This is a RESTful web service API for a secure device that can sign message digests for authentication. Generally require https, and some actions need client certificates to log in and perform actions.

Action/Services

initialize(name string) name string -- This is a protected action that creates a new secure device and associates it with a name.

addnew(name string) Generate a key pair and associate them with an id string. The id string is assigned within a local domain of one or more secure servers.

Every node has a private key that it creates at start time and registers the public key according to its odmain protocols. The nodes have a distributed registry of the names (IDs) of nodes and identities in the local domain. Any node can get any public key. Any node can get the list of nodes that can sign for a particular id. 

There may be several public keys (certificates) that are valid at any given time. The continuity of identity is mainained in association with long term unique public identifiers such as domain names, URIs or email addresses.

We should have reverse databases that link the public keys back to these long term ids and are annotated by validity durations.

 

Gives out administrative tokens