Bitcoin Forum
July 22, 2017, 08:43:18 PM *
News: The warning which may be displayed by Bitcoin Core about unknown versions is related to BIP91, and can be safely ignored.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 [4] 5 6 7 8 »  All
  Print  
Author Topic: [BIP][Draft] BitID - "Connect with Bitcoin" protocol  (Read 21445 times)
EricKennedy
Sr. Member
****
Offline Offline

Activity: 360

CEO, Ledger


View Profile WWW
May 08, 2014, 09:15:59 PM
 #61

BitID has now a Javscript implementation :
https://github.com/porkchop/bitid-js

Decentralized search
Search for products or services and get paid for it
pre-sale Token CAT
25 July 50% discount
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1500756198
Hero Member
*
Offline Offline

Posts: 1500756198

View Profile Personal Message (Offline)

Ignore
1500756198
Reply with quote  #2

1500756198
Report to moderator
1500756198
Hero Member
*
Offline Offline

Posts: 1500756198

View Profile Personal Message (Offline)

Ignore
1500756198
Reply with quote  #2

1500756198
Report to moderator
Mitchell
Staff
Legendary
*
Offline Offline

Activity: 1512


Verified awesomeness ✔


View Profile WWW
May 13, 2014, 01:04:03 PM
 #62

I don't know if this has been posted before but BitID is on CoinDesk: Authentication Protocol BitID Lets Users ‘Connect with Bitcoin’

sclaggett
Jr. Member
*
Offline Offline

Activity: 45


View Profile
May 13, 2014, 03:38:55 PM
 #63

This is an interesting project and I think there have been a lot of good comments on development side.

The question as some others have noted is "What is the specific need?" 

We have OpenID and many other authentication systems used by websites today so what are the core advantages to this?
Mitchell
Staff
Legendary
*
Offline Offline

Activity: 1512


Verified awesomeness ✔


View Profile WWW
May 13, 2014, 05:53:18 PM
 #64

This is an interesting project and I think there have been a lot of good comments on development side.

The question as some others have noted is "What is the specific need?" 

We have OpenID and many other authentication systems used by websites today so what are the core advantages to this?
OpenID, Connect with Facebook and all those other systems leak personal information to a website. BitID limits it to a Bitcoin address (which you don't have to use). That is one of it's biggest advantages if you ask me.

Correct me if I am wrong EricKennedy

laurentmt
Sr. Member
****
Offline Offline

Activity: 386


View Profile
May 14, 2014, 03:24:25 PM
 #65

This is an interesting project and I think there have been a lot of good comments on development side.

The question as some others have noted is "What is the specific need?" 

We have OpenID and many other authentication systems used by websites today so what are the core advantages to this?

Let's have a thought experiment: After a long week, you decide to have some fun and go to the movie theater.
You: Hi ! May I have 2 seats for the wolf of wall street ?
Cashier: Sure ! May you fill this form with your civility, firstname, lastname, address, phone number, credit card number, expiry date and CVV2 ?
You: ...
Cashier: ...?
You: wtf ?!!!

In real life, payment is the only thing required to finalize a transaction with a merchant. Sometimes it makes sense to disclose personal data but these cases are exceptions (when you expect a delivery, when you rent an expensive good, ...). In the digital world, disclosing personal data to access bought goods or services has always been the rule but this model has several drawbacks:
- it's conceptually wrong: it introduces the concept of identity in processes which should not rely on identity,
- it requires customers give personal information without any additional gain for them,
- it requires e-merchants act as secure data hosts, when their core business is selling products or services,
- it frequently results in data leaks producing nuisances like hacked accounts, phishing, spam,...

BitId protocol (associated to bitcoin and payment protocols) can be used to improve the current model existing in the digital world.
Imho, its main strengths are:
- a very good UX (as stated by @EricKennedy "BitId is 80% UX and 20% code"),
- users just have to secure one "database" (their bitcoin wallet),
- BitId and Bitcoin protocols are built on the same crypto stack (ecdsa, secp256k1, ...). All efforts done to detect potential flaws in this stack for Bitcoin will profit to BitId.

And of course, this is just one use case. Many others can be imagined...
wbaw
Member
**
Offline Offline

Activity: 62


View Profile WWW
May 16, 2014, 01:03:34 AM
 #66

https://nameid.org has done this for a while with Namecoin, there's php source code for it & a firefox plugin. Try to make your implementation fairly closely compatible if possible.

EricKennedy
Sr. Member
****
Offline Offline

Activity: 360

CEO, Ledger


View Profile WWW
May 16, 2014, 08:38:51 AM
 #67

NameID is about storing your identity into Namecoin, BitID is about authenticating to a service by proving you control a Bitcoin address.

BitID and NameID complement themselves.

For instance :
1. you sign in on a service with your BTC address using BitID
2. the service queries NameID and retrieves the identity (name, email, avatar...) attached to this address

EricKennedy
Sr. Member
****
Offline Offline

Activity: 360

CEO, Ledger


View Profile WWW
May 17, 2014, 11:26:20 AM
 #68

Here is one implementation of a simple BitID client in Python :
https://github.com/antonio-fr/SimpleBitID

You can install it on windows (.exe in release section), MacOS or Linux and test the user flow with the demo service :
http://bitid.bitcoin.blue

Mitchell
Staff
Legendary
*
Offline Offline

Activity: 1512


Verified awesomeness ✔


View Profile WWW
May 17, 2014, 11:35:22 AM
 #69

Glad to see so much progress. You are doing a great job dude. Keep it up Smiley

daniel.socials
Newbie
*
Offline Offline

Activity: 5

love program, hate programer


View Profile
May 22, 2014, 09:05:10 AM
 #70

The site http://txid.co start support BitId login now!
Its a bitcoin news aggregate site for chinese peoples.
Mitchell
Staff
Legendary
*
Offline Offline

Activity: 1512


Verified awesomeness ✔


View Profile WWW
May 22, 2014, 09:18:30 AM
 #71

The site http://txid.co start support BitId login now!
Its a bitcoin news aggregate site for chinese peoples.

That is amazing news. I am so happy that this project is moving forward!

OneBTCJay
Newbie
*
Offline Offline

Activity: 27


View Profile
May 22, 2014, 11:49:58 PM
 #72

libpam-bitid: A PAM module to use a bitcoin address for credentials.

This is a linux PAM implementation of the BitID protocol. Linux system access is granted using just a bitcoin address.

It currently supports pam.d configuration for console or telnet login.

Github: https://github.com/angrycod/libpam-bitid

Example output:

Code:
$ telnet localhost
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Ubuntu 13.10
bitcoin address: 1DvRd44mD8EuCcym8zymYzabvmozwZ5r8G
challenge message: dbcbd542b29a3c4298651035ae6eaed3
signature: HE8DDp4eAEy61417XTPAQTOqPBcLP2h0Y0sTB9hfFILCv8ZpLzdH6dh/z6+o7A4VwwjM1Qq2SFVcgyf7U51JhdE=
Last login: Wed May 21 18:42:01 PDT 2014 from localhost on pts/17
Welcome to Ubuntu 13.10 (GNU/Linux 3.11.0-12-generic x86_64)

btctest:~$
laurentmt
Sr. Member
****
Offline Offline

Activity: 386


View Profile
May 31, 2014, 07:00:09 PM
 #73

Thanks to manuelzs, django developers can now play with BitId (Github - Pypy)
Falkvinge
Jr. Member
*
Offline Offline

Activity: 31


View Profile
June 15, 2014, 03:21:08 PM
 #74

Chiming in:

This particular protocol is the best to happen to usable security in a very, very long time.

This simple protocol extension offers two-factor authentication at higher usability and security than a one-factor login/password combo.

Assuming most people have some sort of screen lock on their phones, this provides for a two-factor authentication at the ease of pointing your phone at the screen. Bravo! Applause!

I actually wanted to start implementing this protocol server-side today, and was surprised to see that my Android wallet didn't yet have support for it.

I can't wait to offer something as simple and secure as this to users of my systems.

Cheers,
Rick
EricKennedy
Sr. Member
****
Offline Offline

Activity: 360

CEO, Ledger


View Profile WWW
June 16, 2014, 09:10:04 AM
 #75

Right now, there is only a fork of Android Bitcoin Wallet supporting BitID
https://github.com/bitid/bitcoin-wallet

We need to finish it (missing some UI touch), and then submit a pull request to hopefully have it integrated into the main client.
The problem is I don't have much time right now Smiley I wish I could find another Android coder to help me.

Eric

Mitchell
Staff
Legendary
*
Offline Offline

Activity: 1512


Verified awesomeness ✔


View Profile WWW
June 25, 2014, 10:53:41 AM
 #76

Quote
Andreas Petersson
Diskussion  -  12:39
v1.2.15 pushed to github, testnet + beta testers.

please have a close look at the latest changes
*) email notifications for local trader
*) navigation bugfixes after notifications
*) experimental BitID support (testnet only)
Source: Google+ Beta Tester Group

Going good Eric Grin

Mitchell
Staff
Legendary
*
Offline Offline

Activity: 1512


Verified awesomeness ✔


View Profile WWW
July 01, 2014, 09:26:49 PM
 #77

BitAuth seems to look a lot like BitID or am I just plain stupid?

laurentmt
Sr. Member
****
Offline Offline

Activity: 386


View Profile
July 01, 2014, 11:18:23 PM
 #78

BitAuth seems to look a lot like BitID or am I just plain stupid?
Grin
Main difference seems to be in nonce generation (client-side for BitAuth) but I'm not fond of this choice.

Edit: Another difference is that each request to the server is signed by BitAuth. I like the idea even if signing all requests may be a bit overkill. It also explains why the nonce is generated client-side.
trasla
Hero Member
*****
Offline Offline

Activity: 711



View Profile
July 11, 2014, 01:19:41 PM
 #79

Are there any best practice proposals to decide which key to use to sign?
Like using my HD master private key, appending the hostname, hashing, and using that as new private key for signing in?
Using the same mechanism for identity management would allow users to use their identity from within different wallets which have the same key / seed.
EricKennedy
Sr. Member
****
Offline Offline

Activity: 360

CEO, Ledger


View Profile WWW
July 11, 2014, 01:30:36 PM
 #80

Right now best practice is to generate arbitrary key from a domain and save it into a local db.
It could indeed be replaced by hashing an HD master key with the domain name, thus avoiding the need of such db.

Pages: « 1 2 3 [4] 5 6 7 8 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!