Authorization & Authentication for a Connected World

Ad-hoc AuthZ/N Channel Establishment The P3KI cryptographic handshake protocol
Multi-channel Peering AuthN Ad-hoc peering using second channel to exchange proof
One-way Message Bus AUthZ/N Handshake-free security for one-way communication channels
OIDC Proxy (P3KIory) Use P3KI to interact with any OpenID Connect service
Cross-PKI X.509 Integration Use existing X.509 certificate based identities with P3KI

Ad-hoc AuthZ/N Channel Establishment

Based on NOISE cryptographic protocol

Verifies delegable authentication

Verifies precise authorization

Establishes secured and authorization-tagged communication channel

Generates short and easy to phase PIN codes using NATO alphabet spelling helper

Enables in-the-field peering with previously unknown peers

Replay protection

Precise authorization

Multi-party signatures

Translates P3KI authorization into OIDC token

Suitable for last mile access to services not natively supporting P3KI

Based on Ory Hydra project

Promote existing X.509 certificates and keys to P3KI identities

Enable cross-PKI interaction and authorization without cross-signing and additional certificate issuing

Issue authorizations with classic client/server certificates (no CA certificate needed)