What does our architecture offer?
Security. The use of accounts with passwords in many places has a strong ad-hoc nature, and should be corrected. Instead, mechanisms that use cryptography give a much stronger security basis than we currently have. And it could be setup such that one central login provides access to all systems, referred to as single sign-on. We are concretely talking of Kerberos, OpenPGP and TLS/SSL.
Identity. Having just one identity, of the form email@example.com, and using it everywhere is not only pleasant for users, it is also what most protocols were designed to offer. Combining this with single sign-on leads to a very good user experience. It is in fact useful to setup multiple identities, each dealing with a clearly identified role or aspect of a person or company. Since each of these identities is domain-bound, they are unique identifiers that can be used everywhere on the Internet. These identities can be used in various protocols: email, chat, telephony, presence, blogging, media streaming, file sharing, and so on.
Trust. Having a internet-wide unique identifier is one thing, but how can remote sites establish a trust relation on it? There are various technologies that make this possible. Some of these center on worldwide accessibility (OpenID, OAuth, Mozilla Persona, Moonshot) and can be provisioned based on the local single sign-on system. Others wil be created for trust between local and remote identities (or roles) through explicitly configured links (Kerberos cross-domain) which will feature a system for introductions.
Communities. Based on trust between individual participants, a possibility forms to construct communities where users may co-operate, share information and permit access to resources. This is as general as it is abstract; the idea of groups collaborating can be filled in by many unique application, and we aim to support this in as general a manner as possible -- without the tracking and tracing that are so often related to such services.
Privacy. Ecnryption is built into many protocols, and is relatively simple. What makes it difficult is the key management to do it well. We integrate this with the trust system that we are designing, and make public key material publicly available over mechanisms like DNS and LDAP. Credentials will be supported for OpenPGP and PKIX / X.509. Their publication will be protected with DNSSEC, DANE, TLS and SASL.
Pluggability. Classical hosting providers tend to package their services into small, medium and large packages. The architecture however, is largely the same, and there is no ability to add services. We intend to provide hosting providers with easy-to-add plugins, as well as a mechanism that is open to external plugins that may or may not be also provided by the hosting provider. In the end, the end user decides what components to plug into their domain. This gives end users great control over their online presence, while offerint hosting providers more freedom to specialise on plugin components that distinguish them.
Read more about...
- ...our mission
- ...how we are breaking through the technology impasse
- ...what our architecture offers
- ...what new technologies we are considering
- ...the link to concrete projects
- ...how to contact us