BitID (alpha)Pure Bitcoin sites and applications shouldn’t have to rely on artificial identification methods such as usernames and passwords. BitID is an open protocol allowing simple and secure authentication using public-key cryptography.
By authentication we mean to prove to a service/application that we control a specific Bitcoin address, and that all related data/settings could securely be attributed to our session.
Why ?When they need to deal with Bitcoin services, users already own at least one public and private key-pair: their Bitcoin addresses. Using their wallet for authentication purposes has many benefits :
- "one-click" registration and login procedures
- no need to remember or duplicate passwords
- the server only knows and stores the users's public key
- authentication by a Bitcoin address allows the service to use it (ie: Mining pool payment address)
- optionally, connect to a decentralized identification system in order to populate registration fields (nickname, email ...)
Of course, these benefits mostly apply for Bitcoin related services, leveraging the fact that users already have a wallet and presumably took all the necessary steps to protect and back it up. For non-cryptocurrency-related services, other authentication services such as OpenID or Facebook connect may be better suited.
How does it work ?Authentication is done via signing a challenge with the public key we want to authenticate with, and sending the result to a callback URL. Upon verification, access is granted.
This is nothing new and some websites already use this kind of authentication system. BitID aims to propose a standardise a protocole in order to have full compatibility between services and the best UX possible.
The goal is to add BitID natively into all the popular wallets, to the challenge / signing / callback can be smoothly processed with a minimum of user interaction.
Please refer to the full protocol description to get all details and screenshots of the UX
https://github.com/bitid/bitidDemoA basic implementation demonstration is available here :
http://bitid-demo.herokuapp.com/Source code of the implementation is available here :
https://github.com/bitid/bitid-demoYou will need to select the manual authentication (there isn't a BitID compatible wallet right now), and to manualy sign the challenge. The UX is quite combersome compared to what we want to achieve using native wallet implementation, but it shows the concept.
Roadmap- finalizing the protocol with the help of the communauty
- implement server libraries for BitID (Ruby, JS, ...)
- native BitID implementation in major Bitcoin wallets (we will propose bounties to speed up the process)
- official release and announcements for the developers
All feedback, ideas and contributions are welcome.
BitID aims to facilitate the sign up and login process to Bitcoin related services, as well as opening gates to new kind of apps (Hotel rooms unlockable by a wallet after blockchain payment verification...). In the spirit, this project is 80% UX and 20% code.
Eric
