Personal tools

Ace:TokenStore

From Adapt

Jump to: navigation, search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Several versions of the ACE token store format exist to allow the export and interchange of tokens between the ACE Audit Manager and command line tools.

  • UNDER DEVELOPMENT*

Token Store Format

The token store serves two purposes, first it stores a list of tokens which can used to certify the integrity of an object. Second it stores linking information that links some external identifier to a token. While the token issued by an IMS contains a name used by token requesters in order to identify token responses, this may not be adequate to identify token/file pairing as files move between systems.

The proposed format is based on a modification of the arc file format.

[token-store] ::= [token-entry] | [token-store]
[token-entry] ::= [entry-header] [identifier-list] [newline] [proof-list] [newline]
[entry-header] ::= [digest-algorithm] [whitespace] [ims] [whitespace] [token-class] [whitespace] [round] [whitespace] [timestamp] [whitespace] [length] [whitespace] [newline]
[identifier-list] ::= [file-identifier] [newline]| [identifier-list]
[proof-list] ::= [proof] [newline]| [proof-list]
[proof] ::= [proof-element] | [proof-element] ':' [proof]
[proof-element] ::= [digest] | X
  • newline - carriage return \n
  • whitespace - space ' ' or tab \t charactor (TODO, specify hex)
  • round - from IMS token result, round number in which this token was generated
  • digest-algorithm - from IMS token result, algorithm used to calculate hash tree.
  • ims - ims server which issued the token.
  • token-class - from IMS token result, name of token service on IMS which issued this token
  • timestamp[1] - from IMS token result, timestamp token was issues, formated according to http://www.w3.org/TR/xmlschema-2/#dateTime-order
  • length - length of entry starting after newline containing identifiers and proof. Users should be able to seek(length) and be positioned at the next token-entry
  • file identifier - url, unix pathname, windows structure, PURL, which an external system may refer to this file as. When packaging token stores for inclusion in a zip or tar-like package, the identifier should the path to the file relative to the token store. There may be multiple identifiers, on per line in case a file has multiple references.
  • digest - hex-encoded proof element digest, length is dictated by the specified digest algorithm.

Sample Entry

SHA-256 ims.umiacs.umd.edu SHA-256-0 953886 2009-04-28T11:18:49.570-0400 318
/fatcat.jpg
http://www.myserver.com/fatcat.jpg

2770181de2b2a2ecf1de4c6c472401fcc8798f7542025764f94de1b99492e258:X
08c5fe43499eeaa3426d4b5c31524393b01209796014cab00c7591fe8497a49b:X
X:61c97995995935e60aa5bdeeff3a0ebb16cf1b694f03a0bfb991ac6bc15321d7
aa91ea42b4e4b850275ce8d0ebcca74a1d4dde6f1731bcb61adc1bd8d7e8302b:X

The above sample shows a token generated using the SHA-256 hash algorithm, generated by the sha-256-0 token service running on the server ims.umiacs.umd.edu. The token was issued on 4-28-2009 as part of round 953886. It identifies an object with two locations, the unix file '/fatcat.jpg' and a url 'http://www.myserver.com/fatcat.jpg'.

Checkm Interop

Possible ways to integrate with checkm.

  1. Require checkm filename match at least one identifier listed for a token
  2. Create a checkm profile which allows ACE tokenstores to be labeled in a checkm manifest.

Notes

[1] Please note, the timestamp is just for metadata purposes and should not be trusted as it is not cryptographically linked to the proof. To assert the date of a token, you must show a link to a trusted witness value