Hive Authentication Services - Announcement and Proposal

avatar
(Edited)

What if you could authenticate on any website, desktop, or mobile app, just providing your Hive username but no password or private key, from any device?

And how about storing your private keys in one secure place and no longer having to provide them to (d)Apps to log in or sign transactions?

What if you could use your Hive account as you are used to with the Google, Facebook or Twitter button but in a more secure and decentralized way?

I have been working these last months on this revolutionary concept which will finally allow you to have a universal and easy-to-use authentication solution.

Introducing Hive Authentication Services

What are Hive Authentication Services?

The Hive Authentication Services (HAS) provide a way for any applications, (either web, desktop or mobile) to easily authenticate users, and additionally sign and broadcast transactions to the Hive blockchain, without asking them to provide any password or private key.

How does it work?

Note: The service description from here will deliberately disregard many technical details in order to keep a comprehensible reading for the layman. More in-depth information is available in the Documentation.

The Hive Authentication Services (HAS) act as a bridge between any Application (App) supporting the HAS protocol, any Private Key Storage Application (PKSA) supporting the HAS protocol and their respective users.

Any application can rely on HAS to authenticate users. It doesn't need to be a "Hive application", except if it plans to sign and broadcast transactions.

In most cases, the Private Key Storage Application (PKSA) is simply your preferred Hive Wallet application installed on your mobile

1. Authentication

When a user wants to login into an application, they will provide their Hive username.

When the user hit the sign-in button, the App will send an authentication request to the HAS and ask the user to start their favorite Private Key Storage Application (PKSA), typically an app installed on your mobile (like Hive Keychain for Mobile)

The user then opens their wallet and scans the QR code. Alternatively, if the app the user wants to sign in is a mobile app, the latest can use deep linking to bypass QR code display and trigger your device to install a wallet app or open it if already installed.

If your wallet stores the keys of the account that want to sign in to, it will ask for approval or denial of the authentication request by the user.


A quick and dirty handmade mockup

If the user approves the authentication request, the App will be informed by the HAS that the user has successfully authentication and that it can proceed with the user sign-in.

The application has 100% certainty that the account exists and that whoever signs in owns the account's private keys.

Likewise, the user has explicitly identified and approved the application for further interaction.

At this moment, the application session and the users are now registered with the HAS and can communicate with each other through a secure encrypted channel.

2. Signing and Broadcasting Transactions

Once an account is authenticated against an application, the latest can request the user to sign and broadcast transactions.

The user has the guarantee that the transaction requests come from the application with which he has just authenticated because both the app and the user have created a strong link through the authentication process and the HAS will filter out any transaction request from an unapproved application.

Similar to authentication, users will be able to approve or reject each transaction request that the approved applications will submit to them for signature.

Why use Hive Authentication Services?

  • As a Hive user
    You do not want to provide your Private Keys to Web, Desktop or Mobile apps but still want to be able to use them. However, it happens that you store your Private Keys in a trusted application (which you may have audited), like Hive Keychain, and wish you didn't have to enter them elsewhere.

  • As a Hive Application developer
    Implementing a secure solution for authentication (signing-in users), storing and protecting users' credentials, and broadcasting signed transactions to the Hive blockchain (providing access to users' private keys) can take significant effort. You must make sure to follow best practices and standards, and keep your implementation safe and up to date.

    By implementing Hive Authentication Services support into your application, all you have to do is to ask for a username, period!

  • As a Private Keys Storage Application developer
    While you are good at securing the data you store, i.e. accounts Private Keys, implementing cross-processes, cross-applications and cross-platforms secure communication channels can be cumbersome and hard to maintain.

    Integrating HAS into your Private Keys Storage Application will instantly turn it into a 2FA solution for any HAS compatible Hive Applications.

HAS is an out-of-the-box infrastructure that acts as middleware and facilitates the interactions between any applications and their users as long as they have a Hive account.

No longer will you have to put up with having a Facebook, Twitter or Gmail account, having to provide them with private information and being tracked for whatever you do.

Request for funding

This funding proposal aims to support an existing project that is way further than the MVP (Minimum Viable Project) stage and should be made publicly available soonTM.

The HAS infrastructure is deployed and operational. I have already made contact with a few application, front-end and wallet developers, who are currently working on integrating HAS into the solutions they offer.

We have moved step by step, without rushing, because this project touches on the security of user accounts.

However, I am extremely confident since I have now been using it personally for a few weeks.

What's the benefit for Hive?

Hive Authentication Services may become the first fully decentralized authentication service backed by a blockchain. This will allow the concept of "Your account is your key" to become a reality, both for the Hive ecosystem and for the "outside world".

This opens the door to countless possibilities and promises incredible Hive blockchain development potential.

Budget

For this new proposal, we are applying for a daily budget of 325 HBD for a period of 12 months.

What's the funding for?

1. Work done for previous months

  • development and test of a HAS server
  • development and test of a HAS PKSA emulator
  • development and test of a HAS client library
  • Deployment and cost of existing infrastructure
  • Drafting of technical documentation for beta testers

2. Work still to be done

There is still a lot of work to be done, in terms of development, support and communication.

  • support for integration into existing Apps and PKSA
  • creation of a professional graphic chart
  • creation of documentation for users
  • creation of documentation for developers
  • creation of tutorials and related code examples
  • implement communication between multiple HAS servers to allow load balancing and failover
  • improve the redundancy and the scalability of the infrastructure
  • stress tests
  • and much more...

3. Regular work

  • Code maintenance and deployment
  • Support to users and developers
  • Documentation maintenance, both for users and developers
  • Communication and external awareness

4. Infrastructure

The HAS infrastructure is already up and running for months. It is a cornerstone of the project and, as long as we have not developed the redundancy and scalability functionalities mentioned above, proper functioning is essential.

  • Server(s) + Firewall
  • Security management and monitoring tools
  • Performances monitoring tools
  • domain(s) registration
  • Backup services

Commitment

All the code produced through this funding will be open-sourced.

Support

I have always been easy to reach, responsive and as helpful as possible. If you are a developer and want to test and implement HAS support into your application, feel free to contact me.

If you have any questions, drop a comment.
Support for this service is provided on Discord


Support This Proposal:

Thank you for your support!



0
0
0.000
169 comments
avatar

pixresteemer_incognito_angel_mini.png
Bang, I did it again... I just rehived your post!
15

0
0
0.000
avatar

Gute Idee!
Danke auch für die bebildete Erklärung.

0
0
0.000
avatar

One question:
Is it possible finding out which user is interacting with an application by reading the HIVE blockchain?

0
0
0.000
avatar

You will only find posts and comments created using apps that add their signature in the metadata.
Other than that, by reading the blockchain, there is no way to track how users broadcast their transactions.

0
0
0.000
avatar

This is a terrific idea.

I love that the quality of the development is increasing and bigger issues are being addressed.

Everyone needs to take a look at this and what is being presented. First glance, it looks like it will be a real value add to Hive.

I will have to dig further into it but I like what I see so far.

Posted Using LeoFinance Beta

0
0
0.000
avatar

Thank @taskmaster4450le.
Feel free to contact me if you want to read a more in-depth (maybe a bit technical) description of how it works.
That being said, I plan to release more posts describing the project for the layman. I just avoid overflowing people with too much info at the same time.

0
0
0.000
avatar

Sir, I maybe a newbie, but I find this proposal exciting. I can imagine this will be a hit and the Hive blockchain will surely benefit from this system. I have voted for your witness just now. Hope this will materialize.

0
0
0.000
avatar

This is honestly a great idea! The potential integration for my own websites has me buzzing with ideas... this is really exciting!

0
0
0.000
avatar

Thank you @aussieninja
Feel free to contact me if you want to play with it.

0
0
0.000
avatar

Thanks! I actually think it would be in January/February when we'd be ready to implement something like this into the main site I'm working on. I'll get in touch around then.

0
0
0.000
avatar

It sounds good in theory but if it only works with apps that host HAS infrastructure will it be useful for users.
This is me asking as a person with no knowledge and who uses hive keychain for access to hive based apps.

Could an app built on telos host the infrastructure and let us sign in their with our hive account? I was talking to a couple of Devs over there previously who were talking about hive collaboration as an example.

If it can work cross chain how would that affect tokens based on those chains say bsc tokens earned gaming or social tokens earned on telos?

I am just trying to figure out the use case on the project. Sounds like a lot of work has gone in so far. Congrats on getting it to this level and hopefully we see it become something very useful for the future of hive and its community.

0
0
0.000
avatar

The apps don't need to host HAS infrastructure. They only need to support HAS protocol and be able to "talk" with a HAS server.

An app built on Telos could perfectly let users sign in with their Hive account. If the Telos devs want to collaborate with us, they are more than welcome. It would be an excellent use case to demonstrate how useful the HAS project can be.

It can work cross-chain because the HAS infrastructure is "transactions agnostic". So we can easily imagine a Telos App talking with a Telos Wallet but authenticating and securing the connection with the help of a Hive account.

0
0
0.000
avatar

I have already informed our core devs about this. Thank you.

0
0
0.000
avatar

Sir, I maybe a newbie, but I find this proposal exciting. I can imagine this will be a hit and the Hive blockchain will surely benefit from this system. I have voted for your witness just now. Hope this will materialize.

0
0
0.000
avatar

Love this idea. Combine this with easy to remember username and hive just gets better and better and easier to use.

0
0
0.000
avatar

Yes, that is the main objective: to make things easier while maintaining, or even improving, the level of security.

0
0
0.000
avatar

Looks interesting and useful, will read the rest in a bit. Great work!

0
0
0.000
avatar

Thank you @acidyo. I will provide the community with more in-depth details about the project in the coming days. Stay tuned.

0
0
0.000
avatar

I love this! The only thing better would be a "Sign in with Hive" or "Sign up with Hive" like you see on things that have a "Sign in with Google" button. I know that's a long shot but still a really cool thought!

Posted Using LeoFinance Beta

0
0
0.000
avatar
(Edited)

Thank you @l337m45732
That would be so cool to see that "Sign in with Hive" button everywhere and replace the others 😁🤞

0
0
0.000
avatar

So i know you did this dumb style yet i need a TLDR LMAO i have to read in parts but it looks AWESOME and helpful!

0
0
0.000
avatar

TLDR;
Me want to sign in into application
Me give my username
Me no more give my password or private key
Application welcome me and me feel safe
Thank you HiveAuthentication Services!

0
0
0.000
avatar

Now this is an awesome service! TLDR and all provided hahahahaha.
it sounds like it could make a lot of new user life easier.

0
0
0.000
avatar

It already makes mine way easier than before. Me teasing 😇

0
0
0.000
avatar
(Edited)

Can you give me a bit more 'for dummies' info? I can do the above with Hive Keychain. But does your system allow any authenticating wallet to interact with the app requesting authentication? So it would work for people who use Keychain and also for those that don't want to use it, but use the HiveWallet or Vessel? Basically the app you are wanting to log in to is key storage agnostic?

0
0
0.000
avatar
(Edited)

does your system allow any authenticating wallet to interact with the app requesting authentication?

Absolutely

it would work for people who use Keychain and also for those that don't want to use it, but use the HiveWallet or Vessel?

Exactly. You can even use multiple authenticators (Keychain and HiveWallet for example) and still use Keychain extension when on desktop

the app you are wanting to log in to is key storage agnostic?

Yes, it just knows how to talk to the HAS server and has no idea how the authentication request was approved

0
0
0.000
avatar

To be honest with you guys, this is a very nice idea. I don't ever regret joining hive. You guys are the best.....

0
0
0.000
avatar

!PIZZA
!BEER

0
0
0.000
avatar

GREAT idea! ... I've been pretty slack in supporting any proposals of late, but this one definitely gets my support!

0
0
0.000
avatar

This is cool! This is a great proposal and I hope it will materialize soon! It is exciting to be able to have an authentication that´s hassle-free!

0
0
0.000
avatar

Thank you @mers. Glad to see my own excitement for this project is contagious.

0
0
0.000
avatar

LOl, it is contagious!

0
0
0.000
avatar

Will it be the next pandemic thing? 😆

0
0
0.000
avatar

Lol, I hope that it will spread like the pandemic in a good way.... hahaha, CHEERS!

0
0
0.000
avatar

Sounds good. I am basically only worried about security holes in the code.
I assume that you have been talking a lot with the Keychain guys already, but please make sure that the code will be reviewed by a lot of devs.

I am excited to hear your "technical details" update soon an hopefully weekly progress updates too...

Wishing you the best.

0
0
0.000
avatar

Yep, we re in touch, and basically one of the goals is to have requests E2E encrypted to make it trustless to use HAS in the middle.

0
0
0.000
avatar

But how safe is E2E encryption really? I mean whattsapp E2E was cracked by the CIA, or is that just an intended backdoor created by facebook?

0
0
0.000
avatar

Technically they didn't crack E2EE, they hacked into the phones and got the information before encryption. So in the end I guess it depends on how much you trust your device to be secure.

0
0
0.000
avatar

Thank you for your vote to the proposal @ew-and-patterns!

I am basically only worried about security holes in the code.

This is also my main concern. Hence why the project is deployed in a calm and careful manner.

I assume that you have been talking a lot with the Keychain guys

Yes, we work together very closely and their feedback has been very helpful throughout the initial development phase.

0
0
0.000
avatar

I want this yesterday. Anything I can do to help, test, use, you know where to find me.

0
0
0.000
avatar

Thank you for your help proposal @brianoflondon.
I think I'll quickly need it for a couple of things. I'm going to find you right away...

0
0
0.000
avatar

I really like this it's a sign of improvement in this platform. Keep up the good work

0
0
0.000
avatar

Something seriously worth doing as security is the key to everything we have on here. This will make life so much easier and straight forward. I really hope this happens as this is building more use cases into Hive.

0
0
0.000
avatar

Yes, security is the key factor with this project.
Several times I found myself abandoning a site while browsing on my mobile because I had to provide a private key in the login process.
And even if HiveSigner was supported, I didn't have my HiveSigner password handy, or I had to enter the private active key, which I never provided to any website, even the HiveSigner page.
I feel way safer now with this new solution.

0
0
0.000
avatar

All the code produced through this funding will be open-sourced.

For me a very important point.

I like to support this proposal, although it is very expensive. It will add real value to our hive community.
Thank you for this great idea and good luck with the proposal and the realization of your idea.

0
0
0.000
avatar

Thank you for your support @condeas.

This project must be open-sourced because, as it involves the security of the accounts, its code must be audited.
I trust myself enough to already use it, but I will be even more reassured when several other people trust the code as much as I do.

0
0
0.000
avatar

I am not the greatest fan of oauth. However since oauth is used by many big companies I can't help but ask: What is the primary difference between HAS and Oauth and why is HAS superior?

0
0
0.000
avatar

HAS and oAuth are quite similar.
The main difference with oAuth is that HAS does not rely on a third-party authorization service.
Users are always in control of their keys and can manage the permissions they give to applications at the lowest level.

0
0
0.000
avatar
(Edited)

This is incredibly amazing!
Back then,I could remember how joyous we all were when different projects came up to help authentication on Steemit[our old home]. Even tho we had to input our PK on these apps, it was far better than inputting our details on those bunch of sites.
Now, this Line of Tech just got evolved with HAS.
Dammmmn! Kudos on this.

0
0
0.000
avatar

If this project takes place it’s a better future for us.. this is really nice.. following the fact that it will make things easier for us. Good one

0
0
0.000
avatar
(Edited)

So, instead of talking to Hive Keychain the apps would need to talk to HAS? Is this a simplification of the messaging part? In the end, we would still need Hive Keychain to be installed and populated with our keys.

Anyways, great work.

0
0
0.000
avatar

Thank you @ervin-lemark

instead of talking to Hive Keychain the apps would need to talk to HAS?

Yes

Is this a simplification of the messaging part?

To be honest, no. But that's not what the project aims to improve.

In the end, we would still need Hive Keychain to be installed and populated with our keys.

Yes, but you will have to do it only once and will stop disseminating your keys on multiple devices/browsers

For some, HAS may be irrelevant.
But for those like me who connect from several devices (multiple desktops, mobile, tablet) or who wish to be able to use a public computer (with no Keychain extension installed, fear of even typing you key, or even no key at hand), it's more than an interesting solution.

0
0
0.000
avatar

I see. thank you very much for your explanation.

Good luck with the project and implementation.

Me, jumping to the proposals site to vote for it :)

0
0
0.000
avatar

Thank you for your support 🙇

0
0
0.000
avatar

I will definitely support this proposal and will let our core devs in Telos to undergo this process. What I was trying to think about is that Telos TLOS tokens to be incorporated to Hive-engine too.

0
0
0.000
avatar

You got my support. Sounds like a great project and we’ll thought out. Actually I have total faith in all your Hive endeavors. I’ll vote for it right now. 😁

0
0
0.000
avatar

This is so good! Imagine how far Hive can get into and woah I can (in the future) sign in to many apps (given that if those apps are willing to collaborate with Hive).

I usually use the same thing to almost all websites as I don’t like to create new accounts when signing up. Example, my canva account and many more are all “sign in using google”. I can only imagine a very hassle free with HAS infrastructure!

This is so great @arcange and I love to know more about this project!

0
0
0.000
avatar

Is the that not already in keychain mobile with QR code scanning? I brought that up months ago and i thought that was on the To do list :)

0
0
0.000
avatar

Up to now, QR code scanning in Keychain is to import your keys from the browser extension.
It does not allow you to authenticate (for nowtm)

0
0
0.000
avatar

I thought that was already on the list :) Because it would be super cool for payments to.

0
0
0.000
avatar

Hello @arcange… I have chosen your post about “-Hive Authentication Services - Announcement and Proposal-” for my daily initiative to re-blog - vote and comment…
09.jpg
Let's keep working and supporting each other to grow at Hive!...

0
0
0.000
avatar

This would be so awesome!
I use different devices and interfaces.
When switching between the devices this would make things much more easy!
I really hope this is going to happen.💪

!PIZZA

0
0
0.000
avatar

How interesting. This would save me a lot of headaches when entering any of the dApps. 😎

0
0
0.000
avatar

Thank you for your approval of the proposal @charsdesign, much appreciated!

0
0
0.000
avatar

Dude, your apps are very impressive and I use them all the time. Thank you for your hard work in making #hive easy, safe, and enjoyable to use! 👍

0
0
0.000
avatar

Is this key the same thing as Google Authenticator?
Maybe for more reliable security in the future.

0
0
0.000
avatar

It's quite the same because you will need your mobile device at hand to sign in (kind of 2FA) while being much easier to set up and use.

0
0
0.000
avatar

Sounds really good, practical and safe 😊😊

0
0
0.000
avatar

This is fantastic and and it will make things way mkt secure and safe. This is very useful for every hive user. Great work

0
0
0.000
avatar
(Edited)

Supported, God-Damn you did put a lot of effort into this already. Im-'F-ing'-pressive.

0
0
0.000
avatar
(Edited)

amazing idea.... you are really working hard to achieve this... has i have been struggling to login into peakd.com via hivesigner. But concepts of hive authentication service is super super amazing, thumbs up 👍 for appreciation of your hard.

thankyou so.. much for such a providng amazing service to us.

0
0
0.000
avatar

i have been struggling to login into [peakd.com] via hivesigner.

I have heard that sentence so many times. Hence why I created HAS to make the sign-in process as simple as possible.

0
0
0.000
avatar
(Edited)

You make such great apps for Hive, I totally support this, and I don't think the price is beyond what you deserve. I just always worry about these expensive proposals putting a lot of selling pressure (if sold on the market) than buyers can keep up with since we are still a relatively small community. I don't think the price of hive matters that much except that heavy downward price action hurts adoption. No big complaints though, if hive dips I'll be sure to buy it, especially with developments like this.

0
0
0.000
avatar

I'm really impressed you did it again, this is a really cool feature, I'm so excited to see HAS being used to log-in in the common websites and applications
Thanks for bringing great stuff to the community

0
0
0.000
avatar

100% supported!
This will be a great step in the right direction @arcange.

0
0
0.000
avatar

Very interesting. It seems to meet the basic criteria for adopting technologies, such as usefulness and ease of use. Plus, it's cheap (free, actually) and can look like fun. You just need to keep working on another key criterion: social influence. I hope your proposal will become popular.

0
0
0.000
avatar

@arcange

Thank you for contacting me. You have my support! This is a wonderful creation... and a much needed one I feel! Look forward to seeing how things turn out.

!LUV @tipu curate !WINE

0
0
0.000
avatar

Fully supported. I am still going through the technical details stuff but overall this is needed for the majority of the HIVE community.

Proven this can scale and stay resilient enough (because it will be another point for attacking the blockchain), I see this making ANY user be able to use ANY hive app, which is a needed tier for the new users that are not used to dealing with the increased security the HIVE Blockchain has in comparison with other single key based ones.

I love those push and approve methodologies (like some 2FA apps have). But there are challenges ahead... I will dive into those on the other post you made.

0
0
0.000
avatar

Thank you @forykw

Proven this can scale and stay resilient

It's how it has been designed. More about it in the coming posts.

it will be another point for attacking the blockchain

I don't think so. Again, I will explain why in another post.

0
0
0.000
avatar

Good idea, bad moment. Seems like hive could have a grow periot soon if this kind of dapps are up and running, but is our grow just stagnated right now? Splinterlands is booming the grow like nothing else, Is it posible to HAS to work properly with Splinterlands? Basically all games needs and force players to use hivekeychange...

0
0
0.000
avatar

Why a bad moment? The Hive blockchain is all but stagnating.

Is it posible to HAS to work properly with Splinterlands?

Of course, we are working on it.

0
0
0.000
avatar

Voted and re-blogged. Thanks for your work.

So, if my understanding is correc, if i wanted to sign into an "outside" account (or a Hive Dapp) which supported HAS, then i could choose to sign in with my atma.love pseudo anonymous account, OR a completely anonymous Hive alt account, so having the choice how much about me i disclose to those viewing my profile in the application which i have signed in to. Make sense?

0
0
0.000
avatar

Thank you for your support @atma.love, really appreciate it! 👍

if i wanted to sign into an "outside" account (or a Hive Dapp) which supported HAS, then i could choose to sign in with my atma.love pseudo anonymous account

Yes, that's correct.

0
0
0.000
avatar

This is a great proposal!
I just try to understand the need for 325 HBD/day, 100k+/year, which is quite a lot.
How many people will be working on it on a daily base?
How much of the budget is going into 'Work done for previous months'?

Posted Using LeoFinance Beta

0
0
0.000
avatar

Thank you @captainklaus

The "'Work done for previous months" is 3 months nearly full-time design, development, tests, deployment, ...
Currently, 3 people are working on the project. Expect another to join us soon to handle communication/support.

0
0
0.000
avatar

your account is your key

Finally something unique is happening on hive to protect our account from stolen or compromise. HAS is typically act like bridge in between any sites whether its web 2.0 or web 3.0 generation. Dev really developing to present hive in more wider circle where easily we have a choice of decentralised platform to be connected through ecommerce or any other general sites and apps. Well done hive communities for progressing towards huge success.

0
0
0.000
avatar

This is a fabulous idea. IMO it's a gamechanger and will make blockchain and crypto and places like Hive so much more accessible. Also, if it protects privacy, unlike, well, you know, well,I am in! Thank you @arcange!

0
0
0.000
avatar

Well... gotta hand it to you @arcange. This makes a lot of sense and is needed too. I'll vote for this proposal with all of my accounts. I'm just glad to see that there are people, like yourself, working hard to innovate here on Hive. It's my hope that we can make this a better place to human and what your working on here is something that fits the bill.

So thank you. 🙌

I'll also let you know...

I have re-established my witness vote in your direction. I see you as someone willing to connect with the users and your doing a lot to make Hive a user-friendly social environment. Accountability is also something your focused on and I do appreciate the statistics your putting out in visual form. That's really important.

Previously I had removed my witness vote... But I am convinced that you are someone that can be trusted. You are human after all and despite previous shortcomings I think you are a standUP dev with follow through and vision for the blockchain. 🙌

Water under the bridge my friend. 😊

@wil.metcalfe

0
0
0.000
avatar

This is a great idea! We need some authenticators on here just like our key logins

Would be nifty when our Hive login will be cross platformed & integrated into other services for easy access, like within browsers or certain devices. It just comes down to ownership & security of our accounts.

To have a better grip on our private keys which have control not just for our wallets, but our content we can branch out from the Hive with simplicity, flexibility & security. Kinda like an RFID lets us in a building or Bluetooth connects with our headphones

Thanks for everything you are contributing! All this problem solving will create a better platform for all of us

0
0
0.000
avatar

That looks like a fantastic proposal, really usefully and needed. Count with my vote.

0
0
0.000
avatar

I must say is indeed convenient for all . Please make it happened 👍👍

0
0
0.000
avatar

I thinks it's really a good idea and a huge development for HIVE, supported!!

0
0
0.000