Decentralized Identity and Authentication System

Implementation and ideas

Here are some examples of how DIAS is used or could be used.

Implementations

If you use DIAS for a project of yours, or if you wrote an implementation of a client, agent, etc., feel free to tell me and I will reference your project on this page.

There exists an agent implementation in Python that performs the agent's ticket generation and distribution:

• Receiving ticket requests
• Generating the ticket and sending it back to the requesting address.

The ticket can only be used within a short time after it has been created. Moreover, it will be disabled immediately after the first use.

A command-line client was also written in Python.

Ideas

Although the ideas below are essentialy HTTP-oriented, DIAS is not limited to web applications.

[Server] Web page

A PHP page acting like a mini-website, with the following behavior:

• Showing a welcome message inviting the user to authenticate, and indicating the agent's JID. Setting the appropriate HTML headers, too.
• Displaying a web form, so that the user can provide the ticket.
• Letting the user in, and calling them by their JID to illustrate the authentication success.

[Agent] Ticket generation

A Jabber component instead of a bot, so that the same program instance can operate under several JIDs. This way, a Jabber server can operate a "DIAS agent service" that websites can use if they cannot run their own agent.

[Client] Firefox extension

A Firefox extension that performs semi-automatic authentication on websites. The user simply has to set up their JID (and password if they wish so), and the extension adds a contextual option to forms on DIAS-enabled websites when appropriate. On websites that use DIAS for HTTP authentication, the extension replaces the login/password dialog box with a DIAS-aware one.

It is important to carefully check the relation between the website and the advertised agent's JID before requesting a ticket and sending it to the website. Please refer to the security considerations for more details about the security risks and how to avoid them.

[Client] Ticket requester

A PHP script that:

• lets the user configure their Jabber accounts, and type the JID of a website's agent (or even better, directly the URL of the website, provided it has appropriate HTML/HTTP headers),
• displays VCard information about the agent to discourage agent spoofing,
• requests a ticket to the agent,
• gets the ticket back and display its value on-screen, along with any additional information (expiration date, textual information, direct URL).

Other client ideas include ticket requesters of many kinds:

• Desktop utility (KDE, GNOME, Mac OS X, Windows, etc.), accessible e.g. through the traybar.
• Firefox extension (see above)
• Command-line clients (shell, Perl, Python, etc.).
• Plugins to existing Jabber clients
• others?