thentos-cookie-session alternatives and similar packages

A tool for privacy-preserving identity management (PPIM)

Status

DEPRECATED.

we will release some libraries that have come out of this project in the future. updates on that will be posted here.

Philosophy

Thentos (/'tentɒs/) is the Swiss army knife of web application user management. Its focus is on privacy and decentralization of control. It is actively developed by liquid democracy e.V., a non-profit NGO that has no stakes in user data as a product. It is not designed as a closed platform, but for cooperative and autonomous operation by many independent organisations.

Things we are going to do with the Thentos code base:

• use it as a library to offer Twitter or GitHub SSO to your users,

• run it as a proxy in front of your application that does all the user management for you (a bit like sproxy, but not restricted to oauth/google+),

• run your own PPIM service or connect it to a federated network of PPIM services,

• get rid of user data as a liability, and let some trusted third party do authorization and identity management for you,

• distribute user information from your corporate legacy databases to your services with minimal exposure.

Architecture overview and code structure

There are several packages in this repository:

• thentos-core: the core package with the base functionality shared by most use cases.

• thentos-tests: tests for thentos-core and common test utility functions for derived Thentos packages as a library

• thentos-adhocracy: integration with adhocracy3

• thentos-purescript: UI widgets (not cabal; highly experimental).

A quick walk through the code of thentos-core:

• Thentos.Types: the core types of the Thentos data model.

• Thentos.Transaction...: SQL queries with 'EitherT' exceptions. Thentos.Transaction implements an abstract API over the database schema. Thentos persistence is based on PostgreSQL.

• Thentos.Action...: authorization-controlled actions in the Action monad. Actions usually involve calling transactions, but also access to randomness, system time, configuration options, and other things.

  This is where the application logic goes so it can be shared by backend and frontend (see below). Action is based on LIO rather than IO and provides information flow as well as authorization control. This makes it possible to, say, write a new REST API dialect in a Safe module so that the compiler can generate a proof of the adherence to the security policy expressed in the types of the actions.

  Action also provides polymorphic StateT that is used by the frontend for session management.

• Thentos.Backend...: REST APIs based on servant, wai, warp. Servant allows to organise APIs by features and compose them freely for different deployment scenarios. For example, you can pluck a set of user registration end-points and handlers from Thentos.Backend.Api.Simple and use them in an adhocracy-compatible API as an add-on in package thentos-adhocracy.

• Thentos.Frontend...: HTML-based user interface, also based on servant, wai, warp (highly experimental).

  This contains a prototype of a user management dashboard that can be used by application owners and users to manage many applications.

  (In principle, servant makes it possible to run the same end-points in both backend (delivering JSON) and frontend (delivering HTML) mode based on the content-type header. However, in practice there are many differences: REST APIs are stateless, but HTML-based UIs have sessions; REST APIs serve self-contained pieces of data, but HTML-based UIs deliver pages containing many independent bits of information.)

Other documentation

• haddock, servant-docs, SourceGraph

Installation

Start by cloning the Thentos repository from GitHub.

$ git clone https://github.com/liqd/thentos
$ cd thentos
$ git submodule update --init

You need to have ghc-7.10 and some extra tools installed. On debian, you can do this:

$ sudo bash
# add-apt-repository ppa:hvr/ghc
# apt-get update
# apt-get install ghc-7.10.3 happy-1.19.5 alex-3.1.4 cabal-install-1.22
# apt-get install libpq-dev git
# apt-get install postgresql-client git
# apt-get install xvfb  # (for selenium tests; see below).
# apt-get install sox espeak  # (for audio captchas).

The hvr-haskell programs go to their own peculiar paths under /opt/<prog>/<ver>; you can take a peek at .travis.yml on how to extend your PATH variable.

To run executables or tests, you will need to install PostgreSQL. Depending on your setup, you may need to cast some authorization spells. Here is what works on debian:

$ sudo -u postgres createuser thentos -d
$ echo "alter role thentos superuser" | sudo -u postgres psql

(Instead of thentos, you can choose your unix login name as postgres user name and skip setting the shell variable.)

For building the purescript UI code, you will need to install the javascript engine nodejs and its package manager npm:

$ sudo apt-get install nodejs npm

Make sure that nodejs is also found under the name "node", since some of the PureScript install scripts expect that:

ln -s /usr/bin/nodejs /usr/bin/node

Now run the installation script and the tests:

$ ./misc/thentos-install.hs

This will take a while, as it will pull and build a lot of library dependencies.

Note that the tests require selenium to work. If you have no selenium grid set up, you can either read ./misc/selenium/Makefile and get it to work (see there for more details and links to the download page), or do without that part of the test suite:

$ ./misc/thentos-install.hs -c '--test-options="--skip selenium"'

If you want to use vagrant to run Thentos in a virtual machine, visit https://github.com/tarleb/thentos-vagrant.

If you run into any problems, you can check .travis.yml for an up-to-date way of getting all the dependencies installed.

Related work

Please notify us if you want something to be added.

• http://barada.sourceforge.net/
• http://jasig.github.io/cas/
• http://oauth.net/2/
• http://openid.net/connect/
• https://github.com/DeDiS/Dissent
• https://github.com/zalora/sproxy
• http://shibboleth.net/
• http://www.openldap.org/

Contributors

In alphanumerical order. Please let us know if we forgot to add you, or if you would like us to link to your GitHub handle / email.

• Albert Krewinkel
• Andor Penzes
• Andres Löh
• Christian Siefkes
• Florian Hartwig
• Henning Thielemann
• Julian Arni
• Matthias Fischmann
• Nicolas Pouillard
• Robert Vollmert
• Scott Sadler
• Sönke Hahn

If you want to get involved or have any questions, we would love to hear from you! Please also read docs/dev-howtos.md and docs/styleguide.md to learn more about our development practices and our coding guidelines for Haskell.

Future directions

• There are some exciting advances in IFC in Haskell: http://www.cse.chalmers.se/~buiras/hlio/, the mac package.