Just to say thanks to the nice folks at Palamida. They wrote an interesting commentary to my post on building an AGPL suite and then move each application of the suite onto a zero-knowledge architecture.

Here is what they say:

Marco Barulli is taking the risk of blazing the trail for web services developers to come. Is AGPLv3 the right license? Who knows. Is “zero-knowledge” the right architecture? Maybe yes, maybe no.

• Zero-knowledge architecture is a web services framework in which secure information is distributed only to the endpoint, the service, through a secure and reliable framework that does not allow disclosure or residual existence of any user specific information. […]

• The AGPLv3 assures that the architecture and the source code is transparent and available for scrutiny, thereby insuring a clear implementation of secure practice that can be monitored and verified by the community. […]

Is this novel? No. Is it needed? Of course. “Zero-knowledge” architecture is based on old ideas applied to a new web services paradigm. Trust nobody, encrypt, and double check everything. Clipperz and the zero-knowledge concept is an old idea finding a proper place to start talking about transparent architecture which puts the responsibility of information security in the hands of the users. Is it perfect? Maybe yes, maybe no. It is licensed under AGPLv3, so Marco Barulli is inviting the community to grow what he started. Simple idea, great initiative. Well done.

Too kind! Who is going to join us in this adventure? Clipperz can certainly contribute its password manager to the AGPL Suite with, but who is next? I would love to hear from the smart guys that developed AJAX Chat …