aboutsummaryrefslogtreecommitdiff
path: root/doc/documentation
diff options
context:
space:
mode:
authorSchanzenbach, Martin <martin.schanzenbach@aisec.fraunhofer.de>2018-07-07 11:51:44 +0200
committerSchanzenbach, Martin <martin.schanzenbach@aisec.fraunhofer.de>2018-07-07 11:51:44 +0200
commitead5b511755860cefc793257120338a44a08c9dd (patch)
tree7c35c91d4a55b8dfacb214235aa8241496fdc58c /doc/documentation
parent8d2bd1dd06bc416277f623d2c9d84cf0da5624fe (diff)
downloadgnunet-ead5b511755860cefc793257120338a44a08c9dd.tar.gz
gnunet-ead5b511755860cefc793257120338a44a08c9dd.zip
add some reclaim
Diffstat (limited to 'doc/documentation')
-rw-r--r--doc/documentation/chapters/user.texi93
1 files changed, 93 insertions, 0 deletions
diff --git a/doc/documentation/chapters/user.texi b/doc/documentation/chapters/user.texi
index e91812500..0a62c5fdb 100644
--- a/doc/documentation/chapters/user.texi
+++ b/doc/documentation/chapters/user.texi
@@ -26,6 +26,7 @@ always welcome.
26* First steps - Using the GNUnet VPN:: 26* First steps - Using the GNUnet VPN::
27* File-sharing:: 27* File-sharing::
28* The GNU Name System:: 28* The GNU Name System::
29* reclaim::
29* Using the Virtual Public Network:: 30* Using the Virtual Public Network::
30@end menu 31@end menu
31 32
@@ -1790,6 +1791,98 @@ is thus advisable to disable the namecache by setting the
1790option ``DISABLE'' to ``YES'' in section ``[namecache]''. 1791option ``DISABLE'' to ``YES'' in section ``[namecache]''.
1791 1792
1792 1793
1794@node reclaim
1795@section re:claim Identity Provider
1796
1797The re:claim Identity Provider (IdP) is a decentralized IdP service.
1798It allows its users to manage and authorize third parties to access their identity attributes such as email or shipping addresses.
1799
1800It basically mimics the concepts of centralized IdPs, such as those offered by Google or Facebook.
1801Like other IdPs, re:claim features an (optional) OpenID-Connect 1.0-compliant protocol layer that can be used for websites to integrate re:claim as an Identity Provider with little effort.
1802
1803@menu
1804* reclaim-Attributes::
1805* reclaim-Authorization::
1806* reclaim-Revocation::
1807* reclaim-OpenID::
1808@end menu
1809
1810@node reclaim-Attributes
1811@subsection Managing Attributes
1812
1813Before adding attributes to an identity, you must first create an ego:
1814
1815@example
1816$ gnunet-identity -C "username"
1817@end example
1818
1819Henceforth, you can manage a new user profile of the user ``username''.
1820
1821To add an email address to your user profile, simply use the @command{gnunet-idp} command line tool::
1822
1823@example
1824$ gnunet-idp -e "username" -a "email" -V "username@@example.gnunet"
1825@end example
1826
1827All of your attributes can be listed using the @command{gnunet-idp}
1828command line tool as well:
1829
1830@example
1831$ gnunet-idp -e "username" -D
1832@end example
1833
1834Currently, and by default, attribute values are interpreted as plain text.
1835In the future there might be more value types such as X.509 certificate credentials.
1836
1837@node reclaim-Authorization
1838@subsection Sharing Attributes with Third Parties
1839
1840If you want to allow a third party such as a website or friend to access to your attributes (or a subset thereof) execute:
1841
1842@example
1843$ gnunet-idp -e "username" -r "PKEY" -i "attribute1,attribute2,..."
1844@end example
1845
1846Where "PKEY" is the public key of the third party and "attribute1,attribute2,..." is a comma-separated list of attribute names, such as "email", that you want to share.
1847
1848The command will return a "ticket" string.
1849You must give this "ticket" to the requesting third party.
1850
1851The third party can then retrieve your shared identity attributes using:
1852
1853@example
1854$ gnunet-idp -e "friend" -C "ticket"
1855@end example
1856
1857This will retrieve and list the shared identity attributes.
1858The above command will also work if the user "username" is currently offline since the attributes are retrieved from GNS.
1859Further, the "ticket" can be re-used later to retrieve up-to-date attributes in case "username" has changed the value(s). For instance, becasue his email address changed.
1860
1861To list all given authorizations (tickets) you can execute:
1862@example
1863$ gnunet-idp -e "friend" -T (TODO there is only a REST API for this ATM)
1864@end example
1865
1866
1867@node reclaim-Revocation
1868@subsection Revoking Authorizations of Third Parties
1869
1870If you want to revoke the access of a third party to your attributes you can execute:
1871
1872@example
1873$ gnunet-idp -e "username" -R "ticket"
1874@end example
1875
1876This will prevent the third party from accessing the attribute in the future.
1877Please note that if the third party has previously accessed the attribute, there is not way in which the system could have prevented the thiry party from storing the data.
1878As such, only access to updated data in the future can be revoked.
1879This behaviour is _exactly the same_ as with other IdPs.
1880
1881@node reclaim-OpenID
1882@subsection Using the OpenID-Connect IdP
1883
1884TODO: Document setup and REST endpoints
1885
1793@node Using the Virtual Public Network 1886@node Using the Virtual Public Network
1794@section Using the Virtual Public Network 1887@section Using the Virtual Public Network
1795 1888