diff options
author | Schanzenbach, Martin <martin.schanzenbach@aisec.fraunhofer.de> | 2019-03-02 10:26:19 +0100 |
---|---|---|
committer | Schanzenbach, Martin <martin.schanzenbach@aisec.fraunhofer.de> | 2019-03-02 10:26:19 +0100 |
commit | 42a7638a780bae501bce89bfffb64696ca6e0a9d (patch) | |
tree | 90eecc953a3ac75786d7e76d49d1093217d60d49 /news | |
parent | 7fca429e11f3da160eeab4273df1d911d872dcb3 (diff) | |
download | www-42a7638a780bae501bce89bfffb64696ca6e0a9d.tar.gz www-42a7638a780bae501bce89bfffb64696ca6e0a9d.zip |
update GSoC more
Diffstat (limited to 'news')
-rw-r--r-- | news/2019-02.inc | 48 |
1 files changed, 37 insertions, 11 deletions
diff --git a/news/2019-02.inc b/news/2019-02.inc index 2ac9423c..7d70af97 100644 --- a/news/2019-02.inc +++ b/news/2019-02.inc | |||
@@ -48,12 +48,20 @@ Mentor: Christian Grothoff | |||
48 | <p> | 48 | <p> |
49 | reclaimID is a decentralized identity system build on top of the GNU | 49 | reclaimID is a decentralized identity system build on top of the GNU |
50 | Name System. | 50 | Name System. |
51 | Currently, we piggyback a small authorization ticket in an OpenID authorization | 51 | Upon authorization, the user provides a requesting party (RP) such as a website |
52 | code. | 52 | with an authorization ticket (e.g. piggybacked in an OpenID authorization code). |
53 | This ticket is used by a relying party (e.g. website) to retrieve a decryption | 53 | The RP uses information contained in this ticket to |
54 | key and user attributes. | 54 | <ol> |
55 | However, the lookups can timeout and fail in GNS due to adverse network conditions or | 55 | <li> Retrieve the decryption key from GNS</li> |
56 | empty caches. | 56 | <li> Retrieve the user attributes from GNS</li> |
57 | </ol> | ||
58 | The GNS lookups ensure that the RP receives up-to-date attributes and functional | ||
59 | decryption keys. However, in particular the RP-specific encryption key | ||
60 | resolution can be slow and even fail depending on the network topology. | ||
61 | We propose that in an initial exchange, in particular OpenID authorization code | ||
62 | flows, we try to incorporate key and maybe even an attribute set in the ticket | ||
63 | exchange. | ||
64 | |||
57 | In order to mitigate this issue, this project is meant to investigate and implement how... | 65 | In order to mitigate this issue, this project is meant to investigate and implement how... |
58 | <ol> | 66 | <ol> |
59 | <li> ... decryption keys can be added to an initial exchange in OpenID.</li> | 67 | <li> ... decryption keys can be added to an initial exchange in OpenID.</li> |
@@ -65,13 +73,31 @@ Mentor: Martin Schanzenbach | |||
65 | </section> | 73 | </section> |
66 | 74 | ||
67 | <section> | 75 | <section> |
68 | <h4>reclaimID alternative GNS-based encryption</h4> | 76 | <h4>re:claimID alternative GNS-based encryption</h4> |
69 | <p> | 77 | <p> |
70 | reclaimID is a decentralized identity system build on top of the GNU | 78 | re:claimID is a decentralized identity system build on top of the GNU |
71 | Name System. | 79 | Name System. |
72 | Currently, it uses an encryption scheme called attribute-based encryption. | 80 | The initial design and implementation of re:claimID includes an attribute-based |
73 | However, through the clever use of GNS's built in record encryption, | 81 | encryption module in order to prevent unauthorized access to attributes in the |
74 | it is possible to... | 82 | name system. |
83 | Our motivation for re:claimID was for it to be name system agnostic, which | ||
84 | means the design theoretically also works for other name systems such as | ||
85 | namecoin. | ||
86 | Other name systems often do not have built-in mechanisms in order to do this. | ||
87 | Hence, we implemented an ABE access control layer. Our ABE implementation | ||
88 | requires two third party libraries: libpbc and libgabe. While we could merge | ||
89 | libgabe into the gnunet service implementation of re:claimID, libpbc is a | ||
90 | rather large, third party library which lacks packaging in distributions and | ||
91 | for platforms. | ||
92 | On the other hand, GNS supports record data encryption using symmetric keys as | ||
93 | labels. | ||
94 | If we make the access control layer of re:claimID more generic in order to | ||
95 | support both ABE and GNS encryption, we could reduce the require depenencies. | ||
96 | This would result in gnunet packages to include re:claimID by default. | ||
97 | In combination with the browser plugin above, this would immensly ease dissemination. | ||
98 | |||
99 | |||
100 | In short, the goals are to... | ||
75 | <ol> | 101 | <ol> |
76 | <li> ... improve performance by reducing encryption overhead.</li> | 102 | <li> ... improve performance by reducing encryption overhead.</li> |
77 | <li> ... reduce dependencies.</li> | 103 | <li> ... reduce dependencies.</li> |