[C++] Logout event (event queue)
This ticket is created following a discussion started by MR !97 (merged).
Currently if we have a multiple applications like Outlook, Word on same device, if one of them logs out, the others will eventually figure out and logout too, when they try to read or write to the shared crypto storage.
For better user experience we want the other applications to be notified for the logout event as soon as it happens.
Possible solutions:
1. To use OS specific multi process communication facilities (windows multi process named mutex for example).
The solution will be a fire and forget event broadcast.
PROS:
- Does not involve a persistent state.
- Simple if we need just one single event
logout
.
CONS:
- Different code for different Operating Systems.
- If we have many different events in the future it could become bloated.
@gospodin.bodurov proposed to simulate a shared queue by using a shared storage (we currently use sqlite3).
2.PROS:
- Single solution for all OS kind.
- Can be used not just for
logout
, but for any kind of events if a need arises.
CONS:
- Multi process concurrent access to a single storage has been known to cause difficulties for achieving data consistency. That's why long time ago the world began to use a separate service (process) when a shared storage is needed.
Disclaimer: This may be only my personal opinion. I currently do not have a paper or research on the subject to reference here.
- There are problems that we need to address, like when and how to delete the old events.
vereign service
that is installed on the device, that provides local API to the applications, instead of using a library (plugin) inside every application.
3. Develop a The applications can communicate with the vereign service
with encrypted gRPC channel on localhost, and vereign service
will be responsible for maintaining the user session, signing emails, documents locally on the device and doing rest API calls to the vereign servers.
PROS:
- Since
vereign service
is the only process that touches the storage files, it is easier to accomplish data consistency. - It can provide a unified login session shared among the applications.
CONS:
- The user must install additional software on their device - the
vereign service
. - We should maintain and distribute this
vereign service
application for all Operating Systems including Android and iOS.
Single login session shared among the applications.
Under Windows we use the native crypto storage for generating a persistent RSA key pair. When a process creates or tries to load such a key the OS asks for user's consent by showing to him the following dialog.
With solution 1. and 2. above the user will still see this dialog when opening every application he uses, even when he already had been written his password for a previously running application. In other words if the user opens Word, enters his key password, and then opens Outlook, he will have to enter his password again this time to authorize the Outlook application.
This of course is not entirely bad - it actually provides better security.
But if we want the user to enter his password only once with the first app that he opens, this can be achieved with solution 3.
Improvements on the current solution.
We can improve the responsiveness of the current state, by making so that an Application is notified about the logout not just when it writes something to the storage, but also every time it reads from the storage. (No need to change anything, even now when the Application tries to read from the storage, if the master AES key was changed it will fail since the encryption is with AES256-GCM).
Furthermore every time when something must be signed, the profile certificate may be read from the storage and deleted from memory once the signing is complete. This will force a storage read before every signing and thus it will be more responsive to logout events.