Protocols and Interoperations

P3KI is built to integrate into a wide ranging set of existing environments.

Ad-hoc AuthZ/N Channel Establishment

Based on NOISE cryptographic protocol

Verifies delegable authentication

Verifies precise authorization

Establishes secured and authorization-tagged communication channel

Multi-channel Peering AuthN

Generates short and easy to phase PIN codes using NATO alphabet spelling helper

Enables in-the-field peering with previously unknown peers

One-way Message Bus AUthZ/N

Replay protection

Precise authorization

Multi-party signatures

OIDC Proxy (P3KIory)

Translates P3KI authorization into OIDC token

Suitable for last mile access to services not natively supporting P3KI

Based on Ory Hydra project

Cross-PKI X.509 Integration

Promote existing X.509 certificates and keys to P3KI identities

Enable cross-PKI interaction and authorization without cross-signing and additional certificate issuing

Issue authorizations with classic client/server certificates (no CA certificate needed)