Skip to main content

TideCloak 0.8.0

A rollout of the Secure-Web-Enclave verifiability (SRI) feature with some other bug fixes.

Highlights:

  • SRI protection to the Secure Web Enclave.
  • Tide-styled theme.
  • Summary section for the Approval Enclave.
  • Breaking Codespaces deployment bug fix.
  • Minor upgrade for cryptography library.

Cybersecurity Fabric changes

Secure Web Enclave cryptographic verifiability

One of Tide's most critical security features is the introduction of a groundbreaking verifiability mechanism for the web end-user, guaranteeing the web interface integrity. Tide Cybersecurity Fabric's user interface is the Secure Web Enclave (SWE) that is used by the user, on their browser, to consume its services: authentication, encryption, decryption, signing, etc. The entire cryptographic security relies on a Multi-party computation scheme that is orchestrated by that SWE and guaranteeing none of the network nodes is corrupt or malicious. To guarantee that the SWE itself isn't corrupt or malicious, the entire source code of the SWE can be verified with its cryptographic digest signature (SHA256 hash function) using a standard SubResource Integrity (SRI) feature available in all major browsers. Tide publishes the "approved" digest codes on its website at https://tide.org/integrity-checker and any user can verify it's the same one working locally for them. Complete description and instructions are available in the documentation.

Approval Enclave summary

One of the robust uses of Tide's Secure Web Enclave (SWE) is to act as a verifiable approval step in a quorum workflow process: for example, when multiple administrators are required to approve a permission assignment, or when a quorum of users are required to approve a transaction. This part of the SWE can be summoned by the platform developer just for that specific scenario, therefore is called "Approval Enclave". This release introduces a summary section to highlight the most important details of the approval for the user - while having the raw information collapsed as default. The summary structure is tailor-made per each approval model and will display different information.

Updated cryptographic library

Tide's cryptide, the SWE Javascript cryptographic library, has been refactored to align with best practices and security standards.

Web Enclave padding bug fix

Tide's user interface, the Secure Web Enclave, suffered from an incosistant cosmetic flaw that was caused by occasional "inflation" of the page padding between the custom logo and the main data-entry section. This has now been fixed.

TideCloak changes

Tide-style custom theme

In a Tide-enabled realm, most UI elemenets of Keycloak are either replaced by the SWE or hidden (e.g. Identity detail collection page). However, there are still processes where Keycloak elements are required such as the SSO log-out confirmation page and user invite page. Since Tide strongly encourages disabling TideCloak's User Self Registration in favour of only adding users via invites, the invite landing page is more emphasised in Tide related flows. For this, TideCloak has now a custom theme named tidecloak-theme that is automatically assigned to realms with Tide IdP enabled. That custom theme utilizes the Vendor Logo and Vendor Background Image set in the Tide IdP section. This theme is used for all user screens.

Trailing slash breaking bug fix

This release fixes a breaking change that prevented TideCloak from being redirected back to after Sign In flow when a hostname wasn't defined. This is now fixed.

Invite-User Custom Redirect

When adding a user using the invite-user workflow, the developer can now specify a return-URL for the flow to redirect the user at the suceessful completion of the addition. The settings for the customr redirection is defined in the IdP Settings page, under a new definition called "Customer Admin UI Domain".