veyron/{services,tools}/identity: Make the identity tool much more usable and secure.
Identity providers in veyron essentially verify that a client has a valid
claim to a particular name and then issue a blessing with that name, rooted
at the identity provider's self-signed certificate.
Prior to this commit:
- There was an HTTP server that would use OAuth to validate that a client
has a valid claim to a particular name (managed by Google)
- And then ship the PrivateID (including a newly minted private key) over the
wire to the caller.
- The command-line tool could not interact with this flow and thus one
had to visit the HTTP page and "copy-paste" the response into a file.
This scheme had various issues:
- The private key was known to the HTTP server and was shipped across
the wire. In veyron we intend to *NEVER* ship private keys outside
the host machine.
- The command-line tool wasn't usable for the most useful identities
(i.e., those with a blessing from the HTTP server).
This commit changes the flow:
- A Veyron service is provided that uses an OAuth authentication code
to obtain the username of a client and then provides a blessing
via a veyron RPC. Thus, no private keys are shipped on the wire
and ownership of the private key by the cient is ensured via the
Veyron authentication protocol
- The command-line tool initiates the OAuth flow, obtains the authentication
code and the uses that to invoke the Veyron service to get a blessing.
This hopefully makes the tool significantly more usable and avoids the
need for any copy-pastes or any private keys being shipped around.
For now, the original HTTP server code is kept, but once WSPR is
also migrated to this scheme, we hope to remove the code that
transmits a private key over the wire.
Change-Id: I720b59bf23747b69c60681cb564279efc9d0fccf
11 files changed
