local authentiication is a project that is centered around Ubuntu security working on a harware software level to locally authenticate commands that come to the computer and may lock out external commands.
The idea of local authentication is to impliment a system where a desktop or server may authenticate local commands such as the users keyboard, mouse or terminal. This allows for some flexibility such as dragging a file from home to root with password authentification. Not shure on how it should work but hardware is protected by root. Now with local authentication dragging a file or connecting to the interenet is authenticated comming from the user and allow for much more security and flexability. More inportantly it can lock out non authenticated commands such as remote desktop or hacker programs in general. It may also be possible to lock out malitios scripts and programs if expanded to have downloadable definitions. Roughly looking at it it does not do anything that sudo does not do now, but in the future may allow for scripts to double click a deb to install etc. Its more of a security layer than anythin else right now but can be expanded to do so much more. It may also add more flexability to the Gui though im not shure how it could authenticate a mounse drag and drop from a home file to root file.
Lastly this would allow for future customization for specific uses such as destop, network machine or server allowing a user to set up his computer to fit his specific needs. Local authentification would have to be able to differenciate between a local mouse click, a remote mouse click and a script based mouse click to actualy do something but hopefully you get the general idea.
Blueprint information
- Status:
- Not started
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- None
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- New
- Series goal:
- None
- Implementation:
- Unknown
- Milestone target:
- None
- Started by
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
K I think this has to be defined and a stringent goal set as to define what is possible. The original description is a bit vague but defined a general idea.
This would act as a security layer that could stop external programs and scripts from running in Ubuntu. This would be accomplished with the hardware layer where different hardware areas and drivers could have a authentication " synaptic like sucurity key for example" This could be used to authenticate where a command comes from. For example say a key logger or something similar from the web could be caught as its authentiication would be a net key.
This could also be used to fix future security issues by denying keys pertaining to a script of program.
Also this could be integrated into users and groups to help manage keys etc.
In affect windows used net framework to allow stuff to be installed from the net etc well this is kind of working in reverse where a hardware layer could stop stuff from being externally.
This might also prove interesting for servers etc in that with a well designed system it could be maid extremmly secure even with a web server maintanence where keys could limit access say having a network key on a network that disallowed external ips from accessing it etc.