github.com/jlmucb/cloudproxy@v0.0.0-20170830161738-b5aa0b619bc4/go/support_infrastructure/domain_service/README.md

github.com/jlmucb/cloudproxy@v0.0.0-20170830161738-b5aa0b619bc4/go/support_infrastructure/domain_service/README.md (about)

     1  This is the full function version of the Domain service.  It consists of two services.
     2  
     3  The Program Key Domain Service receives attestations from CP programs and signs ProgramKeys.
     4  Before signing Program keys the service:
     5  	(1) Checks the program identity against the domain program database;
     6  	(2) Checks that the endorsement cert valid and that neither the endorsement key
     7  	    or its signer key has been revoked;
     8  	(3) Retrieves machine characteristics based on endorsement cert;
     9  	(4) Checks that the security characteristics for the machine meets domain
    10  	    policy;
    11  	(5) Retrieves the validity period for the domain;
    12  	(6) Adds policy characteristics based on the machine and location to the Program cert.
    13  
    14  The Revocation Service returns information about revoked certificates previously issued by
    15  the Program Key Domain Service.
    16  
    17  Both services implement logs of all requests and responses.
    18