diff options
Diffstat (limited to 'template/gsoc.html.j2')
-rw-r--r-- | template/gsoc.html.j2 | 98 |
1 files changed, 40 insertions, 58 deletions
diff --git a/template/gsoc.html.j2 b/template/gsoc.html.j2 index 43ed1876..898fde13 100644 --- a/template/gsoc.html.j2 +++ b/template/gsoc.html.j2 | |||
@@ -69,29 +69,32 @@ | |||
69 | </section> | 69 | </section> |
70 | 70 | ||
71 | <section> | 71 | <section> |
72 | <h4>re:claimID OpenID Connect performance improvements</h4> | 72 | <h4>re:claimID/GNUnet Browser Plugin</h4> |
73 | <p> | 73 | <p> |
74 | {% trans %} | 74 | {% trans %} |
75 | reclaimID is a decentralized identity system build on top of the GNU | 75 | reclaimID is a decentralized identity system build on top of the GNU |
76 | Name System. | 76 | Name System. |
77 | Upon authorization, the user provides a requesting party (RP) such as a website | 77 | Currently, there is a Webextension which uses the GNUnet <a href="https://rest.gnunet.org">REST API</a>. |
78 | with an authorization ticket (e.g. piggybacked in an OpenID authorization code). | 78 | In order to improve adoption and ease of use, this project aims to include |
79 | The RP uses information contained in this ticket to | 79 | a full GNUnet node within the Webextention as a fallback. |
80 | GNUnet can be compiled to Web Assembly or JavaScript as demonstrated | ||
81 | <a href="https://gnunet.io">here</a>. | ||
82 | The idea is to improve upon this concept and support more of GNUnet's | ||
83 | subsystems. | ||
84 | |||
85 | The difficulty of this project largely depends on the students | ||
86 | proficiency with build tools, emscripten and improvisation skills. | ||
87 | There non-exhaustive task list would be: | ||
80 | <ol> | 88 | <ol> |
81 | <li> Retrieve the decryption key from GNS</li> | 89 | <li>Improve existing GNUnet emscripten build to include more subsystems.</li> |
82 | <li> Retrieve the user attributes from GNS</li> | 90 | <li>Integrate the result into a Webextention.</li> |
91 | <li>Integrate the result into the re:claimID Webextension</li> | ||
83 | </ol> | 92 | </ol> |
84 | The GNS lookups ensure that the RP receives up-to-date attributes and functional | 93 | Advantageous skills/languages/frameworks: |
85 | decryption keys. However, in particular the RP-specific encryption key | ||
86 | resolution can be slow and even fail depending on the network topology. | ||
87 | We propose that in an initial exchange, in particular OpenID authorization code | ||
88 | flows, we try to incorporate key and maybe even an attribute set in the ticket | ||
89 | exchange. | ||
90 | |||
91 | In order to mitigate this issue, this project is meant to investigate and implement how... | ||
92 | <ol> | 94 | <ol> |
93 | <li> ... decryption keys can be added to an initial exchange in OpenID.</li> | 95 | <li>C</li> |
94 | <li> ... initial set(s) of attributes can be piggybacked in OpenID.</li> | 96 | <li>emscripten</li> |
97 | <li>Webextensions</li> | ||
95 | </ol> | 98 | </ol> |
96 | <br/> | 99 | <br/> |
97 | <strong>Mentors:</strong> Martin Schanzenbach | 100 | <strong>Mentors:</strong> Martin Schanzenbach |
@@ -100,34 +103,32 @@ | |||
100 | </section> | 103 | </section> |
101 | 104 | ||
102 | <section> | 105 | <section> |
103 | <h4>re:claimID alternative GNS-based encryption</h4> | 106 | <h4>Canonical statistics identifier</h4> |
104 | <p> | 107 | <p> |
105 | {% trans %} | 108 | {% trans %} |
106 | re:claimID is a decentralized identity system build on top of the GNU | 109 | Currently, the keys in our statistics database are too verbose. |
107 | Name System. | 110 | For example: |
108 | The initial design and implementation of re:claimID includes an attribute-based | 111 | </p> |
109 | encryption module in order to prevent unauthorized access to attributes in the | 112 | <p> |
110 | name system. | 113 | nse # flood messages received: 13<br/> |
111 | Our motivation for re:claimID was for it to be name system agnostic, which | 114 | nse # peers connected: 4<br/> |
112 | means the design theoretically also works for other name systems such as | 115 | nse # nodes in the network (estimate): 203<br/> |
113 | namecoin. | 116 | nse # flood messages started: 5<br/> |
114 | Other name systems often do not have built-in mechanisms in order to do this. | 117 | nse # estimated network diameter: 3<br/> |
115 | Hence, we implemented an ABE access control layer. Our ABE implementation | 118 | nse # flood messages transmitted: 10<br/> |
116 | requires two third party libraries: libpbc and libgabe. While we could merge | 119 | </p> |
117 | libgabe into the gnunet service implementation of re:claimID, libpbc is a | 120 | <p> |
118 | rather large, third party library which lacks packaging in distributions and | 121 | With such verbose keys there's no easy way to form compact JSON |
119 | for platforms. | 122 | document or entries for time-series database. |
120 | On the other hand, GNS supports record data encryption using symmetric keys as | 123 | And you can't query single stats without having to copypaste the line |
121 | labels. | 124 | exactly and put in quotes. |
122 | If we make the access control layer of re:claimID more generic in order to | ||
123 | support both ABE and GNS encryption, we could reduce the required depenencies. | ||
124 | This would result in gnunet packages to include re:claimID by default. | ||
125 | |||
126 | In short, the goals are to... | 125 | In short, the goals are to... |
127 | <ol> | 126 | <ol> |
128 | <li> ... improve performance by reducing encryption overhead.</li> | 127 | <li>Thing of a way how statistics entries can be made canonical.</li> |
129 | <li> ... reduce dependencies.</li> | 128 | <li>Implement the change and migrate existing uses.</li> |
129 | <li>Document the format(s) and define an appropriate registration mechanism for identifiers</li> | ||
130 | </ol> | 130 | </ol> |
131 | Relevant bugs: <a href="https://bugs.gnunet.org/view.php?id=5650">#5650</a> | ||
131 | <br/> | 132 | <br/> |
132 | <strong>Mentors:</strong> Martin Schanzenbach | 133 | <strong>Mentors:</strong> Martin Schanzenbach |
133 | {% endtrans %} | 134 | {% endtrans %} |
@@ -233,25 +234,6 @@ | |||
233 | </p> | 234 | </p> |
234 | </section> | 235 | </section> |
235 | <section> | 236 | <section> |
236 | <h4>RESTful GNUnet</h4> | ||
237 | <p> | ||
238 | {% trans %} | ||
239 | Design and implementation | ||
240 | of <a href="http://jsonapi.org/">REST APIs</a> that expose | ||
241 | the | ||
242 | <a href="https://docs.gnunet.org/doxygen/modules.html">GNUnet API</a> | ||
243 | so that easy, hands-on development is | ||
244 | possible. Also, browser-based UIs will be much easier to | ||
245 | create on top of REST APIs. | ||
246 | {% endtrans %} | ||
247 | </p> | ||
248 | <p> | ||
249 | {% trans %} | ||
250 | <strong>Mentors:</strong> Martin Schanzenbach | ||
251 | {% endtrans %} | ||
252 | </p> | ||
253 | </section> | ||
254 | <section> | ||
255 | <h4>Rust implementation of GNUnet utils</h4> | 237 | <h4>Rust implementation of GNUnet utils</h4> |
256 | <p> | 238 | <p> |
257 | {% trans %} | 239 | {% trans %} |