Posts

Hive Authentication Services - Announcement and Proposal

avatar of @arcange
25
@arcange
·
0 views
·
5 min read

What if you could authenticate on any website, desktop, or mobile app, just providing your Hive username but no password or private key, from any device?

And how about storing your private keys in one secure place and no longer having to provide them to (d)Apps to log in or sign transactions?

What if you could use your Hive account as you are used to with the Google, Facebook or Twitter button but in a more secure and decentralized way?

I have been working these last months on this revolutionary concept which will finally allow you to have a universal and easy-to-use authentication solution.

Introducing Hive Authentication Services

What are Hive Authentication Services?

The Hive Authentication Services (HAS) provide a way for any applications, (either web, desktop or mobile) to easily authenticate users, and additionally sign and broadcast transactions to the Hive blockchain, without asking them to provide any password or private key.

How does it work?

Note: The service description from here will deliberately disregard many technical details in order to keep a comprehensible reading for the layman. More in-depth information is available in the Documentation.

The Hive Authentication Services (HAS) act as a bridge between any Application (App) supporting the HAS protocol, any Private Key Storage Application (PKSA) supporting the HAS protocol and their respective users.

Any application can rely on HAS to authenticate users. It doesn't need to be a "Hive application", except if it plans to sign and broadcast transactions.

In most cases, the Private Key Storage Application (PKSA) is simply your preferred Hive Wallet application installed on your mobile

1. Authentication

When a user wants to login into an application, they will provide their Hive username.

When the user hit the sign-in button, the App will send an authentication request to the HAS and ask the user to start their favorite Private Key Storage Application (PKSA), typically an app installed on your mobile (like Hive Keychain for Mobile)

The user then opens their wallet and scans the QR code. Alternatively, if the app the user wants to sign in is a mobile app, the latest can use deep linking to bypass QR code display and trigger your device to install a wallet app or open it if already installed.

If your wallet stores the keys of the account that want to sign in to, it will ask for approval or denial of the authentication request by the user.

If the user approves the authentication request, the App will be informed by the HAS that the user has successfully authentication and that it can proceed with the user sign-in.

The application has 100% certainty that the account exists and that whoever signs in owns the account's private keys.

Likewise, the user has explicitly identified and approved the application for further interaction.

At this moment, the application session and the users are now registered with the HAS and can communicate with each other through a secure encrypted channel.

2. Signing and Broadcasting Transactions

Once an account is authenticated against an application, the latest can request the user to sign and broadcast transactions.

The user has the guarantee that the transaction requests come from the application with which he has just authenticated because both the app and the user have created a strong link through the authentication process and the HAS will filter out any transaction request from an unapproved application.

Similar to authentication, users will be able to approve or reject each transaction request that the approved applications will submit to them for signature.

Why use Hive Authentication Services?

  • As a Hive user You do not want to provide your Private Keys to Web, Desktop or Mobile apps but still want to be able to use them. However, it happens that you store your Private Keys in a trusted application (which you may have audited), like Hive Keychain, and wish you didn't have to enter them elsewhere.

  • As a Hive Application developer Implementing a secure solution for authentication (signing-in users), storing and protecting users' credentials, and broadcasting signed transactions to the Hive blockchain (providing access to users' private keys) can take significant effort. You must make sure to follow best practices and standards, and keep your implementation safe and up to date. By implementing Hive Authentication Services support into your application, all you have to do is to ask for a username, period!

  • As a Private Keys Storage Application developer While you are good at securing the data you store, i.e. accounts Private Keys, implementing cross-processes, cross-applications and cross-platforms secure communication channels can be cumbersome and hard to maintain. Integrating HAS into your Private Keys Storage Application will instantly turn it into a 2FA solution for any HAS compatible Hive Applications.

HAS is an out-of-the-box infrastructure that acts as middleware and facilitates the interactions between any applications and their users as long as they have a Hive account.

No longer will you have to put up with having a Facebook, Twitter or Gmail account, having to provide them with private information and being tracked for whatever you do.

Request for funding

This funding proposal aims to support an existing project that is way further than the MVP (Minimum Viable Project) stage and should be made publicly available soonTM.

The HAS infrastructure is deployed and operational. I have already made contact with a few application, front-end and wallet developers, who are currently working on integrating HAS into the solutions they offer.

We have moved step by step, without rushing, because this project touches on the security of user accounts.

However, I am extremely confident since I have now been using it personally for a few weeks.

What's the benefit for Hive?

Hive Authentication Services may become the first fully decentralized authentication service backed by a blockchain. This will allow the concept of *"Your account is your key" to become a reality, both for the Hive ecosystem and for the "outside world".

This opens the door to countless possibilities and promises incredible Hive blockchain development potential.

Budget

For this new proposal, we are applying for a daily budget of 325 HBD for a period of 12 months.

What's the funding for?

1. Work done for previous months

  • development and test of a HAS server
  • development and test of a HAS PKSA emulator
  • development and test of a HAS client library
  • Deployment and cost of existing infrastructure
  • Drafting of technical documentation for beta testers

2. Work still to be done

There is still a lot of work to be done, in terms of development, support and communication.

  • support for integration into existing Apps and PKSA
  • creation of a professional graphic chart
  • creation of documentation for users
  • creation of documentation for developers
  • creation of tutorials and related code examples
  • implement communication between multiple HAS servers to allow load balancing and failover
  • improve the redundancy and the scalability of the infrastructure
  • stress tests
  • and much more...

3. Regular work

  • Code maintenance and deployment
  • Support to users and developers
  • Documentation maintenance, both for users and developers
  • Communication and external awareness

4. Infrastructure

The HAS infrastructure is already up and running for months. It is a cornerstone of the project and, as long as we have not developed the redundancy and scalability functionalities mentioned above, proper functioning is essential.

  • Server(s) + Firewall
  • Security management and monitoring tools
  • Performances monitoring tools
  • domain(s) registration
  • Backup services

Commitment

All the code produced through this funding will be open-sourced.

Support

I have always been easy to reach, responsive and as helpful as possible. If you are a developer and want to test and implement HAS support into your application, feel free to contact me.

If you have any questions, drop a comment. Support for this service is provided on Discord


Support This Proposal:

Thank you for your support!