Versions Compared

Version Old Version 5 New Version 6
Changes made by

Fredrik Ljunggren

Fredrik Ljunggren

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The purpose of the interim key-storage is to get online with management procedures are to provide a temporary Administering Body (AB) function for the early-adapting participants of the Mobile Ticket Specifications. This is not a complete AB as we believe there are more functions to comefull functionality is not required at this stage. The current API is based upon the same principles as the coming API-specs from the project, but the permanent solution will be have more detailedfunctionality.

The interim solution for key storage -management is divided into two parts:

  • The key storage repository where everyone can fetch the key-list on an open using a public url. The keylist key-list, which is updated every 5 minutes, can be fetched from http://api.mobileticket.se/keylist The keylist is updated every 5 minutes.
  • The key handling -management in which a client Participant with a an assigned PID, via email e-mail, can publish or remove public keys.

 

Key-management

Overview

In With the interim key-management mechanism, keys are published to and removed from the keylist via preformatted key-list via a pre-formatted signed e-mail sent to the AB.

Each Participant (with an assigned PID) can take part in the key-management after a "hand shake" where the Participant physically deliver, to a delegate of the AB, their public component of the key used for signing the key-management e-mails.

The acceptance of the key-management key will be verified acknowledged with a signed message in return to the Participant.

The keys shall be delivered in a JSON format signed using JWS (RFC 7515) as specified as here.

Key management requests are sent via e-mail to keyhandling@mobileticket keymanagement@mobileticket.se. After successfully authenticating the content contents of the JSON structure contained within the e-mail, key information are subject to a manual check and then imported into the key management system.

After a successful import the system will send a confirmation email to the predefined recipient of the Participant.

All transactions will be logged.