SCC Overview: Difference between revisions

From JogampWiki
Jump to navigation Jump to search
No edit summary
Line 33: Line 33:


SCC then validates whether both exist and are equal as stored on the SCR.
SCC then validates whether both exist and are equal as stored on the SCR.
=== Revocation ===
Revocation of single binary signatures are possible by simply removing
a binary signature from the SCR.

Revision as of 11:36, 12 September 2013

Source Certification Contract (SCC)

Question:

Are You Who You Say You Are?

Answer:

Trust the Source, User

Overview

SCC aims to allow verification of the binary identity.

Its goal is to verify a binaries source code origins, i.e. that is is build with a unique set of source code.

Design

Use source and binary signature tags stored in accessible source code repository (SCR).

The source tag is provided at build time.

The binary tags are generated for each build and target and retroactively added to the SCR.

The binary contains both, source and binary tags, i.e. it claims a source code identification while providing it's binary identification.

SCC then validates whether both exist and are equal as stored on the SCR.

Revocation

Revocation of single binary signatures are possible by simply removing a binary signature from the SCR.