Add identity change
This commit is contained in:
Jay Graber
parent
3d6bdc8e0b
commit
7b584518b5
|
|
@ -24,7 +24,7 @@ OAuth is currently the most successful identity standard. OAuth was created as a
|
|||
|
||||
### Identity in federated applications:
|
||||
|
||||
Email is the most successful federated social application. As a result, many user identifiers in federated applications look similar to email addresses.
|
||||
Email is the most successful federated social application. As a result, many user identifiers in federated applications look similar to email addresses. Federated identity systems rely on DNS.
|
||||
|
||||
- [Diaspora](../applications/diaspora.md) - User identities in Diaspora are tied to their pod, and cannot be migrated. Diaspora uses the Webfinger protocol to discover users from other pods. User information is returned via hCard, an open microformat standard for identity.
|
||||
|
||||
|
|
@ -38,7 +38,7 @@ Email is the most successful federated social application. As a result, many use
|
|||
|
||||
### Identity in p2p applications:
|
||||
|
||||
P2p systems that put identity entirely in the hands of users must deal with [key management](##key-management), key verification, and key backup. Account recovery is usually not possible, because there is no third party to recover an identity if a user loses their password or key.
|
||||
P2p systems that put identity entirely in the hands of users must deal with [key management](##key-management), key verification, and key backup. Account recovery is usually not possible, because there is no third party to recover an identity if a user loses their password or key. The following p2p identity systems are independent of DNS.
|
||||
|
||||
- [Aether](../applications/aether.md) - Identities in Aether are keypairs. Users can choose a custom nickname, but it is not unique. Multi-device usage is possible, but difficult, and requires manually porting a user config file across devices.
|
||||
|
||||
|
|
@ -56,9 +56,9 @@ In 2001, Zooko Wilcox-O'Hearn named three desirable properties of decentralized
|
|||
|
||||
- [ENS](https://ens.domains/) - The Ethereum Name Service gives users a `.eth` domain associated with an Ethereum address, or allows them to manage DNS names they already own. It is managed by a smart contract on the Ethereum blockchain. Names are allocated through an [auction process](https://medium.com/the-ethereum-name-service/a-beginners-guide-to-buying-an-ens-domain-3ccac2bdc770).
|
||||
|
||||
- [Blockstack](https://www.blockstack.org/) - Blockstack originally registered names on the Bitcoin blockchain, and later became a general purpose blockchain platform.
|
||||
- [Blockstack](https://www.blockstack.org/) - Blockstack originally built a DNS system for decentralized app development on the [Bitcoin blockchain](https://bitcoinmagazine.com/articles/how-blockstack-uses-bitcoin-base-their-decentralized-app-ecosystem), and later [migrated to to a custom blockchain](https://www.blockstack.org/p/roadmap) with smart contract programming functionality.
|
||||
|
||||
- [Handshake](https://handshake.org/) - Handshake is a blockchain naming protocol for ownership rights to Top Level Domains, as a decentralized alternative to DNS. Names are allocated through an [auction process](https://www.namebase.io/blog/tutorial-3-basics-of-handshake-auction-and-bidding/).
|
||||
- [Handshake](https://handshake.org/) - Handshake is a blockchain designed for allocating ownership right to top level domains through an [auction process](https://www.namebase.io/blog/tutorial-3-basics-of-handshake-auction-and-bidding/). It uses a UTXO model, like Bitcoin, and implements smart contract programming functionality on top.
|
||||
|
||||
## Decentralized Identifiers (DIDs)
|
||||
|
||||
|
|
@ -88,25 +88,21 @@ There are DID implementations, but few applications, as it is still new and unte
|
|||
|
||||
Systems that place identities fully in the hands of users, such as p2p systems, blockchain identity systems, and DIDs, encounter the problem of key management. Providing a key management method that is secure yet convenient for users is a major design challenge. Users commonly lose and forget both passwords and cryptographic keys.
|
||||
|
||||
The increasing popularity of cryptocurrencies has created new solutions for secure private key management. The most secure solutions, such as [hardware wallets](https://coinfunda.com/best-cryptocurrency-hardware-wallets/) and [third-party custody services](https://www.investopedia.com/news/what-are-cryptocurrency-custody-solutions/#:~:text=Put%20simply%2C%20cryptocurrency%20custody%20solutions,of%20bitcoin%20or%20other%20cryptocurrencies.), are appropriate for high stakes keypairs that may control large amounts of money, but not suitable for social applications that are accessed more frequently and casually.
|
||||
The increasing popularity of cryptocurrencies has created new solutions for secure private key management. The most secure solutions, such as [hardware wallets](https://coinfunda.com/best-cryptocurrency-hardware-wallets/) and [third-party custody services](https://www.investopedia.com/news/what-are-cryptocurrency-custody-solutions/#:~:text=Put%20simply%2C%20cryptocurrency%20custody%20solutions,of%20bitcoin%20or%20other%20cryptocurrencies.), are appropriate for high stakes keypairs that may control large amounts of money, but not suitable for social applications that are accessed more frequently and casually. Web wallets, such as the [Metamask](https://metamask.io/) browser extension for Ethereum, provide a more usable solution for decentralized applications. Many decentralized applications built on Ethereum perform authentication through Metamask. In the long term, a better interface for decentralized applications would rely on key management being handled by the user's browser. New browsers with support for cryptocurrency, such as [Brave](https://brave.com/), handle [key management for multiple wallets](https://support.brave.com/hc/en-us/articles/360035488071-How-do-I-manage-my-Crypto-Wallets-) natively in the browser.
|
||||
|
||||
Web wallets, such as the [Metamask](https://metamask.io/) browser extension for Ethereum, provide a more usable solution for decentralized applications. Most decentralized applications built on Ethereum perform authentication through Metamask.
|
||||
To recover lost keys, users must turn to a third-party. Applications striving for decentralization have attempted to split that trust across multiple parties. Social recovery systems give users a process to place key backups in the hands of trusted friends and family. Some examples of social key recovery implementations include [Dark Crystal](https://darkcrystal.pw/), a user interface for splitting keys into shards that are shared with trusted friends and family, and [Argent](https://medium.com/argenthq/decentralised-and-seedless-wallet-recovery-5fcf7dddd78d), an Ethereum wallet that allows users to back up wallets among "Guardians", which can be trusted people, devices, or third-party services.
|
||||
|
||||
Brave browser, which enables micropayments between users, advertisers, and publishers, handles [key management for multiple wallets](https://support.brave.com/hc/en-us/articles/360035488071-How-do-I-manage-my-Crypto-Wallets-) natively in the browser.
|
||||
|
||||
[Torus](https://tor.us/) is a key management system that allows users to use OAuth with existing user accounts to authenticate with decentralized applications. It uses a Distributed Key Generation protocol and distributes key shards across a network of nodes running a private BFT network. The key is reassembled after the user authenticates.
|
||||
|
||||
[Dark Crystal](https://darkcrystal.pw/), a project in the ssb ecosystem, implements social key recovery. User keys are split into shards that are shared with trusted friends and family, and can later be used to reconstruct a lost key.
|
||||
The decentralized app ecosystem has also attempted to come up with usability improvements beyond password-based authentication. [Torus](https://tor.us/) is a key management system that allows users to use OAuth with existing user accounts to authenticate with decentralized applications. It uses a Distributed Key Generation protocol and distributes key shards across a network of nodes running a private BFT network, which sends the shards back to be reassembled when the user authenticates. [Magic Link](https://magic.link/) is a service that provides an SDK for applications to easily build email "magic link" logins compatible with private keys. On the backend, it uses DID tokens and delegates key storage to an AWS HSM.
|
||||
|
||||
## Reputation & Trust
|
||||
|
||||
Reputation in decentralized networks is established using many of the same [mechanisms](http://www.lifewithalacrity.com/2005/12/collective_choi.html) as reputation in centralized networks: ratings, peer connections, and metrics such as follower counts. Reputation systems in decentralized networks also suffer from sybil attacks and spam, addressed below.
|
||||
Reputation in decentralized networks is established using many of the same [mechanisms](http://www.lifewithalacrity.com/2005/12/collective_choi.html) as reputation in centralized networks: ratings, peer connections, and metrics such as follower counts. Reputation systems in decentralized networks also suffer from sybil attacks, spam, and impersonation, addressed below.
|
||||
|
||||
## Failure modes
|
||||
|
||||
- Sybils and spam - Spam, and the creation of many fake users to carry out attacks or misinformation campaigns, are problems for existing centralized social networks. These problems are also present in decentralized networks, and approaches to combat them are still evolving. Federated architectures allow server administrators to intervene and block or filter malicious accounts. However, ongoing harassment and abuse through sockpuppet accounts in Mastodon has motivated the creation of [OCapPub](https://gitlab.com/spritely/ocappub/blob/master/README.org), an object-capability based upgrade of ActivityPub. Steemit, a blockchain social network, requires new user registrations to be approved by a centralized service in order to combat the problem of fake accounts created to rig the voting system that determines monetary rewards for posts. P2p systems also struggle with spam and sockpuppets, although they have not seen a level of adoption that leads to high levels of abuse yet. Aether requires a hash computation to be performed for every event posted, raising the computational power required to mass spam the network.
|
||||
- Sybils and spam - Spam, and the creation of many fake users to carry out attacks or misinformation campaigns, are problems for existing centralized social networks. These problems are also present in decentralized networks, and approaches to combat them are still evolving. Federated architectures allow server administrators to intervene and block or filter malicious accounts. However, ongoing harassment and abuse through sockpuppet accounts in Mastodon has motivated research into directions such as [OCapPub](https://gitlab.com/spritely/ocappub/blob/master/README.org), an object-capability based version of ActivityPub. Steemit, a blockchain social network, requires new user registrations to be approved by a centralized service in order to combat the problem of fake accounts created to rig the voting system that determines monetary rewards for posts. Aether requires a hash computation to be performed for every event posted, raising the computational power required to mass spam the network.
|
||||
|
||||
- Impersonation - Attempts to impersonate users for fraud or defamation purposes are widespread on centralized social networks. This threat also exists in decentralized social networks, although it has not been exploited to large extent because these networks have not achieved the same scale and prominence.
|
||||
- Impersonation - Attempts to impersonate users for purposes of fraud or defamation are widespread on centralized social networks. This threat also exists in decentralized social networks. Networks that do not have an unique human-readable identifier, such as ssb, are likely more vulnerable to this form of attack, as comparison of public keys is a complex behavior that users are not familiar with. In federated naming systems that include a server address in the username, the full address including the server name must be displayed to users in cases where there may be possible collisions.
|
||||
|
||||
## Links
|
||||
|
||||
|
|
@ -116,3 +112,4 @@ Reputation in decentralized networks is established using many of the same [mech
|
|||
- [DIDs](https://github.com/didecentral/didecentral.github.io)
|
||||
- [DID Primer](https://github.com/WebOfTrustInfo/rwot5-boston/blob/master/topics-and-advance-readings/did-primer.md)
|
||||
- [Rebooting the Web of Trust Papers](https://decentralized-id.com/literature/rebooting-web-of-trust/)
|
||||
- [DKMS](https://github.com/hyperledger/aries-rfcs/blob/master/concepts/0051-dkms/dkms-v4.md)
|
||||
|
|
|
|||
Loading…
Reference in New Issue