Rick van Rein

Fri 24 June 2016


Tetralogy of a Free Internet

InternetWide is a large project, subdivided into four phases. This article explains our grand plan, of which phase #1 is about to finish.

Our mission

We have made it our mission to construct novel software that enables end users to take back control over their online presence. This has disruptive impact in the areas of security and privacy, but also the ability to easily add hosted services to their online presence, and keep full control over them.

The way we do this is through concrete projects that really zoom into the technical details, always using open standards and where we see an opportunity we donate back with further advancements in these standards. The software that helps the Internet to place end users central is published as open source.

We realise that our work is highly disruptive to the economy-driven Internet of today, and though we do not fear for people earning an income, we do believe it should never be at the end user's expense.

Our Tetralogy (a story in four parts)

We are currently approaching the roll-out of our first phase in alpha software. After that, we intend to continue, but building open source software does make us dependent on independent funding. So, if you think we can help you then please consider helping us to do this for the Internet!

The four phases are:

  1. SecureHub builds a number of basic security mechanisms; we have identified a need for the following concrete projects:

    • TLS Pool is a local-machine service for an extensive TLS implementation. It is contacted by applications, which the TLS Pool relieves of everything security-related; the application designer can simply think in terms of his application's logic and handle remote parties in terms of their (validated) identities. The infrastructure is so simple that TLS can be added to an application in less than an hour!

    • SteamWorks is a configuration framework that spans networks. It is geared towards central management of the TLS Pool through provisioning, though it is general and could be used for many more things. In later phases of the InternetWide project, we will use it to configure hosted services that can be plugged in from a independent service provider, for instance.

    • TLS-KDH is a new mode of using TLS connections, built into the TLS Pool. It combines Kerberos authentication with the strongest (ECDHE) security possible. This is original research and part of a major standardisation effort to allow anyone to use it. Our research has indicated that Kerberos, being a centrally managed single sign-on system, is the most probable mechanism of connecting the Internet in a secure manner. To do this, later phases are planned to expand Kerberos with realm crossover and pseudonymity for privacy.

  2. IdentityHub constructs hosted identity management. This provides a central management interface for identities including such advanced facilities as groups and pseudonyms and the infrastructure for realm crossover which basically means that you login locally, once a day, and then bring your own identity (BYOID) to whatever remote service you visit. We are even considering to integrate commonly used authorisation technologies like SAML in the mix. Finally, the end user will be able to publish precisely those bits of information that he desires about himself or his online actions over automated protocols such as the web and LDAP; with such access control just as he pleases.

  3. ServiceHub is a hosting environment split into an identity component (centered around the IdentityHub) and plugin services that can be pulled in from anywhere. It will be possible to create markets of freely exchangeable service plugins across hosting provider boundaries. The result will be that services can specialise, and move on a free market. This is quite different from the current model that uses LAMP as a least common denominator but that brings users nothing in terms of hosted functionality, unless it is run over the web from insecure scripts, with a misunderstood protocol leading to ineffective architectures in which there is a great lack of proper security practices.

  4. SocialHub is the last phase, and the least developed. We intend to make the network itself into a social network. This very specifically means that we drop the dependency on the web protocol, which has the downside of making us dependent on a services hosted by some party that we may or may not want to rely on. Not having to make that choise is the main interest of this last project phase for InternetWide.

We are currently collecting funds for phase 2, and you are quite welcome to contact us if you think we have a shared interest.

Go Top