Show HN: TideCloak – Decentralized IAM for security and user sovereignty
(github.com)53 points by SaltNHash 5 days ago | 36 comments
Hey HN!
After 6 years of R&D, our small team is excited to share our project TideCloak - an IAM designed to help developers move fast without worrying about catastrophic breaches or overpowered admins with keys to the kingdom.
Traditional IAMs rely on centralized authority - admins, root certificates, and decryption keys - which create glaring vulnerabilities in a breach. To address this, we’ve integrated Keycloak (Red Hat’s IAM) with a decentralized key architecture powered by our (academically validated) Ineffable Cryptography.
Here’s the idea: keys are split across a decentralized network (our Cybersecurity Fabric) so no one ever holds the full key. Even in a breach or F$%k up, there’s no unchecked authority exposed.
Right now, TideCloak uses the Cybersecurity Fabric as an IdP, meaning users authenticate without their credentials being stored or shared. Essentially, users bring their own authority - without needing to trust anyone else to keep it safe.
Coming soon: - Identity Governance Administration to prevent super admin abuse. - User-sovereign digital assets, where assets are secured with unique decentralized keys to protect against mass breaches.
We’ve just launched a free developer sandbox, and we’d love your feedback: https://github.com/tide-foundation/tidecloak-gettingstarted
It’s still early stages, and your input will help us improve.
Thanks for taking a look - ask us anything!
HumanOstrich 5 days ago | next |
What is the "Cybersecurity Fabric"? I see it mentioned a lot, but having trouble filling in details.
Update: I found the answer and the research paper[1]. Based on what I've gleaned so far, this looks pretty awesome. It's like.. Horcruxes, but the participants assemble it blindly and instead of getting a soul, you get access to something without revealing the key.
[1]: https://arxiv.org/abs/2309.00915