thentos-cookie-session alternatives and similar packages
Based on the "Authentication" category.
Alternatively, view thentos-cookie-session alternatives based on common mentions on social networks and blogs.
Do you think we are missing an alternative of thentos-cookie-session or a related project?
README
A tool for privacy-preserving identity management (PPIM)
Status
DEPRECATED.
we will release some libraries that have come out of this project in the future. updates on that will be posted here.
Philosophy
Thentos (/'tentɒs/) is the Swiss army knife of web application user management. Its focus is on privacy and decentralization of control. It is actively developed by liquid democracy e.V., a non-profit NGO that has no stakes in user data as a product. It is not designed as a closed platform, but for cooperative and autonomous operation by many independent organisations.
Things we are going to do with the Thentos code base:
use it as a library to offer Twitter or GitHub SSO to your users,
run it as a proxy in front of your application that does all the user management for you (a bit like sproxy, but not restricted to oauth/google+),
run your own PPIM service or connect it to a federated network of PPIM services,
get rid of user data as a liability, and let some trusted third party do authorization and identity management for you,
distribute user information from your corporate legacy databases to your services with minimal exposure.
Architecture overview and code structure
There are several packages in this repository:
thentos-core
: the core package with the base functionality shared by most use cases.thentos-tests
: tests forthentos-core
and common test utility functions for derived Thentos packages as a librarythentos-adhocracy
: integration with adhocracy3thentos-purescript
: UI widgets (not cabal; highly experimental).
A quick walk through the code of thentos-core
:
Thentos.Types: the core types of the Thentos data model.
Thentos.Transaction...: SQL queries with 'EitherT' exceptions.
Thentos.Transaction
implements an abstract API over the database schema. Thentos persistence is based on PostgreSQL.Thentos.Action...: authorization-controlled actions in the
Action
monad. Actions usually involve calling transactions, but also access to randomness, system time, configuration options, and other things.This is where the application logic goes so it can be shared by backend and frontend (see below).
Action
is based onLIO
rather thanIO
and provides information flow as well as authorization control. This makes it possible to, say, write a new REST API dialect in aSafe
module so that the compiler can generate a proof of the adherence to the security policy expressed in the types of the actions.Action
also provides polymorphicStateT
that is used by the frontend for session management.Thentos.Backend...: REST APIs based on servant, wai, warp. Servant allows to organise APIs by features and compose them freely for different deployment scenarios. For example, you can pluck a set of user registration end-points and handlers from
Thentos.Backend.Api.Simple
and use them in an adhocracy-compatible API as an add-on in packagethentos-adhocracy
.Thentos.Frontend...: HTML-based user interface, also based on servant, wai, warp (highly experimental).
This contains a prototype of a user management dashboard that can be used by application owners and users to manage many applications.
(In principle, servant makes it possible to run the same end-points in both backend (delivering JSON) and frontend (delivering HTML) mode based on the content-type header. However, in practice there are many differences: REST APIs are stateless, but HTML-based UIs have sessions; REST APIs serve self-contained pieces of data, but HTML-based UIs deliver pages containing many independent bits of information.)
Other documentation
Installation
Start by cloning the Thentos repository from GitHub.
$ git clone https://github.com/liqd/thentos
$ cd thentos
$ git submodule update --init
You need to have ghc-7.10 and some extra tools installed. On debian, you can do this:
$ sudo bash
# add-apt-repository ppa:hvr/ghc
# apt-get update
# apt-get install ghc-7.10.3 happy-1.19.5 alex-3.1.4 cabal-install-1.22
# apt-get install libpq-dev git
# apt-get install postgresql-client git
# apt-get install xvfb # (for selenium tests; see below).
# apt-get install sox espeak # (for audio captchas).
The hvr-haskell programs go to their own peculiar paths under
/opt/<prog>/<ver>
; you can take a peek at .travis.yml
on how to
extend your PATH
variable.
To run executables or tests, you will need to install PostgreSQL. Depending on your setup, you may need to cast some authorization spells. Here is what works on debian:
$ sudo -u postgres createuser thentos -d
$ echo "alter role thentos superuser" | sudo -u postgres psql
(Instead of thentos
, you can choose your unix login name as postgres
user name and skip setting the shell variable.)
For building the purescript UI code, you will need to install the javascript engine nodejs and its package manager npm:
$ sudo apt-get install nodejs npm
Make sure that nodejs is also found under the name "node", since some of the PureScript install scripts expect that:
ln -s /usr/bin/nodejs /usr/bin/node
Now run the installation script and the tests:
$ ./misc/thentos-install.hs
This will take a while, as it will pull and build a lot of library dependencies.
Note that the tests require selenium to work. If you have no selenium
grid set up, you can either read ./misc/selenium/Makefile
and get it
to work (see there for more details and links to the download page),
or do without that part of the test suite:
$ ./misc/thentos-install.hs -c '--test-options="--skip selenium"'
If you want to use vagrant to run Thentos in a virtual machine, visit https://github.com/tarleb/thentos-vagrant.
If you run into any problems, you can check .travis.yml
for an
up-to-date way of getting all the dependencies installed.
Related work
Please notify us if you want something to be added.
- http://barada.sourceforge.net/
- http://jasig.github.io/cas/
- http://oauth.net/2/
- http://openid.net/connect/
- https://github.com/DeDiS/Dissent
- https://github.com/zalora/sproxy
- http://shibboleth.net/
- http://www.openldap.org/
Contributors
In alphanumerical order. Please let us know if we forgot to add you, or if you would like us to link to your GitHub handle / email.
- Albert Krewinkel
- Andor Penzes
- Andres Löh
- Christian Siefkes
- Florian Hartwig
- Henning Thielemann
- Julian Arni
- Matthias Fischmann
- Nicolas Pouillard
- Robert Vollmert
- Scott Sadler
- Sönke Hahn
If you want to get involved or have any questions, we would love to hear from you! Please also read docs/dev-howtos.md and docs/styleguide.md to learn more about our development practices and our coding guidelines for Haskell.
Future directions
- There are some exciting advances in IFC in Haskell: http://www.cse.chalmers.se/~buiras/hlio/, the mac package.