Send in your ideas. Deadline June 1, 2024
Source code :
Theme fund: NGI0 Entrust
Start: 2022-10
More projects like this
Middleware and identity


Privacy-enabling account management and SSO solution

The overall goal of the Charon project is to build a privacy-enabling account management and SSO solution. For end-users, Charon will allow aggregating multiple existing authenticators (Facebook, Google, etc.) in one place and managing different (and potentially multiple) identities exposed to apps. Apps will not have to worry about user management. And admins of communities using those apps will be able to manage all users in one place, with tools to address abuse.

Why does this actually matter to end users?

It may come as no surprise that multi-user apps (e.g. video-conference or office software ‘in the cloud’), require user management: creating accounts, updating passwords, adding people to their appropriate teams/groups, and so forth.

For developers of such apps, implementing user management can be tedious and error prone. Many developers therefore instead choose to delegate authentication to big, centralised service providers like Google or Facebook: you have likely seen those “Log in with …” buttons around the web. This also provides convenience for users, who have less separate passwords to keep track of.

However, this delegation comes at a notably high cost: such providers do not provide their service with user empowerment and privacy in mind. Every time you open an app that you logged in to via the “Log in with X” button, that provider X will be informed that you did so, must be available at that moment, and might even block you from logging in because they disabled your account for whichever reason.

Charon is a novel open source solution that isn’t focused on replicating enterprise solutions, but instead aims to provide good separation of concerns and responsibilities between involved parties (users, apps, communities of users using apps, and community admins), while enabling more privacy for users (e.g., they can decide if they want to reveal their real identity).

Charon essentially means less work for app developers, who only need to deal with a single identity system (based on OpenID Connect) while providing many options to the user for logging in, switching accounts, and selecting what data to share with an app. It also means less complex and cumbersome work for admins (who can manage all users across multiple apps in one place, including any abuse).

Charon targets self-hosted apps but the project can also power central public instances hosted for commercial purposes, to ease adoption and provide an user-empowering outsourced alternative.

Run by Layer8

Logo NLnet: abstract logo of four people seen from above Logo NGI Zero: letterlogo shaped like a tag

This project was funded through the NGI0 Entrust Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101069594.