Hive Authentication Services - Announcement and Proposal

in HiveDevs3 years ago (edited)

What if you could authenticate on any website, desktop, or mobile app, just providing your Hive username but no password or private key, from any device?

And how about storing your private keys in one secure place and no longer having to provide them to (d)Apps to log in or sign transactions?

What if you could use your Hive account as you are used to with the Google, Facebook or Twitter button but in a more secure and decentralized way?

I have been working these last months on this revolutionary concept which will finally allow you to have a universal and easy-to-use authentication solution.

Introducing Hive Authentication Services

What are Hive Authentication Services?

The Hive Authentication Services (HAS) provide a way for any applications, (either web, desktop or mobile) to easily authenticate users, and additionally sign and broadcast transactions to the Hive blockchain, without asking them to provide any password or private key.

How does it work?

Note: The service description from here will deliberately disregard many technical details in order to keep a comprehensible reading for the layman. More in-depth information is available in the Documentation.

The Hive Authentication Services (HAS) act as a bridge between any Application (App) supporting the HAS protocol, any Private Key Storage Application (PKSA) supporting the HAS protocol and their respective users.

Any application can rely on HAS to authenticate users. It doesn't need to be a "Hive application", except if it plans to sign and broadcast transactions.

In most cases, the Private Key Storage Application (PKSA) is simply your preferred Hive Wallet application installed on your mobile

1. Authentication

When a user wants to login into an application, they will provide their Hive username.

When the user hit the sign-in button, the App will send an authentication request to the HAS and ask the user to start their favorite Private Key Storage Application (PKSA), typically an app installed on your mobile (like Hive Keychain for Mobile)

The user then opens their wallet and scans the QR code. Alternatively, if the app the user wants to sign in is a mobile app, the latest can use deep linking to bypass QR code display and trigger your device to install a wallet app or open it if already installed.

If your wallet stores the keys of the account that want to sign in to, it will ask for approval or denial of the authentication request by the user.


A quick and dirty handmade mockup

If the user approves the authentication request, the App will be informed by the HAS that the user has successfully authentication and that it can proceed with the user sign-in.

The application has 100% certainty that the account exists and that whoever signs in owns the account's private keys.

Likewise, the user has explicitly identified and approved the application for further interaction.

At this moment, the application session and the users are now registered with the HAS and can communicate with each other through a secure encrypted channel.

2. Signing and Broadcasting Transactions

Once an account is authenticated against an application, the latest can request the user to sign and broadcast transactions.

The user has the guarantee that the transaction requests come from the application with which he has just authenticated because both the app and the user have created a strong link through the authentication process and the HAS will filter out any transaction request from an unapproved application.

Similar to authentication, users will be able to approve or reject each transaction request that the approved applications will submit to them for signature.

Why use Hive Authentication Services?

  • As a Hive user
    You do not want to provide your Private Keys to Web, Desktop or Mobile apps but still want to be able to use them. However, it happens that you store your Private Keys in a trusted application (which you may have audited), like Hive Keychain, and wish you didn't have to enter them elsewhere.

  • As a Hive Application developer
    Implementing a secure solution for authentication (signing-in users), storing and protecting users' credentials, and broadcasting signed transactions to the Hive blockchain (providing access to users' private keys) can take significant effort. You must make sure to follow best practices and standards, and keep your implementation safe and up to date.

    By implementing Hive Authentication Services support into your application, all you have to do is to ask for a username, period!

  • As a Private Keys Storage Application developer
    While you are good at securing the data you store, i.e. accounts Private Keys, implementing cross-processes, cross-applications and cross-platforms secure communication channels can be cumbersome and hard to maintain.

    Integrating HAS into your Private Keys Storage Application will instantly turn it into a 2FA solution for any HAS compatible Hive Applications.

HAS is an out-of-the-box infrastructure that acts as middleware and facilitates the interactions between any applications and their users as long as they have a Hive account.

No longer will you have to put up with having a Facebook, Twitter or Gmail account, having to provide them with private information and being tracked for whatever you do.

Request for funding

This funding proposal aims to support an existing project that is way further than the MVP (Minimum Viable Project) stage and should be made publicly available soonTM.

The HAS infrastructure is deployed and operational. I have already made contact with a few application, front-end and wallet developers, who are currently working on integrating HAS into the solutions they offer.

We have moved step by step, without rushing, because this project touches on the security of user accounts.

However, I am extremely confident since I have now been using it personally for a few weeks.

What's the benefit for Hive?

Hive Authentication Services may become the first fully decentralized authentication service backed by a blockchain. This will allow the concept of "Your account is your key" to become a reality, both for the Hive ecosystem and for the "outside world".

This opens the door to countless possibilities and promises incredible Hive blockchain development potential.

Budget

For this new proposal, we are applying for a daily budget of 325 HBD for a period of 12 months.

What's the funding for?

1. Work done for previous months

  • development and test of a HAS server
  • development and test of a HAS PKSA emulator
  • development and test of a HAS client library
  • Deployment and cost of existing infrastructure
  • Drafting of technical documentation for beta testers

2. Work still to be done

There is still a lot of work to be done, in terms of development, support and communication.

  • support for integration into existing Apps and PKSA
  • creation of a professional graphic chart
  • creation of documentation for users
  • creation of documentation for developers
  • creation of tutorials and related code examples
  • implement communication between multiple HAS servers to allow load balancing and failover
  • improve the redundancy and the scalability of the infrastructure
  • stress tests
  • and much more...

3. Regular work

  • Code maintenance and deployment
  • Support to users and developers
  • Documentation maintenance, both for users and developers
  • Communication and external awareness

4. Infrastructure

The HAS infrastructure is already up and running for months. It is a cornerstone of the project and, as long as we have not developed the redundancy and scalability functionalities mentioned above, proper functioning is essential.

  • Server(s) + Firewall
  • Security management and monitoring tools
  • Performances monitoring tools
  • domain(s) registration
  • Backup services

Commitment

All the code produced through this funding will be open-sourced.

Support

I have always been easy to reach, responsive and as helpful as possible. If you are a developer and want to test and implement HAS support into your application, feel free to contact me.

If you have any questions, drop a comment.
Support for this service is provided on Discord


Support This Proposal:

Thank you for your support!

Sort:  
There are 2 pages
Pages

This is a terrific idea.

I love that the quality of the development is increasing and bigger issues are being addressed.

Everyone needs to take a look at this and what is being presented. First glance, it looks like it will be a real value add to Hive.

I will have to dig further into it but I like what I see so far.

Posted Using LeoFinance Beta

Thank @taskmaster4450le.
Feel free to contact me if you want to read a more in-depth (maybe a bit technical) description of how it works.
That being said, I plan to release more posts describing the project for the layman. I just avoid overflowing people with too much info at the same time.

Sir, I maybe a newbie, but I find this proposal exciting. I can imagine this will be a hit and the Hive blockchain will surely benefit from this system. I have voted for your witness just now. Hope this will materialize.

This is honestly a great idea! The potential integration for my own websites has me buzzing with ideas... this is really exciting!

Thank you @aussieninja
Feel free to contact me if you want to play with it.

Thanks! I actually think it would be in January/February when we'd be ready to implement something like this into the main site I'm working on. I'll get in touch around then.

It sounds good in theory but if it only works with apps that host HAS infrastructure will it be useful for users.
This is me asking as a person with no knowledge and who uses hive keychain for access to hive based apps.

Could an app built on telos host the infrastructure and let us sign in their with our hive account? I was talking to a couple of Devs over there previously who were talking about hive collaboration as an example.

If it can work cross chain how would that affect tokens based on those chains say bsc tokens earned gaming or social tokens earned on telos?

I am just trying to figure out the use case on the project. Sounds like a lot of work has gone in so far. Congrats on getting it to this level and hopefully we see it become something very useful for the future of hive and its community.

The apps don't need to host HAS infrastructure. They only need to support HAS protocol and be able to "talk" with a HAS server.

An app built on Telos could perfectly let users sign in with their Hive account. If the Telos devs want to collaborate with us, they are more than welcome. It would be an excellent use case to demonstrate how useful the HAS project can be.

It can work cross-chain because the HAS infrastructure is "transactions agnostic". So we can easily imagine a Telos App talking with a Telos Wallet but authenticating and securing the connection with the help of a Hive account.

I have already informed our core devs about this. Thank you.

Sir, I maybe a newbie, but I find this proposal exciting. I can imagine this will be a hit and the Hive blockchain will surely benefit from this system. I have voted for your witness just now. Hope this will materialize.

Thank you for your support @deixykerr, really appreciate it! 👍

Done!
Things like this is what we need more of on Hive!

Thank you for your support @unklebonehead, much appreciated! 👍

Love this idea. Combine this with easy to remember username and hive just gets better and better and easier to use.

Yes, that is the main objective: to make things easier while maintaining, or even improving, the level of security.

I love this! The only thing better would be a "Sign in with Hive" or "Sign up with Hive" like you see on things that have a "Sign in with Google" button. I know that's a long shot but still a really cool thought!

Posted Using LeoFinance Beta

Thank you @l337m45732
That would be so cool to see that "Sign in with Hive" button everywhere and replace the others 😁🤞

This would be incredible. We can dream! It is possible!

Posted Using LeoFinance Beta

Looks interesting and useful, will read the rest in a bit. Great work!

Thank you @acidyo. I will provide the community with more in-depth details about the project in the coming days. Stay tuned.

GREAT idea! ... I've been pretty slack in supporting any proposals of late, but this one definitely gets my support!

Thank you for your support @braaiboy, really appreciate it! 👍

All the code produced through this funding will be open-sourced.

For me a very important point.

I like to support this proposal, although it is very expensive. It will add real value to our hive community.
Thank you for this great idea and good luck with the proposal and the realization of your idea.

Thank you for your support @condeas.

This project must be open-sourced because, as it involves the security of the accounts, its code must be audited.
I trust myself enough to already use it, but I will be even more reassured when several other people trust the code as much as I do.

Something seriously worth doing as security is the key to everything we have on here. This will make life so much easier and straight forward. I really hope this happens as this is building more use cases into Hive.

Yes, security is the key factor with this project.
Several times I found myself abandoning a site while browsing on my mobile because I had to provide a private key in the login process.
And even if HiveSigner was supported, I didn't have my HiveSigner password handy, or I had to enter the private active key, which I never provided to any website, even the HiveSigner page.
I feel way safer now with this new solution.

I really like this it's a sign of improvement in this platform. Keep up the good work

great idea!

Thank you for your support @tobetada

This is cool! This is a great proposal and I hope it will materialize soon! It is exciting to be able to have an authentication that´s hassle-free!

Thank you @mers. Glad to see my own excitement for this project is contagious.

LOl, it is contagious!

Will it be the next pandemic thing? 😆

Lol, I hope that it will spread like the pandemic in a good way.... hahaha, CHEERS!

Voted and re-blogged. Thanks for your work.

So, if my understanding is correc, if i wanted to sign into an "outside" account (or a Hive Dapp) which supported HAS, then i could choose to sign in with my atma.love pseudo anonymous account, OR a completely anonymous Hive alt account, so having the choice how much about me i disclose to those viewing my profile in the application which i have signed in to. Make sense?

Thank you for your support @atma.love, really appreciate it! 👍

if i wanted to sign into an "outside" account (or a Hive Dapp) which supported HAS, then i could choose to sign in with my atma.love pseudo anonymous account

Yes, that's correct.

Fully supported. I am still going through the technical details stuff but overall this is needed for the majority of the HIVE community.

Proven this can scale and stay resilient enough (because it will be another point for attacking the blockchain), I see this making ANY user be able to use ANY hive app, which is a needed tier for the new users that are not used to dealing with the increased security the HIVE Blockchain has in comparison with other single key based ones.

I love those push and approve methodologies (like some 2FA apps have). But there are challenges ahead... I will dive into those on the other post you made.

Thank you @forykw

Proven this can scale and stay resilient

It's how it has been designed. More about it in the coming posts.

it will be another point for attacking the blockchain

I don't think so. Again, I will explain why in another post.

@forkyishere waiting for it =) thanks mate. Talk on HiveFest? :P

I want this yesterday. Anything I can do to help, test, use, you know where to find me.

Thank you for your help proposal @brianoflondon.
I think I'll quickly need it for a couple of things. I'm going to find you right away...

@arcange

Thank you for contacting me. You have my support! This is a wonderful creation... and a much needed one I feel! Look forward to seeing how things turn out.

!LUV @tipu curate !WINE


Congratulations, @wesphilbin You Successfully Shared 0.800 WINEX With @arcange.
You Earned 0.800 WINEX As Curation Reward.
You Utilized 4/5 Successful Calls.

wine_logo


Contact Us : WINEX Token Discord Channel
WINEX Current Market Price : 0.200

<><

<><

LUV

Connect

Trade


@arcange, you've been given LUV from @wesphilbin.

Check the LUV in your H-E wallet. (4/5)

Thank you @wesphilbin
!LUV ! BEER

<><

<><

LUV

Connect

Trade


@wesphilbin, you've been given LUV from @arcange.

Check the LUV in your H-E wallet. (1/1)

This is a fabulous idea. IMO it's a gamechanger and will make blockchain and crypto and places like Hive so much more accessible. Also, if it protects privacy, unlike, well, you know, well,I am in! Thank you @arcange!

This is a great proposal!
I just try to understand the need for 325 HBD/day, 100k+/year, which is quite a lot.
How many people will be working on it on a daily base?
How much of the budget is going into 'Work done for previous months'?

Posted Using LeoFinance Beta

Thank you @captainklaus

The "'Work done for previous months" is 3 months nearly full-time design, development, tests, deployment, ...
Currently, 3 people are working on the project. Expect another to join us soon to handle communication/support.

your account is your key

Finally something unique is happening on hive to protect our account from stolen or compromise. HAS is typically act like bridge in between any sites whether its web 2.0 or web 3.0 generation. Dev really developing to present hive in more wider circle where easily we have a choice of decentralised platform to be connected through ecommerce or any other general sites and apps. Well done hive communities for progressing towards huge success.

This is a great idea. Happy to support it.

Thank you for your support @felt.buzz, really appreciate it! 👍

That looks like a fantastic proposal, really usefully and needed. Count with my vote.

Thank you for your support @cellard00r, really appreciate it! 👍

you have my support. more power to you @arcange.

Thank you for your support @beerbod, really appreciate it! 👍

So i know you did this dumb style yet i need a TLDR LMAO i have to read in parts but it looks AWESOME and helpful!

TLDR;
Me want to sign in into application
Me give my username
Me no more give my password or private key
Application welcome me and me feel safe
Thank you HiveAuthentication Services!

Now this is an awesome service! TLDR and all provided hahahahaha.
it sounds like it could make a lot of new user life easier.

It already makes mine way easier than before. Me teasing 😇

Can you give me a bit more 'for dummies' info? I can do the above with Hive Keychain. But does your system allow any authenticating wallet to interact with the app requesting authentication? So it would work for people who use Keychain and also for those that don't want to use it, but use the HiveWallet or Vessel? Basically the app you are wanting to log in to is key storage agnostic?

does your system allow any authenticating wallet to interact with the app requesting authentication?

Absolutely

it would work for people who use Keychain and also for those that don't want to use it, but use the HiveWallet or Vessel?

Exactly. You can even use multiple authenticators (Keychain and HiveWallet for example) and still use Keychain extension when on desktop

the app you are wanting to log in to is key storage agnostic?

Yes, it just knows how to talk to the HAS server and has no idea how the authentication request was approved

Sounds good. I am basically only worried about security holes in the code.
I assume that you have been talking a lot with the Keychain guys already, but please make sure that the code will be reviewed by a lot of devs.

I am excited to hear your "technical details" update soon an hopefully weekly progress updates too...

Wishing you the best.

Yep, we re in touch, and basically one of the goals is to have requests E2E encrypted to make it trustless to use HAS in the middle.

But how safe is E2E encryption really? I mean whattsapp E2E was cracked by the CIA, or is that just an intended backdoor created by facebook?

Technically they didn't crack E2EE, they hacked into the phones and got the information before encryption. So in the end I guess it depends on how much you trust your device to be secure.

Thank you for your vote to the proposal @ew-and-patterns!

I am basically only worried about security holes in the code.

This is also my main concern. Hence why the project is deployed in a calm and careful manner.

I assume that you have been talking a lot with the Keychain guys

Yes, we work together very closely and their feedback has been very helpful throughout the initial development phase.

Super! :D Will vote for your proposal @arcange :-)

Thank you for your vote @soyrosa 🌹🌹🌹

How interesting. This would save me a lot of headaches when entering any of the dApps. 😎

Thank you for your approval of the proposal @charsdesign, much appreciated!

Dude, your apps are very impressive and I use them all the time. Thank you for your hard work in making #hive easy, safe, and enjoyable to use! 👍

This is what I have been looking for. Voted.

Thank you for your support @khan.dayyanz, really appreciate it! 👍

So, instead of talking to Hive Keychain the apps would need to talk to HAS? Is this a simplification of the messaging part? In the end, we would still need Hive Keychain to be installed and populated with our keys.

Anyways, great work.

Thank you @ervin-lemark

instead of talking to Hive Keychain the apps would need to talk to HAS?

Yes

Is this a simplification of the messaging part?

To be honest, no. But that's not what the project aims to improve.

In the end, we would still need Hive Keychain to be installed and populated with our keys.

Yes, but you will have to do it only once and will stop disseminating your keys on multiple devices/browsers

For some, HAS may be irrelevant.
But for those like me who connect from several devices (multiple desktops, mobile, tablet) or who wish to be able to use a public computer (with no Keychain extension installed, fear of even typing you key, or even no key at hand), it's more than an interesting solution.

I see. thank you very much for your explanation.

Good luck with the project and implementation.

Me, jumping to the proposals site to vote for it :)

Thank you for your support 🙇

Supported, God-Damn you did put a lot of effort into this already. Im-'F-ing'-pressive.

Thank you for your vote @manniman!


~~~ embed:1450872853935673349 twitter metadata:b0FjaWRvfHxodHRwczovL3R3aXR0ZXIuY29tL29BY2lkby9zdGF0dXMvMTQ1MDg3Mjg1MzkzNTY3MzM0OXw= ~~~
The rewards earned on this comment will go directly to the person sharing the post on Twitter as long as they are registered with @poshtoken. Sign up at https://hiveposh.com.

To be honest with you guys, this is a very nice idea. I don't ever regret joining hive. You guys are the best.....

!PIZZA
!BEER

PIZZA! PIZZA! PIZZA!
@arcange! The Hive.Pizza team manually curated this post.
PIZZA Holders sent $PIZZA tips in this post's comments:
@chrislybear(2/10) tipped @arcange (x1)
eii tipped arcange (x1)
Learn more at https://hive.pizza.

My man, te la comiste. This is going to privide us with an extra layer of security and "your keys, your account" will be more valid than ever. I wish you success on this.

Thank you @jonsnow1983
Please turn your wishes into actions, vote for the proposal on Peakd, ecency,

Hive.blog / https://wallet.hive.blog/proposals
or using HiveSigner!

I am not the greatest fan of oauth. However since oauth is used by many big companies I can't help but ask: What is the primary difference between HAS and Oauth and why is HAS superior?

HAS and oAuth are quite similar.
The main difference with oAuth is that HAS does not rely on a third-party authorization service.
Users are always in control of their keys and can manage the permissions they give to applications at the lowest level.

This is incredibly amazing!
Back then,I could remember how joyous we all were when different projects came up to help authentication on Steemit[our old home]. Even tho we had to input our PK on these apps, it was far better than inputting our details on those bunch of sites.
Now, this Line of Tech just got evolved with HAS.
Dammmmn! Kudos on this.

If this project takes place it’s a better future for us.. this is really nice.. following the fact that it will make things easier for us. Good one

This is incredible, only a genius think deep and look forward to what will happen in future. Keep the good work

Great idea ,keep up the Good Work...

I will definitely support this proposal and will let our core devs in Telos to undergo this process. What I was trying to think about is that Telos TLOS tokens to be incorporated to Hive-engine too.

Thank you @fycee. Looking forward to your feedback from the Telos devs and your vote for the proposal (it can be done on Peakd, ecency,

Hive.blog / https://wallet.hive.blog/proposals
or using HiveSigner)

Done using HiveSigner sir.

Thank you for your support, really appreciate it! 👍

You got my support. Sounds like a great project and we’ll thought out. Actually I have total faith in all your Hive endeavors. I’ll vote for it right now. 😁

Thank you for your support @bdmillergallery, really appreciate it! 👍

😁 No problem! My Pleasure man.

This is so good! Imagine how far Hive can get into and woah I can (in the future) sign in to many apps (given that if those apps are willing to collaborate with Hive).

I usually use the same thing to almost all websites as I don’t like to create new accounts when signing up. Example, my canva account and many more are all “sign in using google”. I can only imagine a very hassle free with HAS infrastructure!

This is so great @arcange and I love to know more about this project!

Is the that not already in keychain mobile with QR code scanning? I brought that up months ago and i thought that was on the To do list :)

Up to now, QR code scanning in Keychain is to import your keys from the browser extension.
It does not allow you to authenticate (for nowtm)

I thought that was already on the list :) Because it would be super cool for payments to.

Hello @arcange… I have chosen your post about “-Hive Authentication Services - Announcement and Proposal-” for my daily initiative to re-blog - vote and comment…
09.jpg
Let's keep working and supporting each other to grow at Hive!...

This would be so awesome!
I use different devices and interfaces.
When switching between the devices this would make things much more easy!
I really hope this is going to happen.💪

!PIZZA

Make it happen! Vote for the proposal on Peakd, ecency,

Hive.blog / https://wallet.hive.blog/proposals
or using HiveSigner

I am in :)

Bildschirmfoto 2021-10-21 um 17.39.24.png

Thank you for your support @chrislybear! 👍

Aye these are the developments I want to see abs I’m here for it

There are 2 pages
Pages