Differences between revisions 1 and 2
Revision 1 as of 2015-06-28 22:09:15
Size: 1785
Editor: ?NickDaly
Comment: Created page.
Revision 2 as of 2015-07-04 15:43:03
Size: 1853
Comment: add a todo
Deletions are marked like this. Additions are marked like this.
Line 41: Line 41:
==== TODO Switch FreedomBox site from mod_ssl to mod_gnutls ====

This page describes the components the system will require.

User Agent

Tor-Enabled Browser

Non-Tor-Enabled Browser

FBX-UA App

TODO Create Client Application to Connect to Box Services via Client Cert

Key/Identity Exchange

Used to introduce users to one another.

caff

FBX-Identity App

TODO Create Client Application to Manage Key Exchange via Mutual QR-Code

This should be a FBuddy instance that can exercise sensors usually found on mobile-devices for data exchange.

Connectivity

Wireless

TODO Refuse Non-Tor Wireless HTTP Connections

Tor-based connections pass through to destination. Non-Tor connections are stopped by a landing page that teaches the user where to download the TBB (perhaps hosted locally?).

Firewall

Web Server

Apache

TODO Switch FreedomBox site from mod_ssl to mod_gnutls

Authentication (Identification)

mod_auth_env

TODO Identify (Authenticate) Users from Client Certs

TODO Get User Id from Client Cert Id

Authorization

LDAP

TODO Authorize Users from Client Cert Identity

TODO Middleware to Reject Requests that fail Authorization?

Services

Plinth

TODO Manage User's Service Authorization

Enable services for some specific users and not others.

Ikiwiki

OwnCloud

FreedomBuddy

TODO Teach Boxes to Exchange Service Location Data Regularly

Hello

TODO Create PGP Keys for End-Users

TODO Export PGP Keys to SSL Client Certs for End Users

TODO Every Service Must Authorize via [[#Authorization|Authorization]]