Skip to content

UnlimitID: Privacy-Preserving Federated Identity Management using Algebraic MACs

License

Notifications You must be signed in to change notification settings

moullos/UnlimitID

Repository files navigation

UnlimitID

Coverage Status

Privacy-Preserving Federated Identity Management using Algebraic MACs

UnlimitID is a method for enhancing the privacy of commodity OAuth and applications such as OpenID Connect, using anonymous attribute-based credentials based on algebrai Message Authentication Codes (aMACs). OAuth is one of the most widely used protocols on the Web, but it exposes each of the requests of a user for data by each relying party (RP) to the identity provider (IdP). Our approach allows for the creation of multiple persistent and unlinkable pseudo- identities and requires no change in the deployed code of relying parties, only in identity providers and the client.

Full version of the paper published at WPES 2016 is available at http://www0.cs.ucl.ac.uk/staff/G.Danezis/papers/UnlimitID_WPES16.pdf

Features

This repository includes 2 flask applications. UnlimitID/IdP is build upon flask-oauthlib and provides all the typical OAuth2 endpoints along with two additional endpoints providing the necessary anonymous credentials and exposing the IdP's public parameters. UnlimitID/User provides all the out-of-band functionality preluding an UnlimitID flow. A demo version of the IdP can be found here.

As both packages use petlib install the necessary libraries before attemping to run UnlimitID.

Running the identity provider

The easiest way to run the identity provider is through docker:

  1. Get the latest container
$ docker pull unlimitid/idp:latest
  1. Run it!
$ docker run -p 80:80 -d unlimitid/idp:latest

If you prefer to build the container on your own:

  1. Clone the repository
$ git clone https://github.com/moullos/UnlimitID.git
  1. Change directory
$ cd UnlimitID
  1. Build the container
$ docker build -t your_tag_here . 

If you don't want to use docker:

  1. Clone the repository
$ git clone https://github.com/moullos/UnlimitID.git
  1. Change directory
$ cd UnlimitID
  1. Create a virtual env
$ virtualenv env

and activate it

$ source env/bin/activate
  1. Install the package
$ pip install .
  1. Use the run_IdP.py
$ python run_IdP.py

Running the user

In order for the user to run, an IdP must also be running in order for the user to obtain up-to-date parameters

  1. Clone the repository
$ git clone https://github.com/moullos/UnlimitID.git
  1. Change directory
$ cd UnlimitID
  1. Create a virtual env
$ virtualenv env

and activate it

$ source env/bin/activate
  1. Install the package
$ pip install .
  1. Use the run_user.py
$ python run_user.py

Note: If you are running more than 1 components of the system locally, make sure that their cookies are isolated.

Running the tests

Just install and run tox after installing the package

  1. Install tox
$ pip install tox
  1. Run it!
$ tox

About

UnlimitID: Privacy-Preserving Federated Identity Management using Algebraic MACs

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published