This page describes the components the system will require. <> == User Agent == === Tor-Enabled Browser === === Non-Tor-Enabled Browser === === FBX-UA App === ==== TODO Create Client Application to Connect to Box Services via Client Cert ==== == Key/Identity Exchange == Used to introduce users to one another. === caff === === FBX-Identity App === ==== TODO Create Client Application to Manage Key Exchange via Mutual QR-Code ==== This should be a FBuddy instance that can exercise sensors usually found on mobile-devices for data exchange. == Connectivity == === Wireless === ==== TODO Refuse Non-Tor Wireless HTTP Connections ==== Tor-based connections pass through to destination. Non-Tor connections are stopped by a landing page that teaches the user where to download the TBB (perhaps hosted locally?). == Firewall == == Web Server == === Apache === ==== DONE Switch FreedomBox site from mod_ssl to mod_gnutls ==== ==== TODO Add monkeysphere and msva-perl as dependencies for freedombox-setup ==== ==== TODO Add Apache environment variable for Monkeysphere ==== ==== TODO Add custom TLS configuration ==== == Authentication (Identification) == === msva === ==== TODO Install systemd service file ==== ==== TODO Create user wwwmsva ==== === mod_auth_env === ==== TODO Package mod_auth_env for Debian ==== ==== TODO Identify (Authenticate) Users from Client Certs ==== ==== TODO Get User Id from Client Cert Id ==== == Authorization == === LDAP === ==== TODO Map GPG keys to users (by email address?) ==== ==== TODO Authorize Users from Client Cert Identity ==== === TODO Middleware to Reject Requests that fail Authorization? === == Services == === Plinth === ==== TODO Manage User's Service Authorization ==== Enable services for some specific users and not others. === Ikiwiki === ==== TODO Switch authorization from LDAP to Env ==== === OwnCloud === === FreedomBuddy === ==== TODO Teach Boxes to Exchange Service Location Data Regularly ==== === Hello === ==== TODO Create PGP Keys for End-Users ==== ==== TODO Export PGP Keys to SSL Client Certs for End Users ==== === TODO Every Service Must Authorize via [[#Authorization|Authorization]] ===