Author

Topic: Support for BitID ("Connect with Bitcoin") (Read 3087 times)

sr. member
Activity: 360
Merit: 250
CEO, Ledger
August 21, 2014, 02:07:52 AM
#6
You can use these links :
http://bit.ly/bitid-slides (slides to present BitID)
https://www.youtube.com/watch?v=3eepEWTnRTc (a basic demo video)
https://github.com/bitid/bitid (the repo)

Merci Smiley

Eric
hero member
Activity: 668
Merit: 501
I was surprised to find BitID was not yet supported by the standard Android wallet (the one discussed in this forum) as I started doing some server-side login development today.

Are there plans to include it? This is two-factor authentication simpler than a login/password combination, and displaying a QR code as a login challenge on the login screen would be great security-wise AND usability-wise.

Cheers,
Rick


Hi Rick.
IF you want to toy around with Bitid, you can get the mycelium testnet wallet https://play.google.com/store/apps/details?id=com.mycelium.testnetwallet where we have experimental support for bitid. to trigger it, you have to scan the barcode with an external barcode scanner. after we roll out HD wallets and the integrated unified scan button it will be released to the main client.
newbie
Activity: 31
Merit: 0
I was surprised to find BitID was not yet supported by the standard Android wallet (the one discussed in this forum) as I started doing some server-side login development today.

Are there plans to include it? This is two-factor authentication simpler than a login/password combination, and displaying a QR code as a login challenge on the login screen would be great security-wise AND usability-wise.

Cheers,
Rick
sr. member
Activity: 360
Merit: 250
CEO, Ledger
Here is a first implementation of the BitID protocol :
https://github.com/bitid/bitcoin-wallet

A short video shows how easy it is to authenticate on a website using Bitcoin wallet :
https://www.youtube.com/watch?v=3eepEWTnRTc
sr. member
Activity: 360
Merit: 250
CEO, Ledger
There is now a demo website with a test framework allowing easy integration of BitID on a wallet :
http://bitid-demo.herokuapp.com/

When you can the QRcode you get the challenge to sign :

Code:
Bitcoin Signed Message:
bitid://bitid-demo.herokuapp.com/callback?x=74ea43baea533c08

Then you pick up an address on the wallet, sign the message and POST all back to the callback URL :

Code:
curl -X POST http://bitid-demo.herokuapp.com/callback \
  --header "Content-Type: application/json" \
  --data '{"uri" : "bitid://bitid-demo.herokuapp.com/callback?x=74ea43baea533c08",
    "address" : "1HpE8571PFRwge5coHiFdSCLcwa7qetcn",
    "signature" : "IKOBShVoZlkl0rJyG1TNIOAahEOTsB33ryP5AJBV2b1jIPGDVXfCqtFb+CnB4cpVjQ/WAV2MMYkLbGrVhvy14d8="}'

Is there anyone interested to work on BitID integration on the Android wallet, and get the bounty ?

If you want to know more about BitID, and why this could be a very good upside to the community, please read our presentation :
http://bit.ly/bitid-slides


sr. member
Activity: 360
Merit: 250
CEO, Ledger
We are developping the BitID authentication protocol. Basicaly it's an open standard to facilitate user's registration in login on a service using its Bitcoin key (it could be compared to "Facebook connect" on the UX and flow). User scans a QRcode which contains a bitid: URI, it's parsed for validity by the wallet and a confirmation is prompted. After choosing a Bitcoin address, the URI is signed and a POST is made in the callback addres contained in the URI.

For the full explication of the protocol, examples and demo please refer to our GitHub :
https://github.com/bitid/bitid

To be successfull, BitID must be implemented in most of the popular wallets. Therefore, to motivate developers we are offering a bounty of 1 BTC.

What is needed to do :
  • register the bitid: scheme (so it is activated in case of click)
  • throw a bitid: intent when scanning a BitID QR code
  • decode the URI and verify its format
  • display a request for authentication showing the domain name callback and ask for validation
  • ask the user to pick up or create a Bitcoin address for the authentication (show the last Bitcoin address used if this is a known callback address)
  • sign the BitID URI with the private key
  • POST the signature, the URI and the public key to the callback URL
  • completion dialog : success/retry/cancel

Please PM me for more details and specifications.

If you are interested to participate into the protocol discussion, please refer to :
https://bitcointalksearch.org/topic/bipdraft-bitid-connect-with-bitcoin-protocol-557037

Eric
Jump to: