Managing Identities in the FreedomBox

One of the primary goals of the FreedomBox project is to enforce its owner's and user's privacy, both in communication and data. For this reason, user and identity management is a core problem to address in the design.

There are a lot of options out there that might be worth considering. Still a lot of them are ongoing works in progress, related to a particular service, or have other limitations.

This page is aimed to define what features the user/identity management should have, and what tools/design can be used to achieve this goals.

This is a Work In Progress(tm). Please help refine this feature definition.

1. Glossary

2. Features

3. GnuTLS

mod_gnutls can be (almost) used to do authenicate clients based on the PGP web of trust. mod_gnu_tls will verify client certificates based on the Web of Trust, but currently there is no way to populate REMOTE_USER based on the client certificates. To use it generally with pre existing software we would need to implement a mod_auth_gnutls apache module that makes the user as successfully authenicated in apache and populates REMOTE_USER.

There are instructions for FreedomBox/ConfiguringModGnuTLS to use 'PGP client' certificates.

4. Using GnuPG

Using GnuPG as part of the solution has advantages:

But also drawbacks:

If this option is chosen, it will probably require a lot of work to build a more intuitive User Interface.

4.1. Design

Here is a draft of one way to use GnuPG as the core identity management option.

5. tools to evaluate

5.1. monkeysphere

The MonkeySphere project improves on ?TLS using a WOT (Web Of Trust), so monkeysphere seems to be a good candidate for use in the FreedomBox project.

5.2. PGP certificates and X.509 certificates

Monkeysphere can create a PGP certificate based on an existing X.509 certificate by extracting its RSA key.

There's a post on Stackoverflow about doing it the other way around, creating a X.509 cert based on a pgp-cert.

Bruno Harbulot wrote a Java class providing a PGP-X509 bridge.

5.3. webID

A WebID is a way to uniquely identify a person, company, organisation, or other agent using a URI.

5.4. FOAF (Friend of a Friend)

The FOAF (Friend of a Friend) project is creating a Web of machine-readable pages describing people, the links between them and the things they create and do


Information

Support

Contribute

Reports

Promote

Overview

Hardware

Live Help

Where To Start

Translate

Calls

Talks

Features

Vision

Q&A

Design

To Do

Releases

Press

Download

Manual

Code

Contributors

Blog

HELP & DISCUSSIONS: Discussion Forum - Mailing List - #freedombox irc.debian.org | CONTACT Foundation | JOIN Project

Next call: Sunday, August 25th at 17:00 UTC

Latest news: Announcing Pioneer FreedomBox Kits - 2019-03-26

This page is copyright its contributors and is licensed under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.


CategoryFreedomBox