[sugar] Integration with web apps (and Moodle specifically!)
Mon Sep 4 13:13:47 EDT 2006
Dan Williams wrote:
> We discussed some of this with Simson on Friday. The activity bundles
> will at least be signed by the originator to determine identity, and
> communication in the system will be encrypted to deter
> man-in-the-middle. So you'll at least be able to ensure that, if you're
> passed an activity, nobody modified it in-transit, and that somebody
> signed an activity bundle. Now, whether or not you trust that person is
> a different story, and how/if you ask the child what they want to do
> with it.
> Ideally that integrates into the KCM such that if your friend Kristin
> signed the activity bundle with a private key, and you have Kristin's
> public key stored because you have a trust relationship with her, it's
> all magic.
Is the idea to allow someone to run code produced by a trusted peer? If
the peer's computer is compromised, would it be possible for a virus to
get access to their private key and send a signed and malicious package
to another user?
Ian Bicking | ianb at colorstudy.com | http://blog.ianbicking.org
More information about the Sugar-devel