Initial import.
This commit is contained in:
69
PROJECT.md
Normal file
69
PROJECT.md
Normal file
@@ -0,0 +1,69 @@
|
||||
# MCIAS
|
||||
|
||||
We are building a single-signon and IAM system for personal projects.
|
||||
|
||||
## Background
|
||||
|
||||
The Metacircular Identity and Access System (MCIAS) provides standard
|
||||
tools for user and access management among metacircular and wntrmute
|
||||
systems.
|
||||
|
||||
In particular, the target audience is a single developer building
|
||||
personal apps. It should be easy to use MCIAS to facilitate onboarding
|
||||
friends onto these personal apps.
|
||||
|
||||
MCIAS is a foundational security and identity system. As such, the
|
||||
highest priorities are for security, robustness, and correctness.
|
||||
Performance is secondary, and can be tuned later.
|
||||
|
||||
## Specifications
|
||||
|
||||
+ Applications should be able to either do an interactive login, using a
|
||||
username/password (and potentially a TOTP), or present a token.
|
||||
+ Applications should be able to renew the token, which would nominally
|
||||
expire after some period (defaulting to maybe 30 days).
|
||||
+ There are two kinds of users: human and system accounts.
|
||||
+ System accounts can only present a token; they have a single token
|
||||
associated with that account at a time.
|
||||
+ User accounts have roles associated with them.
|
||||
+ Users with the admin role can issue tokens for any app, or users with
|
||||
the role named the same as a service account can issue tokens for that
|
||||
service account.
|
||||
+ Admin users can also revoke tokens for a service account.
|
||||
+ Service accounts (and users with the a role named the same as the
|
||||
service account) can also retrieve Postgres database credentials for
|
||||
the service account.
|
||||
+ Human accounts should eventually support FIDO logins and Yubikey auth,
|
||||
but the first pass only needs username, password, and optional TOTP.
|
||||
|
||||
## Technical details
|
||||
|
||||
+ User passwords will be stored using scrypt.
|
||||
+ The service account tokens and user/password authentication can be
|
||||
used to obtain a JWT, if that is appropriate.
|
||||
+ All authentication events should be logged.
|
||||
+ This service should use the packages contained in
|
||||
git.wntrmute.dev/kyle/goutils for logging etc.
|
||||
+ The database should be sqlite.
|
||||
+ Modern cryptography should be used. Preference should be given to
|
||||
Ed25519 as the public algorithm for signatures, for example. Consider
|
||||
the use of Argon2 for password hashes.
|
||||
|
||||
## Interfaces
|
||||
|
||||
+ The primary interface will be an REST API over HTTPS. TLS security is
|
||||
critical for this.
|
||||
+ We will also need to build client libraries in several languages
|
||||
later on.
|
||||
+ There should be two command line tools associated with MCIAS:
|
||||
+ mciassrv is the authentication server.
|
||||
+ mciasctl is the tool for admins to create and manage accounts, issue
|
||||
or revoke tokens, and manage postgres database credentials.
|
||||
|
||||
## Notes
|
||||
|
||||
+ We need an explicit security model.
|
||||
+ This is a system for small, personal services. Manual user lifecycle
|
||||
managment is acceptable and expected. Federation is an explicit
|
||||
nongoal.
|
||||
+ Strong testing is a requirement.
|
||||
Reference in New Issue
Block a user