diff --git a/.dockerignore b/.dockerignore
index c07c711..9f4da1e 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -4,7 +4,7 @@
 # Don't track cargo generated files
 target/*
 app/target/*
-model/target/*
+auth/target/*
 
 # Don't track the generated JS
 app/pkg/*
diff --git a/.gitignore b/.gitignore
index 5b8cc47..a11fe10 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,7 +3,7 @@
 /target/
 /app/target
 /app/pkg
-/model/target
+/auth/target
 
 # These are backup files generated by rustfmt
 **/*.rs.bk
diff --git a/Cargo.lock b/Cargo.lock
index ee4c860..d1f6836 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1721,7 +1721,7 @@ dependencies = [
  "juniper_actix",
  "jwt",
  "ldap3_server",
- "lldap_model",
+ "lldap_auth",
  "log",
  "mockall",
  "opaque-ke",
@@ -1752,7 +1752,7 @@ dependencies = [
  "graphql_client",
  "http",
  "jwt",
- "lldap_model",
+ "lldap_auth",
  "rand 0.8.3",
  "serde",
  "serde_json",
@@ -1763,7 +1763,7 @@ dependencies = [
 ]
 
 [[package]]
-name = "lldap_model"
+name = "lldap_auth"
 version = "0.1.0"
 dependencies = [
  "chrono",
diff --git a/Cargo.toml b/Cargo.toml
index eaf8af4..f6b01de 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,5 +1,5 @@
 [workspace]
-members = [".", "model", "app"]
+members = [".", "auth", "app"]
 
 [package]
 authors = ["Valentin Tolmer <valentin@tolmer.fr>", "Steve Barrau <steve.barrau@gmail.com>", "Thomas Wickham <mackwic@gmail.com>"]
@@ -30,7 +30,7 @@ hmac = "0.10"
 http = "*"
 jwt = "0.13"
 ldap3_server = "*"
-lldap_model = { path = "model" }
+lldap_auth = { path = "auth" }
 log = "*"
 orion = "0.16"
 serde = "*"
diff --git a/README.md b/README.md
index 5a9f8ea..694030a 100644
--- a/README.md
+++ b/README.md
@@ -49,13 +49,13 @@ Data storage:
 
 ### Code organization
 
-* `model/`: Contains the shared data, the interface between front and back-end.
-  The data is transferred by being serialized to JSON, for compatibility with
-  other HTTP-based clients.
+* `auth/`: Contains the shared structures needed for authentication, the
+  interface between front and back-end. In particular, it contains the OPAQUE
+  structures and the JWT format.
 * `app/`: The frontend.
 * `src/`: The backend.
   * `domain/`: Domain-specific logic: users, groups, checking passwords...
-  * `infra/`: API, both HTTP and LDAP
+  * `infra/`: API, both GraphQL and LDAP
 
 ## Authentication
 
@@ -99,7 +99,7 @@ We don't have a code of conduct, just be respectful and remember that it's just
 normal people doing this for free on their free time.
 
 Make sure that you run `cargo fmt` in each crate that you modified (top-level,
-`app/` and `model/`) before creating the PR.
+`app/` and `auth/`) before creating the PR.
 
 ### Setup
 
diff --git a/app/Cargo.toml b/app/Cargo.toml
index adb1fd7..e4cac1a 100644
--- a/app/Cargo.toml
+++ b/app/Cargo.toml
@@ -31,8 +31,8 @@ features = [
   "wasmbind"
 ]
 
-[dependencies.lldap_model]
-path = "../model"
+[dependencies.lldap_auth]
+path = "../auth"
 features = [ "opaque_client" ]
 
 [lib]
diff --git a/app/src/api.rs b/app/src/api.rs
index 149c58d..e3e671a 100644
--- a/app/src/api.rs
+++ b/app/src/api.rs
@@ -1,7 +1,7 @@
 use crate::cookies::set_cookie;
 use anyhow::{anyhow, Context, Result};
 use graphql_client::GraphQLQuery;
-use lldap_model::{login, registration, JWTClaims};
+use lldap_auth::{login, registration, JWTClaims};
 
 use yew::callback::Callback;
 use yew::format::Json;
diff --git a/app/src/create_user.rs b/app/src/create_user.rs
index c4587d5..5140c48 100644
--- a/app/src/create_user.rs
+++ b/app/src/create_user.rs
@@ -1,7 +1,7 @@
 use crate::api::HostService;
 use anyhow::{anyhow, Context, Result};
 use graphql_client::GraphQLQuery;
-use lldap_model::{opaque, registration};
+use lldap_auth::{opaque, registration};
 use yew::prelude::*;
 use yew::services::{fetch::FetchTask, ConsoleService};
 use yew_router::{
diff --git a/app/src/login.rs b/app/src/login.rs
index b787fb8..5829257 100644
--- a/app/src/login.rs
+++ b/app/src/login.rs
@@ -1,6 +1,6 @@
 use crate::api::HostService;
 use anyhow::{anyhow, Context, Result};
-use lldap_model::*;
+use lldap_auth::*;
 use wasm_bindgen::JsCast;
 use yew::prelude::*;
 use yew::services::{fetch::FetchTask, ConsoleService};
diff --git a/model/Cargo.toml b/auth/Cargo.toml
similarity index 98%
rename from model/Cargo.toml
rename to auth/Cargo.toml
index 4eec5a9..67ed87d 100644
--- a/model/Cargo.toml
+++ b/auth/Cargo.toml
@@ -1,5 +1,5 @@
 [package]
-name = "lldap_model"
+name = "lldap_auth"
 version = "0.1.0"
 authors = ["Valentin Tolmer <valentin@tolmer.fr>", "Steve Barrau <steve.barrau@gmail.com>", "Thomas Wickham <mackwic@gmail.com>"]
 edition = "2018"
diff --git a/model/src/lib.rs b/auth/src/lib.rs
similarity index 100%
rename from model/src/lib.rs
rename to auth/src/lib.rs
diff --git a/model/src/opaque.rs b/auth/src/opaque.rs
similarity index 100%
rename from model/src/opaque.rs
rename to auth/src/opaque.rs
diff --git a/src/domain/error.rs b/src/domain/error.rs
index 13c223c..103bca1 100644
--- a/src/domain/error.rs
+++ b/src/domain/error.rs
@@ -8,7 +8,7 @@ pub enum DomainError {
     #[error("Database error: `{0}`")]
     DatabaseError(#[from] sqlx::Error),
     #[error("Authentication protocol error for `{0}`")]
-    AuthenticationProtocolError(#[from] lldap_model::opaque::AuthenticationError),
+    AuthenticationProtocolError(#[from] lldap_auth::opaque::AuthenticationError),
     #[error("Unknown crypto error: `{0}`")]
     UnknownCryptoError(#[from] orion::errors::UnknownCryptoError),
     #[error("Binary serialization error: `{0}`")]
diff --git a/src/domain/opaque_handler.rs b/src/domain/opaque_handler.rs
index a0c0300..0e524e0 100644
--- a/src/domain/opaque_handler.rs
+++ b/src/domain/opaque_handler.rs
@@ -1,7 +1,7 @@
 use super::error::*;
 use async_trait::async_trait;
 
-pub use lldap_model::{login, registration};
+pub use lldap_auth::{login, registration};
 
 #[async_trait]
 pub trait OpaqueHandler: Clone + Send {
diff --git a/src/domain/sql_backend_handler.rs b/src/domain/sql_backend_handler.rs
index 44e3efd..165b627 100644
--- a/src/domain/sql_backend_handler.rs
+++ b/src/domain/sql_backend_handler.rs
@@ -234,7 +234,7 @@ mod tests {
     use super::*;
     use crate::domain::sql_tables::init_table;
     use crate::infra::configuration::ConfigurationBuilder;
-    use lldap_model::{opaque, registration};
+    use lldap_auth::{opaque, registration};
 
     fn get_default_config() -> Configuration {
         ConfigurationBuilder::default()
diff --git a/src/domain/sql_opaque_handler.rs b/src/domain/sql_opaque_handler.rs
index 332013a..93da601 100644
--- a/src/domain/sql_opaque_handler.rs
+++ b/src/domain/sql_opaque_handler.rs
@@ -6,7 +6,7 @@ use super::{
     sql_tables::*,
 };
 use async_trait::async_trait;
-use lldap_model::opaque;
+use lldap_auth::opaque;
 use log::*;
 use sea_query::{Expr, Iden, Query};
 use sqlx::Row;
diff --git a/src/infra/auth_service.rs b/src/infra/auth_service.rs
index e436617..ed0132e 100644
--- a/src/infra/auth_service.rs
+++ b/src/infra/auth_service.rs
@@ -21,7 +21,7 @@ use futures::future::{ok, Ready};
 use futures_util::{FutureExt, TryFutureExt};
 use hmac::Hmac;
 use jwt::{SignWithKey, VerifyWithKey};
-use lldap_model::{login, registration, JWTClaims};
+use lldap_auth::{login, registration, JWTClaims};
 use sha2::Sha512;
 use std::collections::{hash_map::DefaultHasher, HashSet};
 use std::hash::{Hash, Hasher};
diff --git a/src/infra/configuration.rs b/src/infra/configuration.rs
index 725f1b6..b2cce8c 100644
--- a/src/infra/configuration.rs
+++ b/src/infra/configuration.rs
@@ -3,7 +3,7 @@ use figment::{
     providers::{Env, Format, Serialized, Toml},
     Figment,
 };
-use lldap_model::opaque::{server::ServerSetup, KeyPair};
+use lldap_auth::opaque::{server::ServerSetup, KeyPair};
 use serde::{Deserialize, Serialize};
 
 use crate::infra::cli::RunOpts;