[Freedombox-discuss] Hosting emails at home

Sun Jun 3 22:20:44 BST 2018

Hi Andre,

Thanks for starting this thread around home server and SSO. These are the
two essential ingredients for re-decentralizing the web and I am not aware
of any consumer-grade way to offer such an appliance today. I have been
following the FreedomBox project for many years hoping it would eventually
help with a supported edicated server / SSO appliance.

Our project, HIE of One http://hieofone.org/ blends existing standards for
a self-sovereign authorization server (UMA -
https://kantarainitiative.org/confluence/display/uma/Home ) and rapidly
emerging standards for self-sovereign identity for SSO, self sovereign
identity (DID - https://w3c-ccg.github.io/did-method-registry/ ), and
Verifiable Credentials (https://www.w3.org/2017/vc/WG/ ) into a single
personal appliance or VM. We call this a self-sovereign technology stack.
Other servers such as mail servers or health records (our use-case) can
then be controlled in both the authentication and authorization sense by
the HIE of One.

In my experience, the HIE of One (stands for Health Information Exchange of
One) way of approaching SSO is much more powerful than previous methods
such as SAML and OpenID Connect that require federation in order to work.
Federation is an inherently centralized and governance-sensitive
architecture that inserts itself between a person's credentials
(self-asserted or verified) and the use of the credentials to gain
authorization for an action. Blockchain-based trust can replace federation
trust with much less risk of censorship and privacy violations. Besides
DID, HIE of One also allows for OpenID Connect SSO if the individual is
willing to whitelist trusted identity providers.

Another project that is trying to build consumer-friendly personal server
appliances is https://ubos.net/

As I currently see it, FreedomBox does not have a focus on creating a
supported dedicated consumer server appliance. The focus seems more on
enabling people to support themselves. As the hardware cost approaches $50,
the current FreedomBox strategy of self-support makes less and less sense.
Adoption would be vastly accelerated if people could buy separate,
standards-based (for substitutability), appliances that could be supported
by others the way we currently install apps in the walled gardens of our
mobile hardware.

Adrian

On Sun, Jun 3, 2018 at 4:32 PM, André Rodier <andre at rodier.me> wrote:

> Hello Joseph,
>
> Thank you for your answer.
>
> I wasn't expecting a direct integration of my Ansible scripts into
> FreedonBox, but an example of what should be done, and in which order, to
> have a fully compliant mail server. There is a few hurdles to overcome, and
> you would have won some time.
>
> Now, if you think that using Ansible playbooks directly into the project,
> perhaps you know the architecture more than me. I will have a look to
> FreedomBox later.
>
> Kind regards,
> André
>
>
> On 03/06/18 15:10, Joseph Nuthalapati wrote:
>
>> André,
>>
>> Thanks for sharing this. I'm really excited to find a project that
>> installs and configures email servers purely through Debian packages.
>> This compatible with the FreedomBox way of doing things.
>>
>> FreedomBox installation scripts are plain Python scripts for now. I have
>> recently used Ansible for a FreedomBox project called
>> cloud-image-builder which creates EC2 images (called AMIs) of FreedomBox
>> for the AWS cloud. I can see some benefits in using Ansible over writing
>> our own scripts. Well, the FreedomBox project was started before Ansible
>> became mainstream. I personally think that directly integrating Ansible
>> playbooks into the Django project is not a bad idea though this needs
>> discussion with the other team members. We might invoke Ansible
>> playbooks from actions scripts in Plinth. If we take that route, these
>> playbooks can be directly integrated into the FreedomBox project.
>>
>> We did implement a rudimentary Single Sign On mechanism for some of our
>> applications using the Apache module called mod_auth_pubtkt. It had its
>> limitations. We are now considering implementing a SAML2 based SSO.
>>
>> We recently put a lot of effort into improving our build system for
>> Single Board Computers. It's called freedom-maker. It's also used by
>> some other projects like Freedombone to build images for SBCs. It's
>> written in Python3. Please feel free to use it and contribute
>> improvements.
>>
>> We did have both email and SSO planned for 2018. Hope FreedomBox will
>> evolve soon enough to satisfy your requirements so that you don't have
>> to maintain a different project. We look forward to more collaboration
>> with you.
>>
>>
>> On Sunday 03 June 2018 01:10 PM, André Rodier wrote:
>>
>>> Hello everyone,
>>>
>>> A few months ago, I had a look on the freedombox project, and while it
>>> was promising, the main features I wanted were not implemented.
>>> Basically, I needed emails and single sign-on, plus some emphasis on
>>> strong security and privacy. I did not need all the software and
>>> servers in the list. None of the project I have seen online where
>>> providing exactly what I wanted.
>>>
>>> I have been self-hosted for years, but after a migration from a
>>> dedicated server online to a low power consumption mini server at
>>> home, I wanted to create some scripts to do it properly. I started a
>>> project on Github, you will find a link below.
>>>
>>> I think I have achieved this. The way I did it is very transparent, so
>>> you can see what I have done. Everything is done through Ansible
>>> scripts. I may extract a few parts in different repositories.
>>>
>>> I am sending this email for many valid reasons, IMHO:
>>>
>>> - I see email and SSO are on your roadmap, and I reckon it is
>>> something long to achieve, if done properly. What I have done might be
>>> useful to you.
>>> - I will focus more on open source hardware boards and fully automatic
>>> installation of the whold system (OS and Software). I reckon this will
>>> overlap with FreedomBox.
>>>
>>> The link to the project: https://github.com/progmaticltd/homebox
>>>
>>> I am registered in UK, as a company, and this will allow me pay some
>>> people to do a few things I do not have the time or skills to do
>>> myself. Anything developed will be published in GPLv3 or any
>>> appropriate open source license, and submitted to Debian.
>>>
>>> Have a look on the official documentation, and list of features.
>>>
>>> Kind regards,
>>> André Rodier.
>>>
>>> _______________________________________________
>>> Freedombox-discuss mailing list
>>> Freedombox-discuss at alioth-lists.debian.net
>>> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/fre
>>> edombox-discuss
>>>
>>
>>
>>
>> _______________________________________________
>> Freedombox-discuss mailing list
>> Freedombox-discuss at alioth-lists.debian.net
>> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/fre
>> edombox-discuss
>>
>>
> _______________________________________________
> Freedombox-discuss mailing list
> Freedombox-discuss at alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/fre
> edombox-discuss
>

-- 

Adrian Gropper MD

PROTECT YOUR FUTURE - RESTORE Health Privacy!
HELP us fight for the right to control personal health data.
DONATE: https://patientprivacyrights.org/donate-3/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/freedombox-discuss/attachments/20180603/cc3cdcc0/attachment-0001.html>