Account authentication

A web extension that uses your HD wallet to sign authentication messages and lets you log in into online services. Backup is in your wallet.

Author of the cardano transaction editor. Prize winner on the Plutus Pioneer Capstone challenge.

[IMPACT]

Your browser extension web wallet is great, it comes handy when you need to pay online. However, that is the smallest part of your needs online. Most of the time you must manage each of your accounts with service providers. You must authenticate to access their service, most of the time by username and password. Your service provider stores those users & passwords, and when they get hacked, your account passwords end up floating on the internet. To reduce that risk you use password managers, to use a different password on every service & keep track of it.

Wouldn't it be awesome if your wallet would take care of authenticating you? Your wallet can sign authentication messages. What would be more secure than actually logging in with your own keys? Your keys, your coins, your accounts. You are in complete control & ownership.

It is already possible. In the Hive blockchain, they use this system to authenticate users, their web extension wallet manages different types of keys. One for authentication to their social network, one for spending your funds. Their innovation can be incorporated to be compatible with Cardano and allow us to profit from it and use also our own innovations. It will unlock, as it has done in Hive, not only social media applications but the highest growing sector in crypto: Gaming.

Most blockchains focus on finance, of course we all need money it is a super important and thus there are a lot of undeserved markets & promising ventures to work on. However, you will daily login to services more than you will send/receive a payment. Authentication is a big problem and we wing it with username & password. Public-key cryptography solves the authentication problem, we just need to use it and have it handy in our wallets.

Today, we have HD wallets and their derivation paths. We can pick one path to serve authentication purposes, and thus never mix them with your hard earned ADA. This would provide the same level of security and authentication that public key cryptography offers to secure you funds to secure your accounts. It also becomes an immediate two factor authenticator. You have your keys and your know your unlock password and both components are in your control instead of stored by your online service provider.

Additionally, you stop needing to remember passwords, even to have a password manager, or use Google authentication services. This is great for user and application developers, because all authentication happens at the cryptographic level and the user is in full control and custody of their login keys.

If you read attentively, you'll notice this project suffers from the two-sided market problem. Creating supply and creating demand. It needs users to want to authenticate with their wallets and it needs service providers offering that authentication option. Although both sides benefit, none is joining without the other. It is hard to judge success on adoption, at least early on. Thus my indicators around delivery are around the base infrastructure, instead of adoption at this early stage of the project.

The biggest tailwind, is that this is an existing solution that needs to be adopted to work over the Cardano ecosystem. That is the Hive Keychain wallet(https://github.com/stoodkev/hive-keychain). A straightforward fork wont do, because of Cardano's own way of serializing thinks, key signing algorithms, hash functions. Yet, having a model product helps a lot, especially being open sourced. There is a clear goal of what needs to be copied.

[FEASIBILITY]

Everyone has a plan until they get punched in the face -- Mike Tyson.

I propose a 14 Week action plan, on dedicated focus for this web extension

Most software development is unpredictable and has little to do with the task at hand. It always requires investigating and solving problems related to dependencies. It all takes an unpredictable amount of time. Despite that, this is the best realizable timeline.

• Weekend-01-04: Build signing procedures. Help documenting Emurgo's serialization lib.
• Weekend-05-08: Web extension MVP build.
• Weekend-09-12: Draft CIP. Isolate library for signing. Write tutorials.
• Weekend-13-15: Server side playground for application developers. This is a tool for developers to learn how to integrate the authentication in their own services, not a 3rd-party authentication service.
• Weekend-16-17: Release extension into mozilla addons and google store. Outstanding bugfix

2600 USD Cloud Infrastructure 12 months. Includes Continuous Integration, build servers and later on the project hosting the authentication playground

The rest of the budget is for work compensation at an average rate of 60USD/hr. On the various tasks of Software design and implementation, documentation writing, tutorial video recording & editing, project stewardship, and other communication. Development work is done by myself. Video editing will be hired.

Currently myself. Yet I would look to contract a Backend developer

[AUDITABILITY]

Thus my indicators are around the base infrastructure, and measure deliverables instead of adoption at this early stage of the project.

• Cardano Improvement Proposal (CIP) to standardize the authentication path.
• An MVP with the login feature released in great imitation of the Hive keychain wallet, as this project web extension.
• The message signing will be available as a library for other web wallets to incorporate this feature.
• A backend message verification reference implementation released for each application provider to use. And a playground service for developers to test their wallet integration.

The Project will be developed in the open with a public git repository. Because its libraries will be used by other wallet providers and also services. It will be licensed BSD-3 clause allowing everyone incorporate this tool without worrying. It can be incorporated even on closed source application. That is important for adoption as some application developers will not release their software source code yet they need to use this open sourced library.

The long term success is: We stop creating accounts with our personal data and only sign our authentication

The definition of done is delivery of items stated in the previous section.

It is a second attempt to work on this, it almost received funding on Fund 7