update GSoC more

author: Schanzenbach, Martin <martin.schanzenbach@aisec.fraunhofer.de> 2019-03-02 10:26:19 +0100
committer: Schanzenbach, Martin <martin.schanzenbach@aisec.fraunhofer.de> 2019-03-02 10:26:19 +0100
commit: 42a7638a780bae501bce89bfffb64696ca6e0a9d (patch)
tree: 90eecc953a3ac75786d7e76d49d1093217d60d49 /news
parent: 7fca429e11f3da160eeab4273df1d911d872dcb3 (diff)
download: www-42a7638a780bae501bce89bfffb64696ca6e0a9d.tar.gz
www-42a7638a780bae501bce89bfffb64696ca6e0a9d.zip
1 files changed, 37 insertions, 11 deletions
diff --git a/news/2019-02.inc b/news/2019-02.inc
index 2ac9423c..7d70af97 100644
--- a/news/2019-02.inc
+++ b/news/2019-02.inc
@@ -48,12 +48,20 @@ Mentor: Christian Grothoff
 <p>
 reclaimID is a decentralized identity system build on top of the GNU
 Name System.
-Currently, we piggyback a small authorization ticket in an OpenID authorization
+Upon authorization, the user provides a requesting party (RP) such as a website
-code.
+with an authorization ticket (e.g. piggybacked in an OpenID authorization code).
-This ticket is used by a relying party (e.g. website) to retrieve a decryption
+The RP uses information contained in this ticket to
-key and user attributes.
+<ol>
-However, the lookups can timeout and fail in GNS due to adverse network conditions or
+<li> Retrieve the decryption key from GNS</li>
-empty caches.
+<li> Retrieve the user attributes from GNS</li>
+</ol>
+The GNS lookups ensure that the RP receives up-to-date attributes and functional
+decryption keys. However, in particular the RP-specific encryption key
+resolution can be slow and even fail depending on the network topology.
+We propose that in an initial exchange, in particular OpenID authorization code
+flows, we try to incorporate key and maybe even an attribute set in the ticket
+exchange.
 In order to mitigate this issue, this project is meant to investigate and implement how...
 <ol>
 <li> ... decryption keys can be added to an initial exchange in OpenID.</li>
@@ -65,13 +73,31 @@ Mentor: Martin Schanzenbach
 </section>
 <section>
-<h4>reclaimID alternative GNS-based encryption</h4>
+<h4>re:claimID alternative GNS-based encryption</h4>
 <p>
-reclaimID is a decentralized identity system build on top of the GNU
+re:claimID is a decentralized identity system build on top of the GNU
 Name System.
-Currently, it uses an encryption scheme called attribute-based encryption.
+The initial design and implementation of re:claimID includes an attribute-based
-However, through the clever use of GNS's built in record encryption,
+encryption module in order to prevent unauthorized access to attributes in the
-it is possible to...
+name system.
+Our motivation for re:claimID was for it to be name system agnostic, which
+means the design theoretically also works for other name systems such as
+namecoin.
+Other name systems often do not have built-in mechanisms in order to do this.
+Hence, we implemented an ABE access control layer. Our ABE implementation
+requires two third party libraries: libpbc and libgabe. While we could merge
+libgabe into the gnunet service implementation of re:claimID, libpbc is a
+rather large, third party library which lacks packaging in distributions and
+for platforms.
+On the other hand, GNS supports record data encryption using symmetric keys as
+labels.
+If we make the access control layer of re:claimID more generic in order to
+support both ABE and GNS encryption, we could reduce the require depenencies.
+This would result in gnunet packages to include re:claimID by default.
+In combination with the browser plugin above, this would immensly ease dissemination.
+In short, the goals are to...
 <ol>
 <li> ... improve performance by reducing encryption overhead.</li>
 <li> ... reduce dependencies.</li>
author	Schanzenbach, Martin <martin.schanzenbach@aisec.fraunhofer.de>	2019-03-02 10:26:19 +0100
committer	Schanzenbach, Martin <martin.schanzenbach@aisec.fraunhofer.de>	2019-03-02 10:26:19 +0100
commit	42a7638a780bae501bce89bfffb64696ca6e0a9d (patch)
tree	90eecc953a3ac75786d7e76d49d1093217d60d49 /news
parent	7fca429e11f3da160eeab4273df1d911d872dcb3 (diff)
download	www-42a7638a780bae501bce89bfffb64696ca6e0a9d.tar.gz www-42a7638a780bae501bce89bfffb64696ca6e0a9d.zip

diff --git a/news/2019-02.inc b/news/2019-02.inc index 2ac9423c..7d70af97 100644 --- a/news/2019-02.inc +++ b/news/2019-02.inc
@@ -48,12 +48,20 @@ Mentor: Christian Grothoff
48	<p>	48	<p>
49	reclaimID is a decentralized identity system build on top of the GNU	49	reclaimID is a decentralized identity system build on top of the GNU
50	Name System.	50	Name System.
51	Currently, we piggyback a small authorization ticket in an OpenID authorization	51	Upon authorization, the user provides a requesting party (RP) such as a website
52	code.	52	with an authorization ticket (e.g. piggybacked in an OpenID authorization code).
53	This ticket is used by a relying party (e.g. website) to retrieve a decryption	53	The RP uses information contained in this ticket to
54	key and user attributes.	54	<ol>
55	However, the lookups can timeout and fail in GNS due to adverse network conditions or	55	<li> Retrieve the decryption key from GNS</li>
56	empty caches.	56	<li> Retrieve the user attributes from GNS</li>
		57	</ol>
		58	The GNS lookups ensure that the RP receives up-to-date attributes and functional
		59	decryption keys. However, in particular the RP-specific encryption key
		60	resolution can be slow and even fail depending on the network topology.
		61	We propose that in an initial exchange, in particular OpenID authorization code
		62	flows, we try to incorporate key and maybe even an attribute set in the ticket
		63	exchange.
		64
57	In order to mitigate this issue, this project is meant to investigate and implement how...	65	In order to mitigate this issue, this project is meant to investigate and implement how...
58	<ol>	66	<ol>
59	<li> ... decryption keys can be added to an initial exchange in OpenID.</li>	67	<li> ... decryption keys can be added to an initial exchange in OpenID.</li>
@@ -65,13 +73,31 @@ Mentor: Martin Schanzenbach
65	</section>	73	</section>
66		74
67	<section>	75	<section>
68	<h4>reclaimID alternative GNS-based encryption</h4>	76	<h4>re:claimID alternative GNS-based encryption</h4>
69	<p>	77	<p>
70	reclaimID is a decentralized identity system build on top of the GNU	78	re:claimID is a decentralized identity system build on top of the GNU
71	Name System.	79	Name System.
72	Currently, it uses an encryption scheme called attribute-based encryption.	80	The initial design and implementation of re:claimID includes an attribute-based
73	However, through the clever use of GNS's built in record encryption,	81	encryption module in order to prevent unauthorized access to attributes in the
74	it is possible to...	82	name system.
		83	Our motivation for re:claimID was for it to be name system agnostic, which
		84	means the design theoretically also works for other name systems such as
		85	namecoin.
		86	Other name systems often do not have built-in mechanisms in order to do this.
		87	Hence, we implemented an ABE access control layer. Our ABE implementation
		88	requires two third party libraries: libpbc and libgabe. While we could merge
		89	libgabe into the gnunet service implementation of re:claimID, libpbc is a
		90	rather large, third party library which lacks packaging in distributions and
		91	for platforms.
		92	On the other hand, GNS supports record data encryption using symmetric keys as
		93	labels.
		94	If we make the access control layer of re:claimID more generic in order to
		95	support both ABE and GNS encryption, we could reduce the require depenencies.
		96	This would result in gnunet packages to include re:claimID by default.
		97	In combination with the browser plugin above, this would immensly ease dissemination.
		98
		99
		100	In short, the goals are to...
75	<ol>	101	<ol>
76	<li> ... improve performance by reducing encryption overhead.</li>	102	<li> ... improve performance by reducing encryption overhead.</li>
77	<li> ... reduce dependencies.</li>	103	<li> ... reduce dependencies.</li>