Skip to content

n13l/openaaa

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

441 Commits

aaa

aaa

 
 

arch

arch

 
 

bbb

bbb

 
 

crypto

crypto

 
 

doc

doc

 
 

etc

etc

 
 

include

include

 
 

mem

mem

 
 

modules

modules

 
 

net

net

 
 

rpm

rpm

 
 

scripts

scripts

 
 

sys

sys

 
 

test

test

 
 

tests

tests

 
 

tools

tools

 
 

vendor

vendor

 
 

.gitignore

.gitignore

 
 

.travis.yml

.travis.yml

 
 

Kbuild

Kbuild

 
 

Kconfig

Kconfig

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

README

README

 
 

README.md

README.md

 
 

defconfig

defconfig

 
 

install-deps.sh

install-deps.sh

 
 

openaaa.dirs

openaaa.dirs

 
 

openaaa.kconfig

openaaa.kconfig

 
 

Repository files navigation

OpenAAA, Open Source Authentication, Authorization and Accouting library

Branch Status Binaries Packages
master Build Status Release Release

Authentication

  • strong mutual authentication using transport layer security
  • strong mutual and anonymous authentication based on decentralized trust
  • channel binding based on standard and well-defined mechanisms
  • upper layers authentication based on keying material exporters [RFC-5705]
  • anonymous authentication, no personal data transfered over channel
  • general extension mechanisms negotiate peers whether to use specific methods
  • supplemental data in the handshake protocol negotiating AAA methods [RFC-4680]
  • TLS re/negotiation is used as signal for the re/authentication
  • no user-credential-related risks

Accounting

  • binding authenticated user context to encrypted session
  • session management attributes and operation tied to secure TLS session
  • secure session negotiations and session resumption are based on TLS
  • no more cookies and other state information on application layer
  • multipple network and/or application layers access same encrypted session
  • single point log off can destroys all authenticated sessions and invalidate crypto material

Authorization

  • unlimited additional upper layer authorization rules using single authenticated user context
  • multipple network and/or application layers access and share same authenticated session

Interoperability

  • strong interoperability with centralized and decentralized trust

TLS authentication based on decentralized trust

  • strong mutual authentication without certificates and centralized authorities

TLS side channel authentication

  • equivalent security as hardware-tokens
  • strong mutual authentication without trusted certificates and CAs

TLS qualities and various attack mitigations features:

  • cipher negotiations
  • session negotiations and session resumption
  • safe renegotiations
  • application-layer protocol negotiation
  • cryptographic integrity
  • confidentiality
  • channel binding using secure channel protocols

Besides AAA on application layer is allways prone to many implementation errors compared to TLS.

Examples

URL References

ID URI
AAA-TLS-SCA https://github.com/n13l/openaaa/blob/master/doc/tls-sca
OPENVPN-RFC5705 https://github.com/OpenVPN/openvpn/blob/master/doc/keying-material-exporter.txt

About

Distributed, Authentication, Authorization and Accouting Library based on decentralized trust.

Topics

tls ssl openvpn authentication http2 accounting authorization apache2 pkcs11 openvpn-plugin

Resources

Readme

License

MIT license
Activity

Stars

11 stars

Watchers

3 watching

Forks

4 forks
Report repository

Releases 1

1.0.1 Latest
Sep 18, 2017

Packages

No packages published

Languages