote.5
index d2aaed8f1f3..baa800b6cd7 100644
--- a/lib/libkeynote/keynote.5
+++ b/lib/libkeynote/keynote.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: keynote.5,v 1.6 2000/09/17 02:11:13 aaron Exp $
+.\" $OpenBSD: keynote.5,v 1.7 2001/08/06 10:42:26 mpech Exp $
.\"
.\" The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu)
.\"
@@ -68,14 +68,12 @@ Blank lines are not permitted in assertions. Multiple assertions
stored in a file (e.g., in application policy configurations),
therefore, can be separated from one another unambiguously by the use
of blank lines between them.
-.Pp
.Sh COMMENTS
The octothorp character ("#", ASCII 35 decimal) can be used to
introduce comments. Outside of quoted strings, all characters from the
"#" character through the end of the current line are ignored.
However, commented text is included in the computation of assertion
signatures.
-.Pp
.Sh STRINGS
A `string' is a lexical object containing a sequence of characters.
Strings may contain any non-NUL characters, including newlines and
@@ -120,7 +118,6 @@ leading backslash removed (e.g., "\\a" becomes "a", and "\\\\" becomes
newline\\n followed by one space."
"this string contains a newline\\012\\040followed by one space."
.Ed
-.Pp
.Sh STRING EXPRESSIONS
In general, anywhere a quoted string literal is allowed, a `string
expression' can be used. A string expression constructs a string from
@@ -137,7 +134,6 @@ parenthesized.
.Ed
The "$" operator has higher precedence than the "." operator.
-.Pp
.Sh DEREFERENCED ATTRIBUTES
Action attributes provide the primary mechanism for applications to
pass information to assertions. Attribute names are strings from a
@@ -193,7 +189,6 @@ The <DerefAttribute> token is defined as:
underscore character, followed by any number of
a-z, A-Z, 0-9, or underscore characters} ;
.Ed
-.Pp
.Sh PRINCIPAL IDENTIFIERS
Principals are represented as ASCII strings called `Principal
Identifiers'. Principal Identifiers may be arbitrary labels whose
@@ -205,7 +200,6 @@ verification.
<PrincipalIdentifier>:: <OpaqueID>
| <KeyID> ;
.Ed
-.Pp
.Sh OPAQUE PRINCIPAL IDENTIFIERS
Principal Identifiers that are used by KeyNote only as labels are
said to be `opaque'. Opaque identifiers are encoded in assertions as
@@ -216,7 +210,6 @@ strings (as defined above):
.Ed
Opaque identifier strings should not contain the ":" character.
-.Pp
.Sh CRYPTOGRAPHIC PRINCIPAL IDENTIFIERS
Principal Identifiers that are used by KeyNote as keys, e.g., to
verify credential signatures, are said to be `cryptographic'.
@@ -251,7 +244,6 @@ convention, hexadecimal encoded keys use lower-case ASCII characters.
Cryptographic Principal Identifiers are converted to a normalized
canonical form for the purposes of any internal comparisons between
them; see RFC 2704 for more details.
-.Pp
.Sh KEYNOTE-VERSION FIELD
The KeyNote-Version field identifies the version of the KeyNote
assertion language under which the assertion was written. The
@@ -269,7 +261,6 @@ version number of the KeyNote language under which they are to be
interpreted. Assertions written to conform with this document should
be identified with the version string "2" (or the integer 2). The
KeyNote-Version field, if included, should appear first.
-.Pp
.Sh LOCAL-CONSTANTS FIELD
This field adds or overrides action attributes in the current
assertion only. This mechanism allows the use of short names for
@@ -295,7 +286,6 @@ An attribute may be initialized at most once in the Local-Constants
field. If an attribute is initialized more than once in an assertion,
the entire assertion is considered invalid and is not considered by
the KeyNote compliance checker in evaluating queries.
-.Pp
.Sh AUTHORIZER FIELD
The Authorizer identifies the Principal issuing the assertion. This
field is of the form:
@@ -308,7 +298,6 @@ field is of the form:
The Principal Identifier may be given directly or by reference to the
attribute namespace.
-.Pp
.Sh LICENSEES FIELD
The Licensees field identifies the principals authorized by the
assertion. More than one principal can be authorized, and
@@ -339,7 +328,6 @@ The "&&" operator has higher precedence than the "||" operator. <K> is
an ASCII-encoded positive decimal integer. If a <PrincList> contains
fewer than <K> principals, the entire assertion is omitted from
processing.
-.Pp
.Sh CONDITIONS FIELD
This field gives the `conditions' under which the Authorizer trusts
the Licensees to perform an action. `Conditions' are predicates that
@@ -452,7 +440,6 @@ fractional component of an attribute value dereferenced as an integer
is rounded down. If an attribute dereferenced as a number cannot be
properly converted (e.g., it contains invalid characters or is empty)
its value is considered to be zero.
-.Pp
.Sh COMMENT FIELD
The Comment field allows assertions to be annotated with information
describing their purpose. It is of the form:
@@ -466,7 +453,6 @@ KeyNote. Note that this is one of two mechanisms for including
comments in KeyNote assertions; comments can also be inserted anywhere
in an assertion's body by preceding them with the "#" character
(except inside string literals).
-.Pp
.Sh SIGNATURE FIELD
The Signature field identifies a signed assertion and gives the
encoded digital signature of the principal identified in the
@@ -502,7 +488,6 @@ signature field identifier is the last character included in signature
calculation. The signature is always the last field in a KeyNote
assertion. Text following this field is not considered part of the
assertion.
-.Pp
.Sh EXAMPLES
Note that the keys and signatures in these examples are fictional, and
generally much shorter than would be required for real security, in
@@ -544,7 +529,6 @@ the interest of readability.
(address == "jf@keynote.research.att.com"));
Signature: "DSA-SHA1:8912aa"
.Ed
-.Pp
.Sh SEE ALSO
.Xr keynote 1 ,
.Xr keynote 3 ,
@@ -560,7 +544,7 @@ M. Blaze, J. Feigenbaum, J. Lacy,
M. Blaze, J. Feigenbaum, M. Strauss,
1998 Financial Crypto Conference
.El
-.Sh AUTHOR
+.Sh AUTHORS
Angelos D. Keromytis (angelos@dsl.cis.upenn.edu)
.Sh WEB PAGE
http://www.cis.upenn.edu/~keynote