[Authentication] Mission statement

Michael Leupold lemma at confuego.org
Fri Oct 17 10:24:04 PDT 2008 

Hi everyone,

I figure this list isn't that populated yet but I finally found some time to 
put together what I want this project to be about.

In short I want to build a specification and implementation for a cross-
desktop single-signon daemon. The user authenticates to the daemon once and 
gets his passwords/private keys unlocked. Trusted applications can then access 
the secrets the daemon holds whereas secret data is not accessible to other 
"untrusted" programs.

Having this mechanisms shared between desktops (eg. GNOME, KDE) as well as 
"third-party" applications like the Mozilla applications will provide a major 
benefit to users by unifying various mechanisms.

Currently KDE uses the KDE wallet system for password storage. GNOME uses the 
keyring daemon which provides passwords and private keys (using different 
algorithms). Other applications seem to mostly use scrambled password files to 
store their secrets.

By providing a common specification/daemon, users will only have to 
authenticate to such a daemon once (or maybe even not at all if unlocking the 
secret storage at login time). Their secrets will be stored as safe as the 
platform the desktop is running on allows.
It will of course also benefit the developers as there's only one scheme and 
one implementation to support and thus only one implementation to keep secure.

Having worked on kwalletd I also had a look at keyring. It's pretty clear that 
keyring is way ahead eg. by providing a PKCS#11 module so other applications 
supporting it can use private keys shared by keyring. Thus I asked if KDE 
would oppose adopting keyring as a common implementation. I haven't received 
any negative replies so that's what I'll try to push forward.

I'd also like the possibility to open wallets/keyring using different methods. 
Currently only passwords are supported but allowing opening it using a 
smartcard or some biometrics shouldn't be too hard. Another feature I'd 
appreciate is secure synchronization.

Apart from that the focus should be on improving the security. There's 3 major 
parts to it:
- Disallowing other applications to spy on the daemon (eg. by using ptrace())
- Making sure the daemon<->application transport can not be tampered with
- Enforing ACLs so "untrusted applications" can not access secret data.

For a specification the current keyring transport protocol would have to be 
documented to allow other applications to write their own client library. 
However maybe it already is and I just haven't found it :)

Of course all of the above should be discussed so we get a broad range of 
supporting desktops and applications. If you have any ideas or feel I'm going 
the wrong way, please bring it up. I hope I can push some more information 
soon.

Currently my main problem is that I haven't been able to reach Stef Walter, 
the keyring maintainer. His email address no longer works and I currently have 
no means to get in touch with him.

Regards,
Michael

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.freedesktop.org/archives/authentication/attachments/20081017/16d1eef7/attachment.pgp

More information about the Authentication mailing list