Topic: [ANN] BitID - "Connect with Bitcoin" open protocol (alpha) (Read 3482 times)

Wouldn't it be simpler to provide Bitpay with an encrypted version of your name/address information for the invoice using the merchants public address as the encryption key?  Bitpay could store the encrypted information in case of a dispute with the merchant; the merchant could use the (decrypted) information for shipping and in the case of a dispute Bitpay could verify the correct address was sent to the merchant by looking at the information provided from the merchant and checking that it was signed by the customer.

These sorts of protocols have been possible for decades (thanks to Phil Zimmermann and others) but what has been lacking is the motivation to use them and an easy way for people to manage their public/private key pairs.  Bitcoin wallets provide both motivation and easy of use.

BitID is an important step towards the dream of public-key cryptography becoming a ubiquitous part of daily life.  Right now it's convenient to log in to new web sites using twitter, facebook or whatever social login, but why should I include them in my login process at all?   Anyone with the capability of managing their own keys can create a unique pair for every site they visit using BitID.  Or you can use one pair in cases where you want to establish a common identity across sites.

This BitID project is both simple and very important.

Yes please.

Creating an ID protocol that interfaces with a decentralised storage service would be incredible, or a separate service as OP describes (but using separate decentralised storage as a storage backend). I suspect it would need some flexibility as to the data objects, as different information categories are useful as a set depending on usage context (work ID vs social ID, different countries, vehicle licences of various types)

A user determined access structure to information would be achievable and highly desirable. For instance, why do Bitpay need to collect my name and address for their invoices? They don't have a legitimate use for the information themselves. Instead, a pointer hash to the storage location of the specific details could instead be attached to the invoice that the merchant can follow to access the information if/when needed, then accessed with a unique key that is issued to them through the SSL session with their customer.

This sort of service would not just be a so called "killer app", it would demonstrate the power of this new class of information tools to transform our way of life.

Following discussions with devs, I have updated this thread into a BIP draft discussion :
https://bitcointalksearch.org/topic/bipdraft-bitid-connect-with-bitcoin-protocol-557037

I will therefore lock this thread.

BitID (alpha)

Pure Bitcoin sites and applications shouldn’t have to rely on artificial identification methods such as usernames and passwords. BitID is an open protocol allowing simple and secure authentication using public-key cryptography.
By authentication we mean to prove to a service/application that we control a specific Bitcoin address, and that all related data/settings could securely be attributed to our session.

Why ?

When they need to deal with Bitcoin services, users already own at least one public and private key-pair: their Bitcoin addresses. Using their wallet for authentication purposes has many benefits :

• "one-click" registration and login procedures
• no need to remember or duplicate passwords
• the server only knows and stores the users's public key
• authentication by a Bitcoin address allows the service to use it (ie: Mining pool payment address)
• optionally, connect to a decentralized identification system in order to populate registration fields (nickname, email ...)

Of course, these benefits mostly apply for Bitcoin related services, leveraging the fact that users already have a wallet and presumably took all the necessary steps to protect and back it up. For non-cryptocurrency-related services, other authentication services such as OpenID or Facebook connect may be better suited.

How does it work ?

Authentication is done via signing a challenge with the public key we want to authenticate with, and sending the result to a callback URL. Upon verification, access is granted.



This is nothing new and some websites already use this kind of authentication system. BitID aims to propose a standardise a protocole in order to have full compatibility between services and the best UX possible.
The goal is to add BitID natively into all the popular wallets, to the challenge / signing / callback can be smoothly processed with a minimum of user interaction.

Please refer to the full protocol description to get all details and screenshots of the UX
https://github.com/bitid/bitid

Demo

A basic implementation demonstration is available here :
http://bitid-demo.herokuapp.com/

Source code of the implementation is available here :
https://github.com/bitid/bitid-demo

You will need to select the manual authentication (there isn't a BitID compatible wallet right now), and to manualy sign the challenge. The UX is quite combersome compared to what we want to achieve using native wallet implementation, but it shows the concept.

Roadmap

• finalizing the protocol with the help of the communauty
• implement server libraries for BitID (Ruby, JS, ...)
• native BitID implementation in major Bitcoin wallets (we will propose bounties to speed up the process)
• official release and announcements for the developers

All feedback, ideas and contributions are welcome.

BitID aims to facilitate the sign up and login process to Bitcoin related services, as well as opening gates to new kind of apps (Hotel rooms unlockable by a wallet after blockchain payment verification...). In the spirit, this project is 80% UX and 20% code.

Eric