PAAS server

The PAAS server provides a REST API to transcrypt pseudonyms between different domains. It wraps around the libpep library, which provides homomorphic pseudonymization. Moreover, it performs access control on whether pseudonymization is allowed between certain domains.

The server is built in Rust, using the actix-web framework. Sessions can be stored in memory or in a Redis database. User authentication is done using JWT tokens (but can be easily extended to other methods), that are expected to be passed in the Authorization header as a Bearer token. The JWTs should contain the sub field, which is used to identify the user, and a groups field, which is used to identify the user's roles. Access rules are loaded from a yml file, describing which groups are allowed to pseudonymize between which domains. The expected signing key is read from a file.

Docker build

A Dockerfile is provided to build a server image. Notice that the server build requires building the whole cargo workspace. Therefore, you should build the Docker image from the root of the repository, specifying the -f server/Dockerfile.

docker build -t paas-server -f server/Dockerfile .