I hope this wasn't covered before, couldn't find any references (but didn't look too hard)...
BitcoinSpinner is a great mobile client, but the real magic happens underneath, in the BCCAPI server that has the blockchain and the pub keys, but no priv keys. It can then prepare transactions but the client, holding the priv key, needs to sign and resubmit to the server so it can then push the signed transaction to the network.
This has many advantages for web services, such as removing the need to either have a separate bitcoind with a full blockchain for each service or share a daemon/blockchain but also the risk of holding all coins together. Also makes upgrading the server much easier, and allows the private key security to be handled by the web app coder instead of the sysadmin holding the bitcoind instance(s). I *really* like this, but I don't like running alternative bitcoin daemons for web services, especially when I can't easily review the critical code or trust that a lot of other people has done so already.
What would it take to allow for this workflow on top of the bitcoind RPC mechanism? All the getbalance is there, we'd need afaict:
- add public keys / addresses
- request a transaction blob
- document (create examples in whatever languages) how to properly verify the transaction blob actually matches what the client requested from the server
- document (as above) how to properly sign the transaction
- submit signed transaction back to server
With this not only would open bitcoin servers be possible for alternate clients (even the standard one?) thus removing a lot of the initial pain for new users (less bloat, much lower initial bootstrap time) but more importantly would make the web service designer life much, much simpler.
Can it be done? Has it been done while I wasn't looking?