... | ... | @@ -40,7 +40,7 @@ but each system must be designed for a specific need, so: |
|
|
|
|
|
Federation means:
|
|
|
* The federated server operator has control over its users
|
|
|
* The architecture is hierarchal
|
|
|
* The architecture is hierarchical
|
|
|
* only really used services and domains need to scale up, not the whole network.
|
|
|
* the end user uses only the bandwidth/disk space, cpu for its requirements.
|
|
|
* protocol-level interoperability between different organizations.
|
... | ... | @@ -54,9 +54,9 @@ In short, federation is easier, gives the operator more control, but can still b |
|
|
|
|
|
## The downside:
|
|
|
|
|
|
The only downside of the Fenrir federation is that your main server can impersonate you when connecting to **new** other services.
|
|
|
The only downside of the Fenrir federation is that your main server can impersonate you when connecting to **new** other services. That is, the server can create accounts on your behalf.
|
|
|
|
|
|
This means that if you already logged in somewhere, your authentication server can _not_ impersonate you there.
|
|
|
But once you log into somewhere, your authentication server can _not_ impersonate you there.
|
|
|
|
|
|
# The Fenrir Way
|
|
|
|
... | ... | @@ -67,6 +67,6 @@ I have chosen a very flexible design. It is federated based, but **this does not |
|
|
The problem for your distributed environment will now be the distribution and verification of the public keys. There are numerous ways to solve this, each has its own strengths and weaknesses.
|
|
|
Just get the ip, public key, and you are done, you can use Fenrir just like SSL/TLS today.
|
|
|
|
|
|
Of course, I still recommend designing a federated system that grants security and privacy to the end users, maybe as opensource as possible, so that people who do not want to trust anyone else can still run their own servers.
|
|
|
Of course, I still recommend designing a federated system that grants security and privacy to the end users, as opensource as possible, so that people who do not want to trust anyone else can still run their own servers.
|
|
|
|
|
|
Since federation is easier, you can then concentrate on the features of your system, and not on the technical details of its distribution. |
|
|
\ No newline at end of file |
|
|
Since federation is easier, you can then concentrate yourself on the features of your system, and not on the technical details of its distribution. |
|
|
\ No newline at end of file |