Lib.rs

Database interfaces
#authorization #pep #server #service #paas #api-service #group

bin+lib paas-server

PEP Authorization API Service

Owned by JobDoesburg, NOLAI.

4 releases (2 breaking)

new 0.6.1 Feb 27, 2025
0.6.0 Feb 27, 2025
0.5.0 Feb 11, 2025
0.4.1 Feb 11, 2025
0.4.0 Jan 30, 2025

#572 in Database interfaces

Download history 107/week @ 2025-01-27 20/week @ 2025-02-03 227/week @ 2025-02-10 8/week @ 2025-02-17

362 downloads per month

Apache-2.0

56KB
1K SLoC

Rust 748 SLoC // 0.0% comments JavaScript 330 SLoC // 0.0% comments Shell 2 SLoC

PAAS server

Crates.io Downloads License Documentation Dependencies

This project contains the server implementation for PAAS, the PEP Authorisation API Service (or Pseudonymization as a Service).

The PAAS server provides a REST API to transcrypt pseudonyms between different domains. It wraps around the libpep library, which provides homomorphic pseudonymization. Moreover, it performs access control on whether pseudonymization is allowed between certain domains.

The server is built in Rust, using the actix-web framework. Sessions can be stored in memory or in a Redis database. User authentication is done using JWT tokens (but can be easily extended to other methods), that are expected to be passed in the Authorization header as a Bearer token. The JWTs should contain the sub field, which is used to identify the user, and a groups field, which is used to identify the user's roles. Access rules are loaded from a yml file, describing which groups are allowed to pseudonymize between which domains. The expected signing key is read from a file.

Docker build

A Dockerfile is provided to build a server image.

docker build -t paas-server

Dependencies

~22–35MB
~628K SLoC