From bcd7ef59ab7da21dc631ff78b07583b1e41a9cd8 Mon Sep 17 00:00:00 2001 From: Dennis Neufeld Date: Mon, 19 Oct 2020 15:56:51 +0200 Subject: reducer illustrations --- anastasis.rst | 47 ++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 42 insertions(+), 5 deletions(-) (limited to 'anastasis.rst') diff --git a/anastasis.rst b/anastasis.rst index bb206db3..e282b2f0 100644 --- a/anastasis.rst +++ b/anastasis.rst @@ -28,7 +28,7 @@ encrypting it with a **master key**. The main objective of Anastasis is to ensure that the user can reliably recover the **core secret**, while making this difficult for everyone else. Furthermore, it is assumed that the user is unable to reliably remember any secret with sufficiently high entropy, so we -cannot simply encrypt using some other key material in posession of the user. +cannot simply encrypt using some other key material in possession of the user. To uniquely identify users, an "unforgettable" **identifier** is used. This identifier should be difficult to guess for anybody but the user. However, the @@ -51,7 +51,7 @@ A **recovery document** includes all of the information a user needs to recover access to their core secret. It specifies a set of **escrow methods**, which specify how the user should convince the Anastasis server that they are "real". Escrow methods can for example include SMS-based -verification, Video-identfication or a security question. For each escrow +verification, Video-identification or a security question. For each escrow method, the Anastasis server is provided with **truth**, that is data the Anastasis operator may learn during the recovery process to authenticate the user. Examples for truth would be a phone number (for SMS), a picture of the @@ -334,9 +334,9 @@ capacity. -------------- -Anastasis API -------------- +------------------ +Anastasis REST API +------------------ .. _salt: @@ -789,6 +789,43 @@ charge per truth operation using GNU Taler. } +--------------------- +Anastasis Reducer API +--------------------- + +This section describes the Anastasis Reducer API which is used by client applications +to store or load the different states the client application can have. + + +Backup Reducer +^^^^^^^^^^^^^^ +.. figure:: anastasis_reducer_backup.png + :name: fig-anastasis_reducer_backup + :alt: fig-anastasis_reducer_backup + :scale: 35 % + :align: center + + Backup states and their transitions. + + +The illustration above shows the different states the reducer can have during a backup +process. + +Recovery Reducer +^^^^^^^^^^^^^^^^ +.. figure:: anastasis_reducer_recovery.png + :name: fig-anastasis_reducer_recovery + :alt: fig-anastasis_reducer_recovery + :scale: 35 % + :align: center + + Recovery states and their transitions. + + +The illustration above shows the different states the reducer can have during a recovery +process. + + .. _anastasis-auth-methods: ---------------------- -- cgit v1.2.3