Clear net authentication

I was reading a few medium articles about distributed authentication when it dawned on me that SAFENetwork would be rather good at this out of the box.

Example flow:

  1. User enters SAFENetwork public message id as username on clear net site.
  2. Clear net site sends authentication request message (say, a sha256 hash) to public message id, receiving public key in process.
  3. User’s authentication app asks user to confirm authentication request is valid. If so, It echoes message as reply, signing it in the process.
  4. Site confirms receipt and that signature is valid and logs user into clear net site.

Variations could be to have small of large TTL to allow shorter/longer revocation time.

The authentication app would be a pretty simple bolt on to SAFENetwork messaging layer, as used by chat demo app.

No passwords, no oauth, no leaking of personal data.

I am sure better solutions could improve on this, but it would be pretty slick and secure, from a brief ponder on it.

Edit: note that site would need a client/agent installed to communicate with SAFENetwork.

12 Likes

Good thinking @Traktion. This is similar to how WebID works I think, which is how Solid does single login for multiple services (among other things).

So one way of implementing what you describe is to emulate WebID using SAFE. I haven’t looked into the detail, but hinted at it in my DevCon talk.

If you recall when I explained the content of the blog post in Turtle format, I pointed out that it included a reference to further information about the author of the blog post via a URI: https://happybeing/card#me

That is a WebID, and if I understand it correctly one of the things you can put in there is your public key (though I said ‘private key’ by mistake in the recording :blush:).

3 Likes