Ubuntu Trust Store & Trusted Interactions

Registered by Thomas Voß

Further evolve the notion of trusted helpers and trusted user interaction to account for requirements arising from Ubuntu's security/trust model. Trusted helpers need to be able to prompt the user for trust requests and persist the user's answer in a uniform and secure way. More to this, access to input methods and accessibility methods fall roughly into the same category as they require secure operation and UI assembling across process boundaries.

Blueprint information

Status:
Not started
Approver:
Thomas Voß
Priority:
Essential
Drafter:
Thomas Voß
Direction:
Approved
Assignee:
None
Definition:
Drafting
Series goal:
Accepted for trusty
Implementation:
Not started
Milestone target:
milestone icon ubuntu-14.04

Related branches

Sprints

Whiteboard

Use cases for "Trusted Prompt Session" (https://wiki.ubuntu.com/Security/TrustStoreAndSessions):

  * Location service
  * Online accounts

Use cases for "Trusted Interaction Sessions":

  * Input methods a.k.a. on-screen keyboards
  * Accessibility tooling

Use cases for "Trust Store":

  * Trusted helpers

Requirements for "Trust Store" (https://wiki.ubuntu.com/SecurityAndPrivacySettings):

  * Stores should be identifiable by services
  * Location service & online accounts are the driving use-cases
  * Take into account specific requirements when binding C to Go/when supporting Go as client language
  * Security strongly votes in favor of a central trust store process/service for release

"Application Embedding it is"

jdstrand> out of process vs in-process makes no difference for the trusted helper doing the trust store check. The only thing we want to avoid is process (ie untrusted app) asking for permission isn't the one doing the trust store lookup.

Related blueprint:
https://blueprints.launchpad.net/ubuntu/+spec/client-1410-unity-ui-trustedsession

(?)

Work Items

Work items:
[jdstrand] Evaluate in-process vs. out-of-process approach for trust-store: DONE
[thomas-voss] Provide an API draft for trust store: TODO
[mardy] Provide use-case description for online accounts in the wiki: DONE
[ken-vandine] Provide use-case description for content hub in the wiki: TODO
[thomas-voss] Provide an API draft to start and handle a trusted session: TODO