Identity validation / security service #7
Description
Add a service to provide validation for messages. We have an open system so it is possible to add new devices and users dynamically. The problem is that since messaging protocol (in Magix) is open, it is possible for malicious user to send a fake message to a device.
The idea is to add a fingerprint field to a message, containing kind of checksum for the payload. The fingerprint should be unique to a payload and user so it is possible to identify that a message indeed is sent by given user.
The task is the following:
- Decide which validation algorithm to use (minimizing encoding/checking time).
- Design a way for validation keys to be distributed. Probably there should be a service that has autorisation and stores all public keys for all registered users. So someone, who wants to check the signature, request validation service for a public key and checks that message user name corresponds to the fingerprint.
- Obviously there should be a way to validate messages from authorisation service. I thin it should be off-loop. Just an external REST service with pre-defined address.
- Implement basic validation implementation form MagixEndpoint.