Managing Identities in the FreedomBox

Contents

Managing Identities in the FreedomBox

One of the primary goals of the FreedomBox project is to enforce its owner's and user's privacy, both in communication and data. For this reason, user and identity management is a core problem to address in the design.

There are a lot of options out there that might be worth considering. Still a lot of them are ongoing works in progress, related to a particular service, or have other limitations.

This page is aimed to define what features the user/identity management should have, and what tools/design can be used to achieve this goals.

This is a Work In Progress(tm). Please help refine this feature definition.

Glossary

Owner(s): Administrative account on the FreedomBox.
User(s): refers to a system user, which would be the login used to connect to a FreedomBox account.
Identit{y,ies}: refers to a virtual (or service) identity.

Features

The User/Identity management must enforce privacy and avoid leaks of information.
Users/Owners of a FreedomBox should be able to have several Identities.
Identities must not be linked publicly to a User.
Identities or Users may not be linked to a Legal Name.
Identities should be able to use several services, not always hosted on the same FreedomBox. Thus there should be a way to publish this information, either publicly or privately.
There must be strong ways to authenticate an Identity as well as a User.
There must be strong ways to verify an Identity ownership.

GnuTLS

mod_gnutls can be (almost) used to do authenicate clients based on the PGP web of trust. mod_gnu_tls will verify client certificates based on the Web of Trust, but currently there is no way to populate REMOTE_USER based on the client certificates. To use it generally with pre existing software we would need to implement a mod_auth_gnutls apache module that makes the user as successfully authenicated in apache and populates REMOTE_USER.

There are instructions for FreedomBox/ConfiguringModGnuTLS to use 'PGP client' certificates.

Using GnuPG

Using GnuPG as part of the solution has advantages:

It can provide strong authentication.
It already has a global way to share verification of identities. This can also be made in a more private fashion, by either sharing non-exportable signatures, or using a private keyserver.
The owner of a GnuPG key can define a private trust policy (which can also be a drawback).

But also drawbacks:

Its User Interface is not really intuitive
The concepts it uses can be quite tricky to understand correctly.
It doesn't allow shared trust.
It reveals links between Identities. There is actually no way for a GnuPG key owner to be sure that these links won't be published by someone else. Everyone can publish an exportable signature.

If this option is chosen, it will probably require a lot of work to build a more intuitive User Interface.

Design

Here is a draft of one way to use GnuPG as the core identity management option.

Each FreedomBox has one or more GnuPG keys. These keys are managed by the FreedomBox owner(s).
Each Freedombox GnuPG key can have several UIDs, each UID belonging to a service hosted by this Freedombox (this is similar to the MonkeySphere "service names" concept).
A FreedomBox can have several Users, as well as several Owners.
A Freedombox User may have several GnuPG keys, one per Identity.
An identity can use services from several different Freedomboxes.
Signing a Freedombox service UID with one of her identity GnuPG keys advertises how this Identity can be contacted (i.e sign the https://some.freedombox.org service GnuPG key UID, to advertise where her webpages are hosted).

tools to evaluate

monkeysphere

The MonkeySphere project improves on ?TLS using a WOT (Web Of Trust), so monkeysphere seems to be a good candidate for use in the FreedomBox project.

PGP certificates and X.509 certificates

Monkeysphere can create a PGP certificate based on an existing X.509 certificate by extracting its RSA key.

There's a post on Stackoverflow about doing it the other way around, creating a X.509 cert based on a pgp-cert.

Bruno Harbulot wrote a Java class providing a PGP-X509 bridge.

webID

A WebID is a way to uniquely identify a person, company, organisation, or other agent using a URI.

FOAF (Friend of a Friend)

The FOAF (Friend of a Friend) project is creating a Web of machine-readable pages describing people, the links between them and the things they create and do

Intro	Information	Support	Contribute		Reports	Promote
Vision	Hardware	Live Help	Where To Start	Translate	Calls	Talks
Overview	Download	Q&A	To Do	Design	Releases	Press
Features	Manual		Contributors	Code		Blog
FreedomBox for Communities			FreedomBox Developer Manual

HELP & DISCUSSIONS: Discussion Forum - Matrix - Mailing List - #freedombox irc.debian.org | CONTACT Foundation | JOIN Project

Next call: Saturday, August 09 at 14:00 UTC

This page is copyright its contributors and is licensed under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

CategoryFreedomBox

FreedomBoxDesignIdentityManagement