Managing Identities in the FreedomBox

One of the primary goals of the FreedomBox project is to enforce its owner's and user's privacy, both in communication and data. For this reason, user and identity management is a core problem to address in the design.

There are a lot of options out there that might be worth considering. Still a lot of them are ongoing works in progress, related to a particular service, or have other limitations.

This page is aimed to define what features the user/identity management should have, and what tools/design can be used to achieve this goals.

This is a Work In Progress(tm). Please help refine this feature definition.

1. Glossary

2. Features

3. GnuTLS

mod_gnutls can be (almost) used to do authenicate clients based on the PGP web of trust. mod_gnu_tls will verify client certificates based on the Web of Trust, but currently there is no way to populate REMOTE_USER based on the client certificates. To use it generally with pre existing software we would need to implement a mod_auth_gnutls apache module that makes the user as successfully authenicated in apache and populates REMOTE_USER.

There are instructions for FreedomBox/ConfiguringModGnuTLS to use 'PGP client' certificates.

4. Using GnuPG

Using GnuPG as part of the solution has advantages:

But also drawbacks:

If this option is chosen, it will probably require a lot of work to build a more intuitive User Interface.

4.1. Design

Here is a draft of one way to use GnuPG as the core identity management option.

5. tools to evaluate

5.1. monkeysphere

The MonkeySphere project improves on ?TLS using a WOT (Web Of Trust), so monkeysphere seems to be a good candidate for use in the FreedomBox project.

5.2. PGP certificates and X.509 certificates

Monkeysphere can create a PGP certificate based on an existing X.509 certificate by extracting its RSA key.

There's a post on Stackoverflow about doing it the other way around, creating a X.509 cert based on a pgp-cert.

Bruno Harbulot wrote a Java class providing a PGP-X509 bridge.

5.3. webID

A WebID is a way to uniquely identify a person, company, organisation, or other agent using a URI.

5.4. FOAF (Friend of a Friend)

The FOAF (Friend of a Friend) project is creating a Web of machine-readable pages describing people, the links between them and the things they create and do








Live Help

Where To Start








To Do








HELP & DISCUSSIONS: Discussion Forum - Mailing List - #freedombox | CONTACT Foundation | JOIN Project

Next call: Sunday, August 25th at 17:00 UTC

Latest news: Announcing Pioneer FreedomBox Kits - 2019-03-26

This page is copyright its contributors and is licensed under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.