For example,

• Consumer names:

  • Certificate name: /ndn/member0/KEY/ksk-1456805664/ID-CERT/%FD%00%00%01S0bVr
  • Key name: /ndn/member0/ksk-1456805664
  • Group name: /prefix/READ/a
  • Tries to consume: /prefix/SAMPLE/a/b/c/20150825T080000

• Consumer actions and knowledge:

  • Publish its own certificate
  • Consume data (issue interest for data name, gets encrypted data name, asks for encrypted C-key, asks for encrypted D-key to decrypt the C-key, consults local database to decrypt the D-key)
  • Knows the group name it's in

• Producer:

  • Produced data name: /prefix/SAMPLE/a/b/c/20150825T080000/FOR/prefix/SAMPLE/a/b/c/C-KEY/20150825T080000
  • C-key name: /prefix/SAMPLE/a/b/c/C-KEY/20150825T080000

• Producer actions and knowledge:

  • Produce and publish data
  • Try to fetch keys from all group whose name is a prefix of the producer
  • Encrypts C-key with the fetched group public key, and publishes encrypted C-key

• Group manager:

  • Group name: /prefix/SAMPLE/a (prefix = "/prefix", dataType = "a")
  • Group's public key: /prefix/READ/a/E-KEY/20150825T050000/20150825T100000
  • Group's encrypted D-key for a consumer: /prefix/READ/a/D-KEY/20150825T050000/20150825T100000/FOR/ndn/member0/ksk-1456805664

• Group manager actions and knowledge:

  • Adds member with the certificate name "/ndn/member0/KEY/ksk-1456805664/ID-CERT/%FD%00%00%01S0bVr"
  • Publish the group's public key, generate E-key and D-key for its member, and publish encrypted D-key for each member

• (For now) Install a custom branch of PyNDN2, with fixes in NBAC library functionalities (with getGroupKey and producer exclusion range change) ([sudo] python setup.py install [--user])
• Start NFD, if testing all 3 (producer, manager, consumer) on the same local machine, consider use multicast strategy for /org/openmhealth
• Run group-manager (python test_group_mananger.py) (the sequence of doing things, unfortunately, matters!)
• Run example producer (cd producer, python example_data_producer.py)
• Run consumer (python test_consumer_python.py for a simple consumer; or python dpu.py for a test DPU, and launch dvu/index.html for another consumer example, or trigger simple DPU computation (bounding box))

Video walkthrough (screen recording): https://www.youtube.com/watch?v=3l2w30rZqdk

For now all the names (identity, produced data names, etc); some components may not be calling "createIdentityAndCertificate" if desired identities don't exist, so please consider "ndnsec-keygen"

To access existing encrypted data on memoria.ndn.ucla.edu, use this consumer key pair and certificate: https://github.com/zhehaowang/sample-omh-dpu/tree/master/certs