Seems like someones having a party and forgot to invite me.
First a suggestion on the name. Bitcoin Exchange Standards(BES), that way it covers stock, asset and currency exchanges.
Now let me tell you kiddies how we do things down at GLBSE.com(GLobal Bitcoin Stock Exchange).
We have no identifying information for account holders. When you create an account a RSA keypair is created.
We keep the public key, and a hash of the public key is your user id(we keep no emails no nothing).
You keep the private key.
We have 2 clients, command line and web based.
And they both pretty much work the same.
They use a protocol called VOP, Verified Order Protocol.
A json encode hash with the users id, a nonce, and request specific fields is base64 encoded.
The private key is used to sign this b64json, the signature is also base64 encoded.
Both are sent to the server in a single http post request.
The nonce is extracted, and checked against a nonce record. Having a nonce for each request prevents the same request being sent twice (say, at a later time by an attacker).
The signature and user id is extracted from the request.
The public key for that id is used to verify the requests signature.
If it's ok, then it's OK and all goes ahead.
If it's not (say changed by a some attacker) then the server returns an error and nothing more is processed.Client
If you're more security concerned (worried about some rogue website script stealing your keys) then the command line client is for you. Written in python, with the private key stored locally and encrypted with a password.Server
We don't use sessions, or anything to track between requests, don't need to, and it opens up holes.
By cutting down on what the server is trying to do (only verify if a request is legit, and then processing it, no gui stuff) we cut down on the scope of where vulnerabilities can fit in.
The server is meant to act as a finite state machine.
All input is checked, and returns errors if not correct.
We will be opensourcing the GLBSE platform in about 4 months.Next
Our next step is going to be to allow people to build currency exchage front ends, that don't hold any bitcoin, the front ends sole role is to handle interfacing with the bank account and manage customers deposits and withdrawls to the currency exchange.
The bitcoin itself is kept safe and sound on glbse.com, and GLBSE becomes the unified market that all the currency is traded on.
Lets assume mtgox and britcoin started having front ends to GLBSE, then when users deposited money to mtgox or britcoin bank accounts they automatically get issued mtgox.USD or brit.GBP assets on GLBSE which they can then trade, safely and securely.
So in short kiddies, keep it simple, keep it safe.
Questions, suggestions and any security holes(real and theoretical) please post below, happy to hear about them.