Skip to content
/ openaaa Public

Distributed, Authentication, Authorization and Accouting Library based on decentralized trust.

License

Notifications You must be signed in to change notification settings

n13l/openaaa

Repository files navigation

OpenAAA, Open Source Authentication, Authorization and Accouting library

Branch Status Binaries Packages
master Build Status Release Release

Authentication

  • strong mutual authentication using transport layer security
  • strong mutual and anonymous authentication based on decentralized trust
  • channel binding based on standard and well-defined mechanisms
  • upper layers authentication based on keying material exporters [RFC-5705]
  • anonymous authentication, no personal data transfered over channel
  • general extension mechanisms negotiate peers whether to use specific methods
  • supplemental data in the handshake protocol negotiating AAA methods [RFC-4680]
  • TLS re/negotiation is used as signal for the re/authentication
  • no user-credential-related risks

Accounting

  • binding authenticated user context to encrypted session
  • session management attributes and operation tied to secure TLS session
  • secure session negotiations and session resumption are based on TLS
  • no more cookies and other state information on application layer
  • multipple network and/or application layers access same encrypted session
  • single point log off can destroys all authenticated sessions and invalidate crypto material

Authorization

  • unlimited additional upper layer authorization rules using single authenticated user context
  • multipple network and/or application layers access and share same authenticated session

Interoperability

  • strong interoperability with centralized and decentralized trust

TLS authentication based on decentralized trust

  • strong mutual authentication without certificates and centralized authorities

TLS side channel authentication

  • equivalent security as hardware-tokens
  • strong mutual authentication without trusted certificates and CAs

TLS qualities and various attack mitigations features:

  • cipher negotiations
  • session negotiations and session resumption
  • safe renegotiations
  • application-layer protocol negotiation
  • cryptographic integrity
  • confidentiality
  • channel binding using secure channel protocols

Besides AAA on application layer is allways prone to many implementation errors compared to TLS.

Examples

URL References

ID URI
AAA-TLS-SCA https://github.com/n13l/openaaa/blob/master/doc/tls-sca
OPENVPN-RFC5705 https://github.com/OpenVPN/openvpn/blob/master/doc/keying-material-exporter.txt