Use-case Free Description

From SQRLauth.net
Revision as of 15:24, 23 February 2015 by Ramriot (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

{Page Build In Progress} Parts of the system:-Display: A place (PC browser, Sticker, POS device, Voting sheet) wherean interactive or static SQRL-Link is displayed such that it can bepassed from the Display to the Client.SQRL-Link: A URL with the scheme ({s}qrl://) that references a Resourcevia an Authentication_Server. The specific Resource to be authenticatedis defined by a GET parameter with argument Nut. The rest of the addressdetermines the Authentication_Server address.Nut: A base64URL encoded reference that leaks no information as to theexact Resource but can be associated to a specific predefined one by theAuthentication_Server. Nuts can be static over time or dynamicallygenerated for each use, but are always linkable to a specific predefinedResource by the Authentication_Server.Resource: The item that identity is being authenticated against e.g. (Auser account, A system folder, A monetary transaction, A purchase, Abuilding entrance, An alarm system, A municipal/federal Ballot item etc.)Authentication_Server: A device often separate from the Display that canaccept network queries from, and make responses to, the Client andperform all the action needed to securely and uniquely authenticate theClient to the requested Resource by retaining state either within theNut value (stateless initiation) or by reference to a server heldResource list (statefull initiation)Client: An application running either within the Display or on aseparate device that captures the SQRL link and uses it to authenticateits identity to the Server in relation to the predefined Resource.An expansion of the rest of the protocol is long and I may write that uplater on the above lines, but a key outcome is that over the two loopsof the SQRL protocol Identity and Non-Alteration of messages is provedto both ends.In the case of a Dynamically generated Nut, Identity is certain from endof loop One, but proof of the Non-Alteration of Resource description bythe Server is uncertain until the end of loop Two.In the case of a Statically generated or printed Nut, Both the aboverequirements are only certain after the end of loop Two.