diff options
author | Dennis Neufeld <dennis.neufeld@students.bfh.ch> | 2020-10-19 15:56:51 +0200 |
---|---|---|
committer | Dennis Neufeld <dennis.neufeld@students.bfh.ch> | 2020-10-19 15:56:51 +0200 |
commit | bcd7ef59ab7da21dc631ff78b07583b1e41a9cd8 (patch) | |
tree | 22c70b8b41d2e6edbc1223d2cc0474d914702427 | |
parent | 2a8df9767143fbe3770426e5c6cfb0d83353d83e (diff) | |
download | docs-bcd7ef59ab7da21dc631ff78b07583b1e41a9cd8.tar.gz docs-bcd7ef59ab7da21dc631ff78b07583b1e41a9cd8.tar.bz2 docs-bcd7ef59ab7da21dc631ff78b07583b1e41a9cd8.zip |
reducer illustrations
-rw-r--r-- | anastasis.rst | 47 | ||||
-rw-r--r-- | anastasis_reducer_backup.png | bin | 0 -> 358019 bytes | |||
-rw-r--r-- | anastasis_reducer_recovery.png | bin | 0 -> 230078 bytes |
3 files changed, 42 insertions, 5 deletions
diff --git a/anastasis.rst b/anastasis.rst index bb206db3..e282b2f0 100644 --- a/anastasis.rst +++ b/anastasis.rst @@ -28,7 +28,7 @@ encrypting it with a **master key**. The main objective of Anastasis is to ensure that the user can reliably recover the **core secret**, while making this difficult for everyone else. Furthermore, it is assumed that the user is unable to reliably remember any secret with sufficiently high entropy, so we -cannot simply encrypt using some other key material in posession of the user. +cannot simply encrypt using some other key material in possession of the user. To uniquely identify users, an "unforgettable" **identifier** is used. This identifier should be difficult to guess for anybody but the user. However, the @@ -51,7 +51,7 @@ A **recovery document** includes all of the information a user needs to recover access to their core secret. It specifies a set of **escrow methods**, which specify how the user should convince the Anastasis server that they are "real". Escrow methods can for example include SMS-based -verification, Video-identfication or a security question. For each escrow +verification, Video-identification or a security question. For each escrow method, the Anastasis server is provided with **truth**, that is data the Anastasis operator may learn during the recovery process to authenticate the user. Examples for truth would be a phone number (for SMS), a picture of the @@ -334,9 +334,9 @@ capacity. -------------- -Anastasis API -------------- +------------------ +Anastasis REST API +------------------ .. _salt: @@ -789,6 +789,43 @@ charge per truth operation using GNU Taler. } +--------------------- +Anastasis Reducer API +--------------------- + +This section describes the Anastasis Reducer API which is used by client applications +to store or load the different states the client application can have. + + +Backup Reducer +^^^^^^^^^^^^^^ +.. figure:: anastasis_reducer_backup.png + :name: fig-anastasis_reducer_backup + :alt: fig-anastasis_reducer_backup + :scale: 35 % + :align: center + + Backup states and their transitions. + + +The illustration above shows the different states the reducer can have during a backup +process. + +Recovery Reducer +^^^^^^^^^^^^^^^^ +.. figure:: anastasis_reducer_recovery.png + :name: fig-anastasis_reducer_recovery + :alt: fig-anastasis_reducer_recovery + :scale: 35 % + :align: center + + Recovery states and their transitions. + + +The illustration above shows the different states the reducer can have during a recovery +process. + + .. _anastasis-auth-methods: ---------------------- diff --git a/anastasis_reducer_backup.png b/anastasis_reducer_backup.png Binary files differnew file mode 100644 index 00000000..f4bf485b --- /dev/null +++ b/anastasis_reducer_backup.png diff --git a/anastasis_reducer_recovery.png b/anastasis_reducer_recovery.png Binary files differnew file mode 100644 index 00000000..3dc497bd --- /dev/null +++ b/anastasis_reducer_recovery.png |