OpenModelica / OpenModelica

OpenModelica is an open-source Modelica-based modeling and simulation environment intended for industrial and academic usage.
https://openmodelica.org
Other
850 stars 306 forks source link

Distribution of the OpenModelica variant with encryption #7560

Open adrpo opened 3 years ago

adrpo commented 3 years ago

This ticket is for a discussion on how to distribute the OpenModelica variant with encryption.

  1. distribute from openmodelica website via one public link

    • pros: easy and clear
    • cons:
      • anybody can unpack encrypted libraries if they don't have any licensing executable
      • we don't know who uses the OpenModelica with encryption
  2. distribute from openmodelica website with registration and a unique link that can be used once for download (with captcha so that automatic link checkers can't access it)

    • pros:
      • we know who uses the OpenModelica with encryption
      • still an easy process
      • we keep the executable with encryption from being public
    • cons: a bit of administration and implementation to generate the forms

Currently only the OMSC members can access the OpenModelica build with encryption support.

niklwors commented 3 years ago

I think proposal two is very good. Is the effort for the creation of the unique link and the possibility of registration large? What data should all be entered during registration. E.g. the name and surname, email address and organization?

sjoelund commented 3 years ago

You could also do:

  1. Public download as usual installer (Windows, Linux, etc). But we include our own license check (you can do it like 2 except you get a license file instead of an installer; this could include requiring online access to check for newer versions, and refusing to load encrypted libraries e.g. if the version is broken). This way you get fewer installers to maintain.
niklwors commented 3 years ago

Proposal three sounds also very good. We found these licensing tools which could be used for example: https://github.com/amrayn/licensepp https://github.com/plstcharles/meta-licensor http://open-license-manager.github.io/licensecc/index.html

siscosan commented 3 years ago

Hi all,

I'm a colleague of @niklwors.

I like proposal three, and I would like to understand it better because of the online access to check for newer version feature.

I would like to have the encryption feature included in the "normal" version. This way you do not need to maintain more installers as @sjoelund mentioned.

To prevent everybody to use this feature, the user needs a license (which is not part of the installer). If you want to use encryption, OM checks that there is no valid license and opens a "request license" dialog. The dialoge shows the hardware ID of the machine and has a "request license" button that opens/sends a mail to your team using the mail client of the machine.

This way you will know that somebody out there want's to use encryption, and you can provide them the license file that is valid for a certain period of time.

The user receives this license in the mail and uses the same "request license" dialog to "import the license". Now he can use the encryption feature.

You get

I think the "check for newer [OMEdit] versions" is something that should be implemented parallel, as a new version can also be released without anything changed to the encryption feature.

Niklas mentioned some C++ licensing libraries that could help in implementing such a feature.

There is one open question for me - I don't understand the "refusing to load encryptied libraries e.g. if the version is broken". Can you @sjoelund provide more information to us?

Best regards, Francisco

sjoelund commented 3 years ago

There is one open question for me - I don't understand the "refusing to load encryptied libraries e.g. if the version is broken". Can you @sjoelund provide more information to us?

There are some open tickets about older versions of the version with encryption support not working as it should (ignoring some license checks, etc). I think we would actually need some way of disabling older versions (or changing the encryption key, but then perhaps some version could be used to extract information from the libraries)...

The disadvantage of 3 is that there is a lot more that would need to be implemented (taking time from other planned features).

niklwors commented 3 years ago

@sjoelund You can make sure that only new version of OMEdit is used with the new SEMLA integration by changing the public key of OpenModelica. Then the libraries must be encrypted with the new OpenModelica public key so that they can be used with the latest version.

sjoelund commented 3 years ago

@sjoelund You can make sure that only new version of OMEdit is used with the new SEMLA integration by changing the public key of OpenModelica.

That does nothing for people with an older version of OMEdit installed.

siscosan commented 3 years ago

Thanks @sjoelund - now I understand this.

After typing several lines I came to the conclusion that it would be the best to discuss this in a meeting ;-)

If you want to disable a version A installed on the user PC, you need some kind of connection between the version on the PC and kind of "master switch" in your hands. A license could solve this problem - think about "encryption features available for 1 year". After this year it does not work anymore....

A better solution would be a license server so the version A checks online if the feature is still valid or not...

but a license server is kind of more implementation, administration and budget...

petfr commented 3 years ago

Feel free to organize a web meeting on this topic.

Peter

From: siscosan @.> Sent: Tuesday, June 15, 2021 14:19 To: OpenModelica/OpenModelica @.> Cc: Peter Fritzson @.>; Assign @.> Subject: Re: [OpenModelica/OpenModelica] Distribution of the OpenModelica variant with encryption (#7560)

Thanks @sjoelundhttps://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsjoelund&data=04%7C01%7Cpeter.fritzson%40liu.se%7C5a60909c9014456b10fa08d92ff7ba1e%7C913f18ec7f264c5fa816784fe9a58edd%7C0%7C0%7C637593563289040106%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=YDOXWZmkS2P0X5Yb5Am8feOpuQGNpRLcpH4P7nRLA94%3D&reserved=0 - now I understand this.

After typing several lines I came to the conclusion that it would be the best to discuss this in a meeting ;-)

If you want to disable a version A installed on the user PC, you need some kind of connection between the version on the PC and kind of "master switch" in your hands. A license could solve this problem - think about "encryption features available for 1 year". After this year it does not work anymore....

A better solution would be a license server so the version A checks online if the feature is still valid or not...

but a license server is kind of more implementation, administration and budget...

- You are receiving this because you were assigned. Reply to this email directly, view it on GitHubhttps://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FOpenModelica%2FOpenModelica%2Fissues%2F7560%23issuecomment-861450004&data=04%7C01%7Cpeter.fritzson%40liu.se%7C5a60909c9014456b10fa08d92ff7ba1e%7C913f18ec7f264c5fa816784fe9a58edd%7C0%7C0%7C637593563289050100%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=38Klr8TOtGwmxONcVnrTw6wUoe53djdAodmqw6Y4LSA%3D&reserved=0, or unsubscribehttps://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAFTWEQRMOAPSFVFZCPIR5SDTS5AKLANCNFSM46VIEH4Q&data=04%7C01%7Cpeter.fritzson%40liu.se%7C5a60909c9014456b10fa08d92ff7ba1e%7C913f18ec7f264c5fa816784fe9a58edd%7C0%7C0%7C637593563289060097%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=6RAyT0EZNqjXbG3Sj6%2BzXAobPhDyW%2B4d0Hm8hvPpwDQ%3D&reserved=0.

niklwors commented 3 years ago

@sjoelund you can than not load the encryped library because the encrypted library does not support the old OpenModelica public key

siscosan commented 3 years ago

@niklwors - yes, but you can still use your old version A with the old encrypted library A

Niklas will ask in the next DEV meeting when we could do such a meeting to discuss this topics.

sjoelund commented 3 years ago

@sjoelund you can than not load the encryped library because the encrypted library does not support the old OpenModelica public key

It should be possible to have multiple public keys. Need Adeel to check that.

@niklwors - yes, but you can still use your old version A with the old encrypted library A

Not with my proposal...

adrpo commented 3 years ago

We will have a meeting about this in 30 June @ 13:00, let me know if you want to join that meeting.

adrpo commented 3 years ago

Option 3

Issues:

Harder things:

adrpo commented 3 years ago

MA - MCP encryption: https://github.com/modelica/ModelicaSpecification/tree/MCP/0039/RationaleMCP/0039

casella commented 3 years ago

@adrpo's comment on 30 Jun is a good summary of the requirements, but we need to turn that into an actual work plan. @niklwors, we can discuss this in detail in one of the next devmeetings

casella commented 3 years ago

Tentative workplan:

Distribution:

casella commented 2 years ago

@adeas31 can you please help with the form handling? Please ask @adrpo for details, it should be straightforward.

casella commented 2 years ago

@adeas31 please ask @adrpo about details, I guess you can take care of the implementation. This is needed anytime soon

casella commented 6 months ago

@niklwors, @abuntrock, can we close this ticket or is there still some pending issue with it?

niklwors commented 6 months ago

It is still missing that the download page is still empty and has no content, such as an OpenModelica logo and a short description of what the page is for.

casella commented 6 months ago

@adeas31 could you please take care of that?

adeas31 commented 6 months ago

I don't know much about it. @arun3688 designed the download page.

casella commented 6 months ago

OK, then I'd leave it to @arun3688 😃

arun3688 commented 6 months ago

@casella @adeas31 Adrian decided not to use the keycloak interface as it was too complicated to fix few stuffs and he decided to use a very simple web interface using Apache, but I don't know how the web interface looked like @adrpo can you please comment on this