Shared secret declaration. Insert into the domain data to install the
extension. For example (assuming a m-ld
as declared in the
MeldConfig of the clone
a raw AES key, e.g.
Use to register each principal with access to the domain, for example
(assuming a m-ld
clone.write(MeldAclTransportSecurity.registerPrincipal( 'https://alice.example/profile#me', alicePublicKeySpki));
the principal's identity. As for all domain data, the
principal's IRI can be relative (e.g.
DER & SPKI encoded public key belonging to the principal
This extension allows an app to encrypt and apply digital signatures to m-ld protocol network traffic.
For encryption, a secret key is included in the domain data (using declareSecret, or an equivalent write), and is required to decrypt all operations on the domain. The secret can only be obtained by joining the domain, which in turn requires that the requester is registered as a principal in the domain.
Registering a principal requires that the user has a public/private key pair. The public key is registered in the domain using registerPrincipal (or an equivalent write), e.g.
To use transport security, every local clone in the access-controlled domain must be initialised with the following members of the
transportSecuritymember. (This extension cannot be loaded dynamically because transport security must be available before the clone can connect to the domain.)
principal, that represents the current logged-in user. This object will sign data using RSASSA-PKCS1-v1_5 on the extension's request. E.g.: