Bitcoin Forum
March 28, 2024, 07:59:30 PM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 [4] 5 6 7 8 »  All
  Print  
Author Topic: [BIP][Draft] BitID - "Connect with Bitcoin" protocol  (Read 22679 times)
sclaggett
Newbie
*
Offline Offline

Activity: 45
Merit: 0


View Profile
May 13, 2014, 03:38:55 PM
 #61

This is an interesting project and I think there have been a lot of good comments on development side.

The question as some others have noted is "What is the specific need?" 

We have OpenID and many other authentication systems used by websites today so what are the core advantages to this?
1711655970
Hero Member
*
Offline Offline

Posts: 1711655970

View Profile Personal Message (Offline)

Ignore
1711655970
Reply with quote  #2

1711655970
Report to moderator
1711655970
Hero Member
*
Offline Offline

Posts: 1711655970

View Profile Personal Message (Offline)

Ignore
1711655970
Reply with quote  #2

1711655970
Report to moderator
BitcoinCleanup.com: Learn why Bitcoin isn't bad for the environment
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1711655970
Hero Member
*
Offline Offline

Posts: 1711655970

View Profile Personal Message (Offline)

Ignore
1711655970
Reply with quote  #2

1711655970
Report to moderator
1711655970
Hero Member
*
Offline Offline

Posts: 1711655970

View Profile Personal Message (Offline)

Ignore
1711655970
Reply with quote  #2

1711655970
Report to moderator
1711655970
Hero Member
*
Offline Offline

Posts: 1711655970

View Profile Personal Message (Offline)

Ignore
1711655970
Reply with quote  #2

1711655970
Report to moderator
Mitchell
Copper Member
Legendary
*
Offline Offline

Activity: 3878
Merit: 2185


Verified awesomeness ✔


View Profile WWW
May 13, 2014, 05:53:18 PM
 #62

This is an interesting project and I think there have been a lot of good comments on development side.

The question as some others have noted is "What is the specific need?" 

We have OpenID and many other authentication systems used by websites today so what are the core advantages to this?
OpenID, Connect with Facebook and all those other systems leak personal information to a website. BitID limits it to a Bitcoin address (which you don't have to use). That is one of it's biggest advantages if you ask me.

Correct me if I am wrong EricKennedy

.
Duelbits
            ▄████▄▄
          ▄█████████▄
        ▄█████████████▄
     ▄██████████████████▄
   ▄████▄▄▄█████████▄▄▄███▄
 ▄████▐▀▄▄▀▌████▐▀▄▄▀▌██

 ██████▀▀▀▀███████▀▀▀▀█████

▐████████████■▄▄▄■██████████▀
▐██████████████████████████▀
██████████████████████████▀
▀███████████████████████▀
  ▀███████████████████▀
    ▀███████████████▀
.
         ▄ ▄▄▀▀▀▀▄▄
         ▄▀▀▄      █
         █   ▀▄     █
       ▄█▄     ▀▄   █
      ▄▀ ▀▄      ▀█▀
    ▄▀     ▀█▄▄▄▀▀ ▀
  ▄▀  ▄▀  ▄▀

Live Games

   ▄▄▀▀▀▀▀▀▀▄▄
 ▄▀ ▄▄▀▀▀▀▀▄▄ ▀▄
▄▀ █ ▄  █  ▄ █ ▀▄
█ █   ▀   ▀   █ █  ▄▄▄
█ ▀▀▀▀▀▀▀▀▀▀▀▀▀ █ █   █
█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█  █▄█
█ ▀▀█  ▀▀█  ▀▀█ █  █▄█

Slots
.
        ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄
        █         ▄▄  █
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄       █
█  ▄▄         █       █
█             █       █
█   ▄▀▀▄▀▀▄   █       █
█   ▀▄   ▄▀   █       █

Blackjack
|█▀▀▀▀▀█▄▄▄
       ▀████▄▄
         ██████▄
▄▄▄▄▄▄▄▄█▀    ▀▀█
████████▄        █
█████████▄        █
██████████▄     ▄██
█████████▀▀▀█▄▄████
▀▀███▀▀       ████
   █          ███
   █          █▀
▄█████▄▄▄ ▄▄▀▀
███████▀▀▀
.
                 NEW!                  
SPORTS BETTING 
|||
[ Đ ][ Ł ]
AVAILABLE NOW

Advertisements are not endorsed by me.
laurentmt
Sr. Member
****
Offline Offline

Activity: 384
Merit: 258


View Profile
May 14, 2014, 03:24:25 PM
 #63

This is an interesting project and I think there have been a lot of good comments on development side.

The question as some others have noted is "What is the specific need?" 

We have OpenID and many other authentication systems used by websites today so what are the core advantages to this?

Let's have a thought experiment: After a long week, you decide to have some fun and go to the movie theater.
You: Hi ! May I have 2 seats for the wolf of wall street ?
Cashier: Sure ! May you fill this form with your civility, firstname, lastname, address, phone number, credit card number, expiry date and CVV2 ?
You: ...
Cashier: ...?
You: wtf ?!!!

In real life, payment is the only thing required to finalize a transaction with a merchant. Sometimes it makes sense to disclose personal data but these cases are exceptions (when you expect a delivery, when you rent an expensive good, ...). In the digital world, disclosing personal data to access bought goods or services has always been the rule but this model has several drawbacks:
- it's conceptually wrong: it introduces the concept of identity in processes which should not rely on identity,
- it requires customers give personal information without any additional gain for them,
- it requires e-merchants act as secure data hosts, when their core business is selling products or services,
- it frequently results in data leaks producing nuisances like hacked accounts, phishing, spam,...

BitId protocol (associated to bitcoin and payment protocols) can be used to improve the current model existing in the digital world.
Imho, its main strengths are:
- a very good UX (as stated by @EricKennedy "BitId is 80% UX and 20% code"),
- users just have to secure one "database" (their bitcoin wallet),
- BitId and Bitcoin protocols are built on the same crypto stack (ecdsa, secp256k1, ...). All efforts done to detect potential flaws in this stack for Bitcoin will profit to BitId.

And of course, this is just one use case. Many others can be imagined...
wbaw
Member
**
Offline Offline

Activity: 62
Merit: 10


View Profile WWW
May 16, 2014, 01:03:34 AM
 #64

https://nameid.org has done this for a while with Namecoin, there's php source code for it & a firefox plugin. Try to make your implementation fairly closely compatible if possible.

EricKennedy (OP)
Sr. Member
****
Offline Offline

Activity: 360
Merit: 250

CEO, Ledger


View Profile WWW
May 16, 2014, 08:38:51 AM
 #65

NameID is about storing your identity into Namecoin, BitID is about authenticating to a service by proving you control a Bitcoin address.

BitID and NameID complement themselves.

For instance :
1. you sign in on a service with your BTC address using BitID
2. the service queries NameID and retrieves the identity (name, email, avatar...) attached to this address

EricKennedy (OP)
Sr. Member
****
Offline Offline

Activity: 360
Merit: 250

CEO, Ledger


View Profile WWW
May 17, 2014, 11:26:20 AM
 #66

Here is one implementation of a simple BitID client in Python :
https://github.com/antonio-fr/SimpleBitID

You can install it on windows (.exe in release section), MacOS or Linux and test the user flow with the demo service :
http://bitid.bitcoin.blue

Mitchell
Copper Member
Legendary
*
Offline Offline

Activity: 3878
Merit: 2185


Verified awesomeness ✔


View Profile WWW
May 17, 2014, 11:35:22 AM
 #67

Glad to see so much progress. You are doing a great job dude. Keep it up Smiley

.
Duelbits
            ▄████▄▄
          ▄█████████▄
        ▄█████████████▄
     ▄██████████████████▄
   ▄████▄▄▄█████████▄▄▄███▄
 ▄████▐▀▄▄▀▌████▐▀▄▄▀▌██

 ██████▀▀▀▀███████▀▀▀▀█████

▐████████████■▄▄▄■██████████▀
▐██████████████████████████▀
██████████████████████████▀
▀███████████████████████▀
  ▀███████████████████▀
    ▀███████████████▀
.
         ▄ ▄▄▀▀▀▀▄▄
         ▄▀▀▄      █
         █   ▀▄     █
       ▄█▄     ▀▄   █
      ▄▀ ▀▄      ▀█▀
    ▄▀     ▀█▄▄▄▀▀ ▀
  ▄▀  ▄▀  ▄▀

Live Games

   ▄▄▀▀▀▀▀▀▀▄▄
 ▄▀ ▄▄▀▀▀▀▀▄▄ ▀▄
▄▀ █ ▄  █  ▄ █ ▀▄
█ █   ▀   ▀   █ █  ▄▄▄
█ ▀▀▀▀▀▀▀▀▀▀▀▀▀ █ █   █
█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█  █▄█
█ ▀▀█  ▀▀█  ▀▀█ █  █▄█

Slots
.
        ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄
        █         ▄▄  █
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄       █
█  ▄▄         █       █
█             █       █
█   ▄▀▀▄▀▀▄   █       █
█   ▀▄   ▄▀   █       █

Blackjack
|█▀▀▀▀▀█▄▄▄
       ▀████▄▄
         ██████▄
▄▄▄▄▄▄▄▄█▀    ▀▀█
████████▄        █
█████████▄        █
██████████▄     ▄██
█████████▀▀▀█▄▄████
▀▀███▀▀       ████
   █          ███
   █          █▀
▄█████▄▄▄ ▄▄▀▀
███████▀▀▀
.
                 NEW!                  
SPORTS BETTING 
|||
[ Đ ][ Ł ]
AVAILABLE NOW

Advertisements are not endorsed by me.
daniel.socials
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
May 22, 2014, 09:05:10 AM
 #68

The site http://txid.co start support BitId login now!
Its a bitcoin news aggregate site for chinese peoples.
Mitchell
Copper Member
Legendary
*
Offline Offline

Activity: 3878
Merit: 2185


Verified awesomeness ✔


View Profile WWW
May 22, 2014, 09:18:30 AM
 #69

The site http://txid.co start support BitId login now!
Its a bitcoin news aggregate site for chinese peoples.

That is amazing news. I am so happy that this project is moving forward!

.
Duelbits
            ▄████▄▄
          ▄█████████▄
        ▄█████████████▄
     ▄██████████████████▄
   ▄████▄▄▄█████████▄▄▄███▄
 ▄████▐▀▄▄▀▌████▐▀▄▄▀▌██

 ██████▀▀▀▀███████▀▀▀▀█████

▐████████████■▄▄▄■██████████▀
▐██████████████████████████▀
██████████████████████████▀
▀███████████████████████▀
  ▀███████████████████▀
    ▀███████████████▀
.
         ▄ ▄▄▀▀▀▀▄▄
         ▄▀▀▄      █
         █   ▀▄     █
       ▄█▄     ▀▄   █
      ▄▀ ▀▄      ▀█▀
    ▄▀     ▀█▄▄▄▀▀ ▀
  ▄▀  ▄▀  ▄▀

Live Games

   ▄▄▀▀▀▀▀▀▀▄▄
 ▄▀ ▄▄▀▀▀▀▀▄▄ ▀▄
▄▀ █ ▄  █  ▄ █ ▀▄
█ █   ▀   ▀   █ █  ▄▄▄
█ ▀▀▀▀▀▀▀▀▀▀▀▀▀ █ █   █
█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█  █▄█
█ ▀▀█  ▀▀█  ▀▀█ █  █▄█

Slots
.
        ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄
        █         ▄▄  █
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄       █
█  ▄▄         █       █
█             █       █
█   ▄▀▀▄▀▀▄   █       █
█   ▀▄   ▄▀   █       █

Blackjack
|█▀▀▀▀▀█▄▄▄
       ▀████▄▄
         ██████▄
▄▄▄▄▄▄▄▄█▀    ▀▀█
████████▄        █
█████████▄        █
██████████▄     ▄██
█████████▀▀▀█▄▄████
▀▀███▀▀       ████
   █          ███
   █          █▀
▄█████▄▄▄ ▄▄▀▀
███████▀▀▀
.
                 NEW!                  
SPORTS BETTING 
|||
[ Đ ][ Ł ]
AVAILABLE NOW

Advertisements are not endorsed by me.
OneBTCJay
Newbie
*
Offline Offline

Activity: 27
Merit: 0


View Profile
May 22, 2014, 11:49:58 PM
 #70

libpam-bitid: A PAM module to use a bitcoin address for credentials.

This is a linux PAM implementation of the BitID protocol. Linux system access is granted using just a bitcoin address.

It currently supports pam.d configuration for console or telnet login.

Github: https://github.com/angrycod/libpam-bitid

Example output:

Code:
$ telnet localhost
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Ubuntu 13.10
bitcoin address: 1DvRd44mD8EuCcym8zymYzabvmozwZ5r8G
challenge message: dbcbd542b29a3c4298651035ae6eaed3
signature: HE8DDp4eAEy61417XTPAQTOqPBcLP2h0Y0sTB9hfFILCv8ZpLzdH6dh/z6+o7A4VwwjM1Qq2SFVcgyf7U51JhdE=
Last login: Wed May 21 18:42:01 PDT 2014 from localhost on pts/17
Welcome to Ubuntu 13.10 (GNU/Linux 3.11.0-12-generic x86_64)

btctest:~$
laurentmt
Sr. Member
****
Offline Offline

Activity: 384
Merit: 258


View Profile
May 31, 2014, 07:00:09 PM
 #71

Thanks to manuelzs, django developers can now play with BitId (Github - Pypy)
Falkvinge
Newbie
*
Offline Offline

Activity: 31
Merit: 0


View Profile
June 15, 2014, 03:21:08 PM
 #72

Chiming in:

This particular protocol is the best to happen to usable security in a very, very long time.

This simple protocol extension offers two-factor authentication at higher usability and security than a one-factor login/password combo.

Assuming most people have some sort of screen lock on their phones, this provides for a two-factor authentication at the ease of pointing your phone at the screen. Bravo! Applause!

I actually wanted to start implementing this protocol server-side today, and was surprised to see that my Android wallet didn't yet have support for it.

I can't wait to offer something as simple and secure as this to users of my systems.

Cheers,
Rick
EricKennedy (OP)
Sr. Member
****
Offline Offline

Activity: 360
Merit: 250

CEO, Ledger


View Profile WWW
June 16, 2014, 09:10:04 AM
 #73

Right now, there is only a fork of Android Bitcoin Wallet supporting BitID
https://github.com/bitid/bitcoin-wallet

We need to finish it (missing some UI touch), and then submit a pull request to hopefully have it integrated into the main client.
The problem is I don't have much time right now Smiley I wish I could find another Android coder to help me.

Eric

Mitchell
Copper Member
Legendary
*
Offline Offline

Activity: 3878
Merit: 2185


Verified awesomeness ✔


View Profile WWW
June 25, 2014, 10:53:41 AM
 #74

Quote
Andreas Petersson
Diskussion  -  12:39
v1.2.15 pushed to github, testnet + beta testers.

please have a close look at the latest changes
*) email notifications for local trader
*) navigation bugfixes after notifications
*) experimental BitID support (testnet only)
Source: Google+ Beta Tester Group

Going good Eric Grin

.
Duelbits
            ▄████▄▄
          ▄█████████▄
        ▄█████████████▄
     ▄██████████████████▄
   ▄████▄▄▄█████████▄▄▄███▄
 ▄████▐▀▄▄▀▌████▐▀▄▄▀▌██

 ██████▀▀▀▀███████▀▀▀▀█████

▐████████████■▄▄▄■██████████▀
▐██████████████████████████▀
██████████████████████████▀
▀███████████████████████▀
  ▀███████████████████▀
    ▀███████████████▀
.
         ▄ ▄▄▀▀▀▀▄▄
         ▄▀▀▄      █
         █   ▀▄     █
       ▄█▄     ▀▄   █
      ▄▀ ▀▄      ▀█▀
    ▄▀     ▀█▄▄▄▀▀ ▀
  ▄▀  ▄▀  ▄▀

Live Games

   ▄▄▀▀▀▀▀▀▀▄▄
 ▄▀ ▄▄▀▀▀▀▀▄▄ ▀▄
▄▀ █ ▄  █  ▄ █ ▀▄
█ █   ▀   ▀   █ █  ▄▄▄
█ ▀▀▀▀▀▀▀▀▀▀▀▀▀ █ █   █
█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█  █▄█
█ ▀▀█  ▀▀█  ▀▀█ █  █▄█

Slots
.
        ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄
        █         ▄▄  █
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄       █
█  ▄▄         █       █
█             █       █
█   ▄▀▀▄▀▀▄   █       █
█   ▀▄   ▄▀   █       █

Blackjack
|█▀▀▀▀▀█▄▄▄
       ▀████▄▄
         ██████▄
▄▄▄▄▄▄▄▄█▀    ▀▀█
████████▄        █
█████████▄        █
██████████▄     ▄██
█████████▀▀▀█▄▄████
▀▀███▀▀       ████
   █          ███
   █          █▀
▄█████▄▄▄ ▄▄▀▀
███████▀▀▀
.
                 NEW!                  
SPORTS BETTING 
|||
[ Đ ][ Ł ]
AVAILABLE NOW

Advertisements are not endorsed by me.
Mitchell
Copper Member
Legendary
*
Offline Offline

Activity: 3878
Merit: 2185


Verified awesomeness ✔


View Profile WWW
July 01, 2014, 09:26:49 PM
 #75

BitAuth seems to look a lot like BitID or am I just plain stupid?

.
Duelbits
            ▄████▄▄
          ▄█████████▄
        ▄█████████████▄
     ▄██████████████████▄
   ▄████▄▄▄█████████▄▄▄███▄
 ▄████▐▀▄▄▀▌████▐▀▄▄▀▌██

 ██████▀▀▀▀███████▀▀▀▀█████

▐████████████■▄▄▄■██████████▀
▐██████████████████████████▀
██████████████████████████▀
▀███████████████████████▀
  ▀███████████████████▀
    ▀███████████████▀
.
         ▄ ▄▄▀▀▀▀▄▄
         ▄▀▀▄      █
         █   ▀▄     █
       ▄█▄     ▀▄   █
      ▄▀ ▀▄      ▀█▀
    ▄▀     ▀█▄▄▄▀▀ ▀
  ▄▀  ▄▀  ▄▀

Live Games

   ▄▄▀▀▀▀▀▀▀▄▄
 ▄▀ ▄▄▀▀▀▀▀▄▄ ▀▄
▄▀ █ ▄  █  ▄ █ ▀▄
█ █   ▀   ▀   █ █  ▄▄▄
█ ▀▀▀▀▀▀▀▀▀▀▀▀▀ █ █   █
█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█  █▄█
█ ▀▀█  ▀▀█  ▀▀█ █  █▄█

Slots
.
        ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄
        █         ▄▄  █
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄       █
█  ▄▄         █       █
█             █       █
█   ▄▀▀▄▀▀▄   █       █
█   ▀▄   ▄▀   █       █

Blackjack
|█▀▀▀▀▀█▄▄▄
       ▀████▄▄
         ██████▄
▄▄▄▄▄▄▄▄█▀    ▀▀█
████████▄        █
█████████▄        █
██████████▄     ▄██
█████████▀▀▀█▄▄████
▀▀███▀▀       ████
   █          ███
   █          █▀
▄█████▄▄▄ ▄▄▀▀
███████▀▀▀
.
                 NEW!                  
SPORTS BETTING 
|||
[ Đ ][ Ł ]
AVAILABLE NOW

Advertisements are not endorsed by me.
laurentmt
Sr. Member
****
Offline Offline

Activity: 384
Merit: 258


View Profile
July 01, 2014, 11:18:23 PM
Last edit: July 02, 2014, 12:52:18 AM by laurentmt
 #76

BitAuth seems to look a lot like BitID or am I just plain stupid?
Grin
Main difference seems to be in nonce generation (client-side for BitAuth) but I'm not fond of this choice.

Edit: Another difference is that each request to the server is signed by BitAuth. I like the idea even if signing all requests may be a bit overkill. It also explains why the nonce is generated client-side.
trasla
Hero Member
*****
Offline Offline

Activity: 707
Merit: 500



View Profile
July 11, 2014, 01:19:41 PM
 #77

Are there any best practice proposals to decide which key to use to sign?
Like using my HD master private key, appending the hostname, hashing, and using that as new private key for signing in?
Using the same mechanism for identity management would allow users to use their identity from within different wallets which have the same key / seed.
EricKennedy (OP)
Sr. Member
****
Offline Offline

Activity: 360
Merit: 250

CEO, Ledger


View Profile WWW
July 11, 2014, 01:30:36 PM
 #78

Right now best practice is to generate arbitrary key from a domain and save it into a local db.
It could indeed be replaced by hashing an HD master key with the domain name, thus avoiding the need of such db.

wbaw
Member
**
Offline Offline

Activity: 62
Merit: 10


View Profile WWW
July 30, 2014, 12:13:04 PM
 #79

NameID is about storing your identity into Namecoin, BitID is about authenticating to a service by proving you control a Bitcoin address.

BitID and NameID complement themselves.

For instance :
1. you sign in on a service with your BTC address using BitID
2. the service queries NameID and retrieves the identity (name, email, avatar...) attached to this address

Sorry, but NameID does both, you're repeating work. You can log in using NameID to prove you own the Namecoin address linked to your Namecoin ID information. That's how it has worked for a while.

laurentmt
Sr. Member
****
Offline Offline

Activity: 384
Merit: 258


View Profile
August 05, 2014, 12:49:53 AM
 #80

Sorry, but NameID does both, you're repeating work. You can log in using NameID to prove you own the Namecoin address linked to your Namecoin ID information. That's how it has worked for a while.
You're right but there's an important difference between NameId and BitID:
  • NameID relies on OpenID which is a nice system but requires a third-party (the identity provider) to let you authenticate.
  • With BitID, no third-party is required. It's just your wallet and the website.

Both systems have their strengths and their weaknesses. It's a matter of choice.
Pages: « 1 2 3 [4] 5 6 7 8 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!