<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Am 04.06.2018 um 15:42 schrieb alberto
fuentes:<br>
</div>
<blockquote type="cite"
cite="mid:CALkubT6oJYXk0dCx6Fb___5E59U_B-8EJ+iyBpvBj3tYeJ36Sw@mail.gmail.com">
<meta http-equiv="Context-Type" content="text/html; charset=UTF-8">
<div dir="ltr"><br>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Sun, Jun 3, 2018 at 11:20 PM,
Adrian Gropper <span dir="ltr"><<a
href="mailto:agropper@healthurl.com" target="_blank"
moz-do-not-send="true">agropper@healthurl.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote">
<div dir="ltr">
<div>Hi Andre,</div>
<div><br>
</div>
<div>Thanks for starting this thread around home server
and SSO. These are the two essential ingredients for
re-decentralizing the web and I am not aware of any
consumer-grade way to offer such an appliance today. I
have been following the FreedomBox project for many
years hoping it would eventually help with a supported
edicated server / SSO appliance.<br>
</div>
<div><br>
</div>
<div>Our project, HIE of One <a
href="http://hieofone.org/" target="_blank"
moz-do-not-send="true">http://hieofone.org/</a>
blends existing standards for a self-sovereign
authorization server (UMA - <a
href="https://kantarainitiative.org/confluence/display/uma/Home"
target="_blank" moz-do-not-send="true">https://kantarainitiative.org/<wbr>confluence/display/uma/Home</a>
) and rapidly emerging standards for self-sovereign
identity for SSO, self sovereign identity (DID - <a
href="https://w3c-ccg.github.io/did-method-registry/"
target="_blank" moz-do-not-send="true">https://w3c-ccg.github.io/did-<wbr>method-registry/</a>
), and Verifiable Credentials (<a
href="https://www.w3.org/2017/vc/WG/"
target="_blank" moz-do-not-send="true">https://www.w3.org/2017/vc/<wbr>WG/</a>
) into a single personal appliance or VM. We call this
a self-sovereign technology stack. Other servers such
as mail servers or health records (our use-case) can
then be controlled in both the authentication and
authorization sense by the HIE of One. <br>
</div>
<div><br>
</div>
<div>In my experience, the HIE of One (stands for Health
Information Exchange of One) way of approaching SSO is
much more powerful than previous methods such as SAML
and OpenID Connect that require federation in order to
work. Federation is an inherently centralized and
governance-sensitive architecture that inserts itself
between a person's credentials (self-asserted or
verified) and the use of the credentials to gain
authorization for an action. Blockchain-based trust
can replace federation trust with much less risk of
censorship and privacy violations. Besides DID, HIE of
One also allows for OpenID Connect SSO if the
individual is willing to whitelist trusted identity
providers.</div>
<div><br>
</div>
<div>Another project that is trying to build
consumer-friendly personal server appliances is <a
href="https://ubos.net/" target="_blank"
moz-do-not-send="true">https://ubos.net/</a></div>
<div><br>
</div>
<div>As I currently see it, FreedomBox does not have a
focus on creating a supported dedicated consumer
server appliance. The focus seems more on enabling
people to support themselves. As the hardware cost
approaches $50, the current FreedomBox strategy of
self-support makes less and less sense. Adoption would
be vastly accelerated if people could buy separate,
standards-based (for substitutability), appliances
that could be supported by others the way we currently
install apps in the walled gardens of our mobile
hardware.</div>
<div><br>
</div>
<div>Adrian<br>
</div>
</div>
<br>
</blockquote>
</div>
</div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra">Im using <a
href="http://workaround.org" moz-do-not-send="true">workaround.org</a>
ispmail tutorial. Its been around for a while and it always
uses debian stable<br>
</div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra"><a
href="https://workaround.org/ispmail" moz-do-not-send="true">https://workaround.org/ispmail</a></div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra">It has an ansible repo at the end of
the tutorial. Which is what i integrated in my server ansible
repo. Quite complete from my pov<br>
</div>
<div class="gmail_extra"><br>
</div>
</div>
<!--'"--></blockquote>
<br>
So far did not have the time to setup my own mail server but my
research gave the following promising results:<br>
- <a class="moz-txt-link-freetext" href="https://mailinabox.email/">https://mailinabox.email/</a><br>
- <a class="moz-txt-link-freetext" href="https://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/">https://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/</a><br>
- <a class="moz-txt-link-freetext" href="https://github.com/tomav/docker-mailserver">https://github.com/tomav/docker-mailserver</a><br>
now also all of your suggestions can be added to my list :-)<br>
<br>
</body>
</html>