This Privacy-Preserving Attribute-Based Credential Engine enables application developers to use Privacy-ABCs with all their features without having to consider the specifics of the underlying cryptographic algorithms, similar to as they do today for digital signatures, where they do not need to worry about the particulars of the RSA and DSA algorithms either.
An introduction to the project and links to further information is found on the wiki.
Overview of Codebase
We provide a number of core components for authentication with privacy-preserving attribute-based credentials. These core components deal with the policy language that specifies the authentication requirements, a user interface that allows user to select which credentials they want to use to satisfy the authentication policy and then some components to generate and verify authentication tokens.
Building a full-fledged authentication and authorization solution requires a number of additional components such as credential storage or key management. We provide basic implementations of such components and of example application as well. While these components could be useful as well, you might have to replace them with your own ones to integrate the core components into your application.
Finally, we do not provide that cryptography that generates the cryptographic values in the authentication token. However, our engine is designed to be used with Identity Mixer. So all you need to do is to download IBM Identity Mixer separately. Our library is also interoperable with Microsoft U-Prove.
For more details about the components and how to integrate them into an application we refer to the Architecture page.
NOTE: The java-ui component (and possibly other components) refer to an older version of core-abce. We are currently working on a fix for this, as well as updating documentation.
The p2abcengine can be used as either a series of platform independant web services or be integrated directly into a Java codebase. For instructions on how to build the ABCE, look at the wiki page how to build the ABCE for development. To set up the web services, refer to the wiki page creating an ABC system using web services. To integrate directly, see the page integrating the ABCE.
The source code of the p2abcengine is licensed under the Apache License, Version 2.0.
Note, however, that the p2abcengine depends on a number of Java libraries that are licensed under other licenses. For details, see the overview of licenses of the library dependencies.
The p2abcengine requires IBM Identity Mixer as cryptographic engine. Identity Mixer is available under the Identity Mixer License.
The architecture and the specification of the p2abcengine have been done as part of the ABC4Trust project.
The code and documentation available here is by Alexandra Institute, Miracle, and IBM Research - Zurich with support from the ABC4Trust, AU2EU, FI-ware, FutureID, and PrimeLife projects.