Wednesday, April 30, 2008

Visual Identity

Just came across Vittorio's notation for visually representing web services security keys, signatures, and encryption.

Very nice.

As Vittorio points out, the diagrams can give a sense of key management scaling issues
Here you can clearly see that a client needs to own the public keys of every service it wants to deal with; furthermore, it is clear that the service can use the client's public key found in the message and it doesn't need to keep in the local store the public keys of all possible clients.

The private/secret crypto division of labour that enables scaleable key management and efficient processing is captured in the wonderfully concise

Scalability issues arise if you encrypt or sign directly with a static
which motivates
Madsen's Law of Security & Fashion: Blue before green should never be seen.

I can imagine adding an extra visual layer for the identifiers & attributes that the messages would carry. The notation for identifiers would indicate the entity for which they are targetted/directed. That for attributes could indicate the source.

1 comment:

vibro said...

Thanks :-)
I've given up the colors after some times in which I had to print diagrams in B/W

Cheers,
Vittorio