incubator-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Incubator Wiki] Update of "OpenMiraclProposal" by niq
Date Wed, 02 Dec 2015 22:58:58 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Incubator Wiki" for change notification.

The "OpenMiraclProposal" page has been changed by niq:
https://wiki.apache.org/incubator/OpenMiraclProposal?action=diff&rev1=3&rev2=4

- = Project Proposal: OpenMiracl =
+ = Project Proposal: Milagro =
  == Abstract ==
- OpenMiracl is a distributed cryptosystem for cloud computing. Its purpose is to provide
an open source alternative to proprietary key management and certificate backed cryptosystems
used for secure communication and authentication. The adoption of OpenMiracl will create a
secure, free, open source alternative to monolithic certificate authorities and eliminate
single points of failure.
+ Milagro is a distributed cryptosystem for cloud computing. Its purpose is to provide an
open source alternative to proprietary key management and certificate backed cryptosystems
used for secure communication and authentication. The adoption of Milagro will create a secure,
free, open source alternative to monolithic certificate authorities and eliminate single points
of failure.
  
  == Background ==
  The Cloud Computing industry is using 40-year-old cryptographic algorithms and infrastructure,
invented for a different era when client-server computing was the dominant paradigm. At the
heart of it, is the continued reliance on outdated, and problematic, monolithic cryptographic
trust hierarchies such as commercial certificate authorities.
@@ -28, +28 @@

  The rate of attacks against certificate authorities seems to be [increasing](http://wiki.cacert.org/Risk/History)
as the obvious single point of compromise design inherent to PKI is becoming a more popular
route to carry out attacks.
  
  == Proposal ==
- OpenMiracl is an open source, pairing-based cryptographic platform to solve key management,
secure communications, data governance and compliance issues that are challenging Cloud Providers
and their customers.
+ Milagro is an open source, pairing-based cryptographic platform to solve key management,
secure communications, data governance and compliance issues that are challenging Cloud Providers
and their customers.
  
  It does this without the need for certificate authorities, putting into place a new category
of service providers called Distributed Trust Authorities (D-TA's).
  
- The M-Pin protocol, and its existing open-source MIRACL implementation on which OpenMiracl
will build, are already in use by Experian, NTT, Odin, Gov.UK and are being rolled out at
scale for zero password multi-factor authentication and certificate-less HTTPS / secure channel.
+ The M-Pin protocol, and its existing open-source MIRACL implementation on which Milagro
will build, are already in use by Experian, NTT, Odin, Gov.UK and are being rolled out at
scale for zero password multi-factor authentication and certificate-less HTTPS / secure channel.
  
- It is proposed that OpenMiracl enter incubation at Apache.  At the same time, a draft standard
for M-Pin has been prepared for submission to IETF.  The standards process at IETF and the
platform implementation at Apache will run in parallel.
+ It is proposed that Milagro enter incubation at Apache.  At the same time, a draft standard
for M-Pin has been prepared for submission to IETF.  The standards process at IETF and the
platform implementation at Apache will run in parallel.
  
  === Why Pairing-Based Cryptography, why now? ===
  Over the last decade, pairings on elliptic curves have been a very active area of research
in cryptography. Pairings map pairs of points on an elliptic curve into the multiplicative
group of a finite field. Their unique properties have enabled many new cryptographic protocols
that had not previously been feasible.
@@ -51, +51 @@

  
  The difference between this new world of Distributed Trust Authorities and the current PKI
system will be a landscape that provides secure ease-of-use encryption and authentication,
does not rely upon a single trusted third party, and yet allows for limited key escrow subject
to an end customer's requirement.
  
- === OpenMiracl ===
+ === Milagro ===
- The OpenMiracl libraries and tools consist of:
+ The Milagro libraries and tools consist of:
  
   * Distributed Key Management Service API
   * Distributed Key Management CLI
@@ -65, +65 @@

     * M-Pin-in-Javascript Libraries for Browsers
    * Cloud Encryption Gateway (under nascent development)
    * Distributed Trust Authority Crypto App
-   * Generic OpenMiracl for IoT cryptographic library
+   * Generic library for IoT cryptographic library
+ 
+ The startingpoint for these is the existing MIRACL library and tools at http://github.com/Certivox/
  
  === Distributed Trust Authorities ===
- The OpenMiracl project introduces a service concept called a Distributed Trust Authority,
to replace either single-authority certificates or public key infrastructure.
+ The Milagro project introduces a service concept called a Distributed Trust Authority, to
replace either single-authority certificates or public key infrastructure.
  
  The D-TA splits the functions of a pairing-based key generation server into three services
issuing thirds of private keys to distinct identities. The shares of the private keys, received
by Crypto App clients or Distributed Key Management Endpoints, become the only entities that
possess any knowledge of the whole key created from the shares.
  
@@ -88, +90 @@

  The D-KMS Endpoints are server operating systems with D-KMS Endpoint software installed.
The D-KMS Endpoint software, in conjunction with the D-KMS CLI, has the appropriate pairing-based
cryptographic keys to be able to de-encapsulate secrets and keys received from the D-KMS API.
These de-encapsulated secrets and keys can be stored, distributed or used in Crypto Applications,
such as M-Pin Authentication, Secure Channel or Encryption Gateway.
  
  === SD-DSM / Crypto Applications ===
- Software Defined Distributed Security Modules, otherwise known as Crypto Applications "Crypto
Apps" get compiled from source files on-demand. Crypto App source files will be hosted on
major public repositories such as [[GitHub|Github]] and Apache.
+ Software Defined Distributed Security Modules, otherwise known as Crypto Applications "Crypto
Apps" get compiled from source files on-demand. Crypto App source files will be hosted on
major public repositories such as Github and Apache.
  
  Crypto Applications are scaled across the datacenter through the D-KMS API in conjunction
with orchestration tools such as Apache Mesos and consume the de-encapsulated secrets and
keys.
  
@@ -112, +114 @@

  ==== Cloud Encryption Gateway ====
  Many proprietary solutions have appeared on the information security market to solve data
governance issues about securing data in the cloud with encryption keys managed by an end
customer. To date, most of these solutions involve purchasing hardware or virtualized appliances
to run in an end customer's datacenter, with nothing more delivered than a single encryption
key under control of the end customer, performing sub-optimum deterministic encryption on
data sent to the cloud.
  
- OpenMiracl's Cloud Encryption Gateway will be a virtualized or container based software,
deployed in an end customer's environment. This CEG will exploit pairing-based capabilities
such as attribute-based encryption (anyone in possession of the correct set of attributes
can decrypt) and, more generally, predicate-based encryption (anyone in possession of the
right set of attributes and a decryption key corresponding to a particular predicate can decrypt).
+ Milagro's Cloud Encryption Gateway will be a virtualized or container based software, deployed
in an end customer's environment. This CEG will exploit pairing-based capabilities such as
attribute-based encryption (anyone in possession of the correct set of attributes can decrypt)
and, more generally, predicate-based encryption (anyone in possession of the right set of
attributes and a decryption key corresponding to a particular predicate can decrypt).
  
  Doing so increases the flexibility of the solution by being enabled to address data residency
and governance requirements such as geo-location while allowing key management and rotation
protocols to be enforced.
  
  == Rationale ==
  The benefits of a strong authentication, secure channel and cloud encryption via an identity
framework for people and things are self-evident, and the plethora of homebrew proprietary
solutions and password nightmares seen today is clear evidence of a need for better solutions.
  
- OpenMiracl's distributed trust model is particularly attractive, by virtue of dispensing
with need for (and potential for abuse of) any central trust authority without requiring sophistication
- such as understanding a Web of Trust - from end users.
+ Milagro's distributed trust model is particularly attractive, by virtue of dispensing with
need for (and potential for abuse of) any central trust authority without requiring sophistication
- such as understanding a Web of Trust - from end users.
  
  A move to incubation at Apache will help the community to grow and take on new members in
an environment that guarantees open development and protection of participants.
  
  This is particularly relevant right now as a second corporate team, NTT Data, with its own
culture joins as core developers. For the outside world, it offers the strong promise of openness.
  
  == Initial Goals ==
- OpenMiracl will seek to integrate the existing projects at [[CertiVox|Certivox]] (now MIRACL)
and NTT, and will invite participation from a nascent broader community evidenced by the core
MIRACL library's 65 watchers and 29 forks at Github.
+ Milagro will seek to integrate the existing projects at Certivox (now MIRACL) and NTT, and
will invite participation from a nascent broader community evidenced by the core MIRACL library's
65 watchers and 29 forks at Github.
  
- As well as looking to broaden direct participation, it will seek synergies with relevant
Apache projects, for example by providing OpenMiracl plugins for HTTPD and Trafficserver.
+ As well as looking to broaden direct participation, it will seek synergies with relevant
Apache projects, for example by providing Milagro plugins for HTTPD and Trafficserver.
  
  The initial software products will be the current standing M-Pin Core platform, client libraries
and the SD-DSM and Distributed Key Management API and client CLI (as noted above).
  
  == Current Status ==
- [[CertiVox|Certivox]] (now MIRACL) has developed open source software at [[GitHub|Github]]
since 2014, though the core MIRACL library goes back much further. Projects currently at [[GitHub|Github]]
include the M-Pin Authentication Platform and the MIRACL cryptographic libraries under BSD-Clause-3
and AGPL licenses.
+ Certivox (now MIRACL) has developed open source software at Github since 2014, though the
core MIRACL library goes back much further. Projects currently at Github include the M-Pin
Authentication Platform and the MIRACL cryptographic libraries under BSD-Clause-3 and AGPL
licenses.
  
  These have attracted both community and corporate interest taking them beyond the realm
of a single-company project, with NTT being the second corporate team to take a substantial
part in development.  The project now seeks to transition smoothly to a full Open Development
model.
  
- The core team at [[CertiVox|Certivox]] (now MIRACL) is geographically dispersed and developers
are well-accustomed to using online infrastructure and tools for their everyday work.  The
team at NTTi3 and NTT DATA and other contributing developers are included amongst the initial
committers.
+ The core team at Certivox (now MIRACL) is geographically dispersed and developers are well-accustomed
to using online infrastructure and tools for their everyday work.  The team at NTTi3 and NTT
DATA and other contributing developers are included amongst the initial committers.
  
  In addition to MIRACL operating a community D-TA, NTT, Experian and Dimension Data have
all agreed to host no-charge community D-TAs.  Other cloud providers are considering and have
been engaged. An open source platform from which to offer these services is a necessary component
to finalizing and launching community D-TA's.
  
@@ -147, +149 @@

  It is hoped that incubation at Apache will help with this broadening, by providing a widely-recognised
and well-understood framework for working collaboratively, growing communities, and protecting
contributors.
  
  == Core Developers ==
- Dr. Michael Scott, Chief Cryptographer at [[CertiVox|Certivox]] (now MIRACL), has been a
major open source and standards contributor to the field of elliptic curve cryptography for
over twenty-five years.
+ Dr. Michael Scott, Chief Cryptographer at Certivox (now MIRACL), has been a major open source
and standards contributor to the field of elliptic curve cryptography for over twenty-five
years.
  
  Others include
  
  === Existing team at Certivox/MIRACL: ===
   . Patrick Hilt - CTO
-  Kealan [[McCusker|Mccusker]] - Cryptographer
+  . Kealan Mccusker - Cryptographer
   . Stanislav Mihaylov - Architect
   . Simeon Aladhem - Developer
  
@@ -165, +167 @@

   . Nick Kew - Developer
  
  == Alignment: ==
- Whereas OpenMiracl has no track record of its own, the [[CertiVox|Certivox]] (now MIRACL)
team have been working on related projects at Github.  Being geographically diverse, the team
is well-accustomed to day-to-day working in a similar environment to Apache and with similar
tools and processes. The anticipated role of Apache is to help the community to grow without
fragmentation of communities, code, or intellectual property.
+ Whereas Milagro has no track record of its own, the Certivox (now MIRACL) team have been
working on related projects at Github.  Being geographically diverse, the team is well-accustomed
to day-to-day working in a similar environment to Apache and with similar tools and processes.
The anticipated role of Apache is to help the community to grow without fragmentation of communities,
code, or intellectual property.
  
- We are not aware of any link with existing Apache projects.  However, it is likely that
several Apache projects may be interested in working with OpenMiracl to provide distributed
identity services.  Plugins for HTTPD and Trafficserver are already anticipated.
+ We are not aware of any link with existing Apache projects.  However, it is likely that
several Apache projects may be interested in working with Milagro to provide distributed identity
services.  Plugins for HTTPD and Trafficserver are already anticipated.
  
  == Known Risks ==
  === Orphaned products ===
- OpenMiracl is at the core of [[CertiVox|Certivox]] (now MIRACL)'s business and important
to NTT, Experian, and other platform adopters who are in the process of coming online.
+ Milagro, as successor to the existing MIRACL and M-Pin software at github, is at the core
of Certivox (now MIRACL)'s business and important to NTT, Experian, and other platform adopters
who are in the process of coming online.
  
  Interest, and with it both developer and user communities, are expected to grow strongly.
 There is little risk of the project losing momentum in the foreseeable future.
  
@@ -181, +183 @@

  We hope that incubation at Apache may help the teams collaborate in an environment of mutual
benefit, as well as attract independent developers to play a full part.
  
  === Homogenous Developers. ===
- The established corporate teams are dispersed across several European countries and Japan.
 Prospective developers (whose companies are interested in OpenMiracl) are located in other
countries, and we anticipate a global community.
+ The established corporate teams are dispersed across several European countries and Japan.
 Prospective developers (whose companies are interested in Milagro) are located in other countries,
and we anticipate a global community.
  
  === Reliance on Salaried Developers ===
  Most of the initial committers are salaried developers from the core corporate teams.  Github
activity, including 29 forks of the Miracl library, indicates wider community interest, and
it is hoped that the developer community will grow substantially at Apache.
@@ -193, +195 @@

  See Alignment above.
  
  == Documentation ==
- OpenMiracl derives from Certivox's existing M-Pin, MIRACL and associated tools at github.com/Certivox/
Documentation at http://docs.certivox.com/ may also inform and feed into the OpenMiracl project.
+ Milagro derives from Certivox's existing M-Pin, MIRACL and associated tools at github.com/Certivox/
Documentation at http://docs.certivox.com/ may also inform and feed into the Milagro project.
  
  == Initial Source and Intellectual Property ==
- As soon as OpenMiracl is accepted into the Incubator, [[CertiVox|Certivox]] (now MIRACL)
will transfer the source code and trademark to the ASF with a Software Grant, and licensed
under the Apache License 2.0. Certivox/MIRACL retains rights to its existing MIRACL mark.
+ As soon as Milagro is accepted into the Incubator, Certivox (now MIRACL) will transfer the
source code and trademark to the ASF with a Software Grant, and licensed under the Apache
License 2.0. Certivox/MIRACL retains rights to its existing MIRACL mark.
  
  == External Dependencies ==
  There are no external dependencies and all software is under the sole ownership of Certivox/MIRACL.
@@ -213, +215 @@

  
  Git repository (to mirror existing github repo)
  
-  * https://git-wip-us.apache.org/repos/asf/incubator-openmiracl.git
+  * https://git-wip-us.apache.org/repos/asf/incubator-milagro.git
  
  Issue Tracking
  
   * JIRA repository to be requested
  
  ==== Trust Authority Service ====
- The podling would like to request a VM at "ta.openmiracl[.incubator].apache.org" with which
to run a Community Trust Authority.  It is anticipated that this will serve as a test facility
for developers and may become a Trust Authority for the community of ASF committers.
+ The podling would like to request a VM at "ta.milagro[.incubator].apache.org" with which
to run a Community Trust Authority.  It is anticipated that this will serve as a test facility
for developers and may become a Trust Authority for the community of ASF committers.
  
  == Initial Committers ==
   * Akira Nagai             (NTT)
@@ -229, +231 @@

   * Genoveffa Pagano        (Certivox/MIRACL)
   * Go Yamamoto             (NTT)
   * Jordan Katserov         (Certivox/MIRACL)
-  * Kealan [[McCusker|Mccusker]]         (Certivox/MIRACL)
+  * Kealan Mccusker         (Certivox/MIRACL)
   * Kenji Takahishi         (NTT)
   * Michael Scott           (Certivox/MIRACL)
   * Milen Rangelove         (Certivox/MIRACL)

---------------------------------------------------------------------
To unsubscribe, e-mail: cvs-unsubscribe@incubator.apache.org
For additional commands, e-mail: cvs-help@incubator.apache.org


Mime
View raw message