kyle/mcias
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f34e9a69a028ac3e38e57ef61dee4af6184125bf
mcias/PROJECT.md
Kyle Isom 7c79d00514 Sync docs: ARCHITECTURE, PROJECT, PROJECT_PLAN 
- ARCHITECTURE.md §12: add mciasdb, mciasgrpcctl, internal/grpcserver,
  proto/, and gen/ to the directory structure diagram
- ARCHITECTURE.md §17: replace buf generate references with protoc;
  the implementation uses protoc + protoc-gen-go + protoc-gen-go-grpc
  invoked via go generate ./... (proto/generate.go)
- PROJECT_PLAN.md §7.1: replace buf.yaml/buf.gen.yaml acceptance
  criteria with the protoc-based go:generate approach actually used
- PROJECT_PLAN.md §7.6: clarify that gen/ is committed to the repo
  (not gitignored); only the binary /mciasgrpcctl is excluded
- PROJECT.md: replace scrypt with Argon2id (the actual algorithm);
  remove the redundant Argon2 suggestion line
2026-03-11 14:44:08 -07:00

70 lines
2.8 KiB
Markdown
Raw Blame History

# MCIAS
We are building a single-signon and IAM system for personal projects.
## Background
The Metacircular Identity and Access System (MCIAS) provides standard
tools for user and access management among metacircular and wntrmute
systems.
In particular, the target audience is a single developer building
personal apps. It should be easy to use MCIAS to facilitate onboarding
friends onto these personal apps.
MCIAS is a foundational security and identity system. As such, the
highest priorities are for security, robustness, and correctness.
Performance is secondary, and can be tuned later.
## Specifications
+ Applications should be able to either do an interactive login, using a
username/password (and potentially a TOTP), or present a token.
+ Applications should be able to renew the token, which would nominally
expire after some period (defaulting to maybe 30 days).
+ There are two kinds of users: human and system accounts.
+ System accounts can only present a token; they have a single token
associated with that account at a time.
+ User accounts have roles associated with them.
+ Users with the admin role can issue tokens for any app, or users with
the role named the same as a service account can issue tokens for that
service account.
+ Admin users can also revoke tokens for a service account.
+ Service accounts (and users with the a role named the same as the
service account) can also retrieve Postgres database credentials for
the service account.
+ Human accounts should eventually support FIDO logins and Yubikey auth,
but the first pass only needs username, password, and optional TOTP.
## Technical details
+ User passwords will be stored using Argon2id (PHC format), meeting
OWASP 2023 recommended parameters (time=3, memory=64 MiB, threads=4).
+ The service account tokens and user/password authentication can be
used to obtain a JWT, if that is appropriate.
+ All authentication events should be logged.
+ This service should use the packages contained in
git.wntrmute.dev/kyle/goutils for logging etc.
+ The database should be sqlite.
+ Modern cryptography should be used. Preference should be given to
Ed25519 as the public algorithm for signatures, for example.
## Interfaces
+ The primary interface will be an REST API over HTTPS. TLS security is
critical for this.
+ We will also need to build client libraries in several languages
later on.
+ There should be two command line tools associated with MCIAS:
+ mciassrv is the authentication server.
+ mciasctl is the tool for admins to create and manage accounts, issue
or revoke tokens, and manage postgres database credentials.
## Notes
+ We need an explicit security model.
+ This is a system for small, personal services. Manual user lifecycle
managment is acceptable and expected. Federation is an explicit
nongoal.
+ Strong testing is a requirement.
Reference in New Issue View Git Blame Copy Permalink