Send in your ideas. Deadline February 1, 2025
logo
hex
Vendor stores
Nix Flake
Grant
Theme fund: NGI0 PET
Period: 2019-08 — 2022-10
More projects like this
Middleware and identity

SASL Works for the InternetWide Architecture

Integrate new authentication mechanisms into SASL

The SASL Works allow clients to use authentication mechanism that meet their requirements, and use it in virtually all protocols, which includes but is not limited to the web. Servers on the other hand, can flexibly adapt to clients from any domain, by backporting authentication inquiries to the client's own realm for the desired level of approval. Once configured, this process frees service providers from the need to manage user accounts and secure storage of credentials. Clients finally get a choice to use strong cryptographic authentication mechanisms instead of being forced to use a site programmer's poor approach to security. This in turn is helpful for setting higher levels of security policies in formal bodies such as organisations and governments, while generally simplifying the user interaction.

Why does this actually matter to end users?

Privacy is a matter of control. When you want to protect your privacy, it does not mean you never tell anyone anything, it means you want to be in control of who you share your personal information with. On the internet a lot of control is taken away from you. The technology that lets you connect to networks all around the world and find information anywhere it is stored is built around identification, both of its users and the virtual places they visit. Unfortunately, many crucial networking standards and protocols were not designed with user privacy in mind, let alone giving them any sense of control over how they can safely identify and authenticate themselves and whoever they want to communicate with on the internet. Secure identification and authentication should be the starting point for your online journey, instead of relying on workarounds and patches that may not cover all the exits.

Remaking the internet to be secure and private by design is what the ARPA2 project has been doing for several years by using and extending existing security standards and developing flexible, simple and reliable identity management solutions for users. Technology developed in the ARPA2 project simplifies and centralizes encryption and integrates state of art authentication and security standards, among other things. These tools help build an internet that "treats its end users as full-blown citizens, and not as milking cows", as the ARPA2 developers explain on their website. Just like other ARPA2 initiatives this project makes existing and proven internet technology more interoperable and usable to better protect users online data and identity on the internet. Users can identify and authenticate themselves more easily (instead of handling different passwords for every site) and securely ( instead of relying on possibly broken identity management tools of third parties) regardless of the service they use, which puts the user back in the driver seat where they belong.

Run by OpenFortress.nl / InternetWide.org

Logo NLnet: abstract logo of four people seen from above Logo NGI Zero: letterlogo shaped like a tag

This project was funded through the NGI0 PET Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825310.