Declarative web service security[Declarative web service security in NixOS]
This project aims to make NixOS the first computer operating system to package TLS Pool as a service component, and will allow to combine the power of declarative packaging with the unique security characteristics of TLS Pool to create a solid and versatile delivery channel for decentralised internet applications.
- The project's own website
Creating secure webservices is non-trivial. Every application has its own security configuration mechanism, which means there is lots of room to make mistakes, neglect flaws and end up with vulnerable systems. TLS Pool is a ground-breaking mechanism from the ARPA2 project to isolate security processes and key material from actual applications themselves, and allows to manage transport layer security at a system level. NixOS is a Linux distribution with a unique approach to package and configuration management. Built on top of the Nix package manager, it is completely declarative, makes upgrading systems reliable, and has many other advantages. It is used increasingly in complex environments where reproducible behaviour and configurability matter, from desktop systems to some of the top 500 supercomputers.
The results of this project should greatly simplify the creation and delivery of robust and secure services, on the web and beyond. We will validate and demonstrate the new capabilities resulting from the project by providing a number of examples of different types of web services, such as classic LAMP applications, NodeJS and Java application containers.