This page describes the components the system will require.

User Agent

1. Tor-Enabled Browser

2. Non-Tor-Enabled Browser

3. FBX-UA App

3.1. TODO Create Client Application to Connect to Box Services via Client Cert

Key/Identity Exchange

Used to introduce users to one another.

1. caff

2. FBX-Identity App

2.1. TODO Create Client Application to Manage Key Exchange via Mutual QR-Code

This should be a FBuddy instance that can exercise sensors usually found on mobile-devices for data exchange.

Connectivity

1. Wireless

1.1. TODO Refuse Non-Tor Wireless HTTP Connections

Tor-based connections pass through to destination. Non-Tor connections are stopped by a landing page that teaches the user where to download the TBB (perhaps hosted locally?).

Firewall

Web Server

1. Apache

1.1. DONE Switch FreedomBox site from mod_ssl to mod_gnutls

1.2. TODO Add monkeysphere and msva-perl as dependencies for freedombox-setup

1.3. TODO Add Apache environment variable for Monkeysphere

1.4. TODO Add custom TLS configuration

Authentication (Identification)

1. msva

1.1. TODO Install systemd service file

1.2. TODO Create user wwwmsva

2. mod_auth_env

2.1. TODO Package mod_auth_env for Debian

2.2. TODO Identify (Authenticate) Users from Client Certs

2.3. TODO Get User Id from Client Cert Id

Authorization

1. LDAP

1.1. TODO Map GPG keys to users (by email address?)

1.2. TODO Authorize Users from Client Cert Identity

2. TODO Middleware to Reject Requests that fail Authorization?

Services

1. Plinth

1.1. TODO Manage User's Service Authorization

Enable services for some specific users and not others.

2. Ikiwiki

2.1. TODO Switch authorization from LDAP to Env

3. OwnCloud

4. FreedomBuddy

4.1. TODO Teach Boxes to Exchange Service Location Data Regularly

5. Hello

5.1. TODO Create PGP Keys for End-Users

5.2. TODO Export PGP Keys to SSL Client Certs for End Users

6. TODO Every Service Must Authorize via [[#Authorization|Authorization]]