add verification of identities in the demo workflow

Question

add verification of identities in the demo workflow

Closed this issue 2 years ago · 4 comments

currently in the demo, anybody can vote

Answer 1 · 2022-03-18T10:17:55.000Z

@palmskog and @arolle (I cannot find his GitHub handle) put this forth in the meeting. They suggested that we could either have our own authentication system or use OAuth servers of KTH, Google, GitHub, or any other service.

I had a question about the implementation though. We basically need two things from the authentication.

Only verified voters vote.
There is exactly one vote per verified user.

How do we keep a check for the latter? One way to do so is to map the identity of the voter to the vote which defeats the purpose of the e-voting system. Any ideas for this?

Answer 2 · 2022-03-18T11:57:28.000Z

@algomaster99 @arolle we are at this point mostly interested in implementation of the "only verified voters vote" part, using something customizable like OAuth. There could be a simple database or flat file that defines what credentials are verified, e.g., username/password-hash pairs.

In our planned formal model, we will add tracking of cryptographic identities of voters into a vote collection server, but for the current demonstrator we are mostly interested in seeing the exchange of messages between voters / web server / authentication server.

Answer 3 · 2022-03-18T12:43:01.000Z

seeing the exchange of messages between voters / web server / authentication server.

Sounds like a plan. I can start to work on it.

Answer 4 · 2022-12-01T16:49:16.000Z

Fixed by #29