This project contains the server implementation for PAAS, the PEP Authorisation API Service (or Pseudonymization as a Service).
The PAAS server provides a REST API to transcrypt pseudonyms between different domains.
It wraps around the libpep library, which provides homomorphic pseudonymization.
Moreover, it performs access control on whether pseudonymization is allowed between certain domains.
The server is built in Rust, using the actix-web framework.
Sessions can be stored in memory or in a Redis database.
User authentication is done using JWT tokens (but can be easily extended to other methods), that are expected to be passed in the Authorization header as a Bearer token.
The JWTs should contain the sub field, which is used to identify the user, and a groups field, which is used to identify the user's roles.
Access rules are loaded from a yml file, describing which groups are allowed to pseudonymize between which domains.
The expected signing key is read from a file.
A Dockerfile is provided to build a server image.
docker build -t paas-server