diff options
Diffstat (limited to 'template/gsoc.html.j2')
| -rw-r--r-- | template/gsoc.html.j2 | 98 |
1 files changed, 40 insertions, 58 deletions
diff --git a/template/gsoc.html.j2 b/template/gsoc.html.j2 index 43ed1876..898fde13 100644 --- a/template/gsoc.html.j2 +++ b/template/gsoc.html.j2 | |||
| @@ -69,29 +69,32 @@ | |||
| 69 | </section> | 69 | </section> |
| 70 | 70 | ||
| 71 | <section> | 71 | <section> |
| 72 | <h4>re:claimID OpenID Connect performance improvements</h4> | 72 | <h4>re:claimID/GNUnet Browser Plugin</h4> |
| 73 | <p> | 73 | <p> |
| 74 | {% trans %} | 74 | {% trans %} |
| 75 | reclaimID is a decentralized identity system build on top of the GNU | 75 | reclaimID is a decentralized identity system build on top of the GNU |
| 76 | Name System. | 76 | Name System. |
| 77 | Upon authorization, the user provides a requesting party (RP) such as a website | 77 | Currently, there is a Webextension which uses the GNUnet <a href="https://rest.gnunet.org">REST API</a>. |
| 78 | with an authorization ticket (e.g. piggybacked in an OpenID authorization code). | 78 | In order to improve adoption and ease of use, this project aims to include |
| 79 | The RP uses information contained in this ticket to | 79 | a full GNUnet node within the Webextention as a fallback. |
| 80 | GNUnet can be compiled to Web Assembly or JavaScript as demonstrated | ||
| 81 | <a href="https://gnunet.io">here</a>. | ||
| 82 | The idea is to improve upon this concept and support more of GNUnet's | ||
| 83 | subsystems. | ||
| 84 | |||
| 85 | The difficulty of this project largely depends on the students | ||
| 86 | proficiency with build tools, emscripten and improvisation skills. | ||
| 87 | There non-exhaustive task list would be: | ||
| 80 | <ol> | 88 | <ol> |
| 81 | <li> Retrieve the decryption key from GNS</li> | 89 | <li>Improve existing GNUnet emscripten build to include more subsystems.</li> |
| 82 | <li> Retrieve the user attributes from GNS</li> | 90 | <li>Integrate the result into a Webextention.</li> |
| 91 | <li>Integrate the result into the re:claimID Webextension</li> | ||
| 83 | </ol> | 92 | </ol> |
| 84 | The GNS lookups ensure that the RP receives up-to-date attributes and functional | 93 | Advantageous skills/languages/frameworks: |
| 85 | decryption keys. However, in particular the RP-specific encryption key | ||
| 86 | resolution can be slow and even fail depending on the network topology. | ||
| 87 | We propose that in an initial exchange, in particular OpenID authorization code | ||
| 88 | flows, we try to incorporate key and maybe even an attribute set in the ticket | ||
| 89 | exchange. | ||
| 90 | |||
| 91 | In order to mitigate this issue, this project is meant to investigate and implement how... | ||
| 92 | <ol> | 94 | <ol> |
| 93 | <li> ... decryption keys can be added to an initial exchange in OpenID.</li> | 95 | <li>C</li> |
| 94 | <li> ... initial set(s) of attributes can be piggybacked in OpenID.</li> | 96 | <li>emscripten</li> |
| 97 | <li>Webextensions</li> | ||
| 95 | </ol> | 98 | </ol> |
| 96 | <br/> | 99 | <br/> |
| 97 | <strong>Mentors:</strong> Martin Schanzenbach | 100 | <strong>Mentors:</strong> Martin Schanzenbach |
| @@ -100,34 +103,32 @@ | |||
| 100 | </section> | 103 | </section> |
| 101 | 104 | ||
| 102 | <section> | 105 | <section> |
| 103 | <h4>re:claimID alternative GNS-based encryption</h4> | 106 | <h4>Canonical statistics identifier</h4> |
| 104 | <p> | 107 | <p> |
| 105 | {% trans %} | 108 | {% trans %} |
| 106 | re:claimID is a decentralized identity system build on top of the GNU | 109 | Currently, the keys in our statistics database are too verbose. |
| 107 | Name System. | 110 | For example: |
| 108 | The initial design and implementation of re:claimID includes an attribute-based | 111 | </p> |
| 109 | encryption module in order to prevent unauthorized access to attributes in the | 112 | <p> |
| 110 | name system. | 113 | nse # flood messages received: 13<br/> |
| 111 | Our motivation for re:claimID was for it to be name system agnostic, which | 114 | nse # peers connected: 4<br/> |
| 112 | means the design theoretically also works for other name systems such as | 115 | nse # nodes in the network (estimate): 203<br/> |
| 113 | namecoin. | 116 | nse # flood messages started: 5<br/> |
| 114 | Other name systems often do not have built-in mechanisms in order to do this. | 117 | nse # estimated network diameter: 3<br/> |
| 115 | Hence, we implemented an ABE access control layer. Our ABE implementation | 118 | nse # flood messages transmitted: 10<br/> |
| 116 | requires two third party libraries: libpbc and libgabe. While we could merge | 119 | </p> |
| 117 | libgabe into the gnunet service implementation of re:claimID, libpbc is a | 120 | <p> |
| 118 | rather large, third party library which lacks packaging in distributions and | 121 | With such verbose keys there's no easy way to form compact JSON |
| 119 | for platforms. | 122 | document or entries for time-series database. |
| 120 | On the other hand, GNS supports record data encryption using symmetric keys as | 123 | And you can't query single stats without having to copypaste the line |
| 121 | labels. | 124 | exactly and put in quotes. |
| 122 | If we make the access control layer of re:claimID more generic in order to | ||
| 123 | support both ABE and GNS encryption, we could reduce the required depenencies. | ||
| 124 | This would result in gnunet packages to include re:claimID by default. | ||
| 125 | |||
| 126 | In short, the goals are to... | 125 | In short, the goals are to... |
| 127 | <ol> | 126 | <ol> |
| 128 | <li> ... improve performance by reducing encryption overhead.</li> | 127 | <li>Thing of a way how statistics entries can be made canonical.</li> |
| 129 | <li> ... reduce dependencies.</li> | 128 | <li>Implement the change and migrate existing uses.</li> |
| 129 | <li>Document the format(s) and define an appropriate registration mechanism for identifiers</li> | ||
| 130 | </ol> | 130 | </ol> |
| 131 | Relevant bugs: <a href="https://bugs.gnunet.org/view.php?id=5650">#5650</a> | ||
| 131 | <br/> | 132 | <br/> |
| 132 | <strong>Mentors:</strong> Martin Schanzenbach | 133 | <strong>Mentors:</strong> Martin Schanzenbach |
| 133 | {% endtrans %} | 134 | {% endtrans %} |
| @@ -233,25 +234,6 @@ | |||
| 233 | </p> | 234 | </p> |
| 234 | </section> | 235 | </section> |
| 235 | <section> | 236 | <section> |
| 236 | <h4>RESTful GNUnet</h4> | ||
| 237 | <p> | ||
| 238 | {% trans %} | ||
| 239 | Design and implementation | ||
| 240 | of <a href="http://jsonapi.org/">REST APIs</a> that expose | ||
| 241 | the | ||
| 242 | <a href="https://docs.gnunet.org/doxygen/modules.html">GNUnet API</a> | ||
| 243 | so that easy, hands-on development is | ||
| 244 | possible. Also, browser-based UIs will be much easier to | ||
| 245 | create on top of REST APIs. | ||
| 246 | {% endtrans %} | ||
| 247 | </p> | ||
| 248 | <p> | ||
| 249 | {% trans %} | ||
| 250 | <strong>Mentors:</strong> Martin Schanzenbach | ||
| 251 | {% endtrans %} | ||
| 252 | </p> | ||
| 253 | </section> | ||
| 254 | <section> | ||
| 255 | <h4>Rust implementation of GNUnet utils</h4> | 237 | <h4>Rust implementation of GNUnet utils</h4> |
| 256 | <p> | 238 | <p> |
| 257 | {% trans %} | 239 | {% trans %} |