What if you could authenticate on any website, desktop, or mobile app, just providing your Hive username but no password or private key, from any device?
And how about storing your private keys in one secure place and no longer having to provide them to (d)Apps to log in or sign transactions?
What if you could use your Hive account as you are used to with the Google, Facebook or Twitter button but in a more secure and decentralized way?
I have been working these last months on this revolutionary concept which will finally allow you to have a universal and easy-to-use authentication solution.
The Hive Authentication Services (HAS) provide a way for any applications, (either web, desktop or mobile) to easily authenticate users, and additionally sign and broadcast transactions to the Hive blockchain, without asking them to provide any password or private key.
Note: The service description from here will deliberately disregard many technical details in order to keep a comprehensible reading for the layman. More in-depth information is available in the Documentation.
The Hive Authentication Services (HAS) act as a bridge between any Application (App) supporting the HAS protocol, any Private Key Storage Application (PKSA) supporting the HAS protocol and their respective users.
Any application can rely on HAS to authenticate users. It doesn't need to be a "Hive application", except if it plans to sign and broadcast transactions.
In most cases, the Private Key Storage Application (PKSA) is simply your preferred Hive Wallet application installed on your mobile
When a user wants to login into an application, they will provide their Hive username.
When the user hit the sign-in button, the App will send an authentication request to the HAS and ask the user to start their favorite Private Key Storage Application (PKSA), typically an app installed on your mobile (like Hive Keychain for Mobile)
The user then opens their wallet and scans the QR code. Alternatively, if the app the user wants to sign in is a mobile app, the latest can use deep linking to bypass QR code display and trigger your device to install a wallet app or open it if already installed.
If your wallet stores the keys of the account that want to sign in to, it will ask for approval or denial of the authentication request by the user.
A quick and dirty handmade mockup
If the user approves the authentication request, the App will be informed by the HAS that the user has successfully authentication and that it can proceed with the user sign-in.
The application has 100% certainty that the account exists and that whoever signs in owns the account's private keys.
Likewise, the user has explicitly identified and approved the application for further interaction.
At this moment, the application session and the users are now registered with the HAS and can communicate with each other through a secure encrypted channel.
Once an account is authenticated against an application, the latest can request the user to sign and broadcast transactions.
The user has the guarantee that the transaction requests come from the application with which he has just authenticated because both the app and the user have created a strong link through the authentication process and the HAS will filter out any transaction request from an unapproved application.
Similar to authentication, users will be able to approve or reject each transaction request that the approved applications will submit to them for signature.
As a Hive user
You do not want to provide your Private Keys to Web, Desktop or Mobile apps but still want to be able to use them. However, it happens that you store your Private Keys in a trusted application (which you may have audited), like Hive Keychain, and wish you didn't have to enter them elsewhere.
As a Hive Application developer
Implementing a secure solution for authentication (signing-in users), storing and protecting users' credentials, and broadcasting signed transactions to the Hive blockchain (providing access to users' private keys) can take significant effort. You must make sure to follow best practices and standards, and keep your implementation safe and up to date.
By implementing Hive Authentication Services support into your application, all you have to do is to ask for a username, period!
As a Private Keys Storage Application developer
While you are good at securing the data you store, i.e. accounts Private Keys, implementing cross-processes, cross-applications and cross-platforms secure communication channels can be cumbersome and hard to maintain.
Integrating HAS into your Private Keys Storage Application will instantly turn it into a 2FA solution for any HAS compatible Hive Applications.
HAS is an out-of-the-box infrastructure that acts as middleware and facilitates the interactions between any applications and their users as long as they have a Hive account.
No longer will you have to put up with having a Facebook, Twitter or Gmail account, having to provide them with private information and being tracked for whatever you do.
This funding proposal aims to support an existing project that is way further than the MVP (Minimum Viable Project) stage and should be made publicly available soonTM.
The HAS infrastructure is deployed and operational. I have already made contact with a few application, front-end and wallet developers, who are currently working on integrating HAS into the solutions they offer.
We have moved step by step, without rushing, because this project touches on the security of user accounts.
However, I am extremely confident since I have now been using it personally for a few weeks.
Hive Authentication Services may become the first fully decentralized authentication service backed by a blockchain. This will allow the concept of "Your account is your key" to become a reality, both for the Hive ecosystem and for the "outside world".
This opens the door to countless possibilities and promises incredible Hive blockchain development potential.
For this new proposal, we are applying for a daily budget of 325 HBD for a period of 12 months.
1. Work done for previous months
2. Work still to be done
There is still a lot of work to be done, in terms of development, support and communication.
3. Regular work
4. Infrastructure
The HAS infrastructure is already up and running for months. It is a cornerstone of the project and, as long as we have not developed the redundancy and scalability functionalities mentioned above, proper functioning is essential.
All the code produced through this funding will be open-sourced.
I have always been easy to reach, responsive and as helpful as possible. If you are a developer and want to test and implement HAS support into your application, feel free to contact me.
If you have any questions, drop a comment.
Support for this service is provided on Discord
Thank you for your support!
