Jonathan Silverblood
3.8 KiB
Status: Incomplete draft
Abstract
CashID is an open protocol that allows secure authentication based on the public key cryptography infrastructure that is currently present in the Bitcoin Cash ecosystem. By authentication we mean to prove to a service provider that we control a specific Bitcoin Cash address by signing a challenge request that links the users address and optional metadata to a task or session with the service provider.
Motivation
Secure authentication and safe storage of credentials is useful for many things, and with added metadata we enable the following usecases:
- Register to a service as a 1-step process.
- Register to a service automatically as part of a payment.
- Authenticate to a service to login without a password.
- Authenticate to a service to act as 2FA complementing existing passwords.
- Provide access control to locks based on payment.
Specification
Workflow
When a user needs to access a restricted area (physically or digitally), they are given a challenge request in the form of the following data:
cashid:domain.tld/command?x=[nonce]
This challenge request can either be transmitted via a QR code, NFC or by any other implementation specific transmission method.
Request structure
cashid://domain.tld/command?x=[nonce]&a=[addr]&r=[scope]&o=[scope]
Parameters
x= nonce a= bitcoin address r= required metadata o= optional metadata
Metadata
Identification is represented by the letter i followed by a list of numbers corresponding to the following table.
| Number | Name | Data type | Description |
|---|---|---|---|
| 1 | Name | String | The first / given name |
| 2 | Last name | String | The last / family name |
| 3 | Middle name | String | Extra names |
| 4 | Nickname | String | A nickname or username |
| 5 | Picture | String | URL to a profile picture, or Base64 encoded image |
| 6 | Age | Integer | The number of years the person has lived |
| 7 | Gender | ??? | The sex of the person |
| 8 | Birthdate | Date | The date of birth... what format? |
| 9 | Identification | string | National identification number |
Location is represented by the letter l followed by a list of numbers corresponding to the following table.
| Number | Name | Data type | Description |
|---|---|---|---|
| 1 | Country | String | Name of the nation |
| 2 | State | String | Name of the state or province |
| 3 | City | String | Name of the city |
| 4 | District | String | Name of the district, region or neighborhood |
| 5 | Postal Code | String | .... |
| 6 | Street Name | String | Name of the street, without the street number |
| 7 | Street Number | String | The street number |
| 8 | Apartment | String | Building or apartment number |
| 9 | GPS | String | Comma-separated list of longitude and latitude |
Contact information is represented by the letter c followed by a list of numbers corresponding to the following table.
| Number | Name | Data type | Description |
|---|---|---|---|
| 1 | String | Email address | |
| 2 | IM | String | Instant Messenger protocol handle |
| 3 | Social | string | Social media service handle |
| 4 | Mobile Phonenumber | string | Personal cellphone number |
| 5 | Home Phonenumber | string | Residence phone number |
| 6 | Work Phonenumber | string | Work phone number |
Rationale
Passwords is an inherently flawed concept (based on sharing secrets) that is increasingly getting hidden away from the users by means of password managers, 'remember me' and single-signon features. Public key cryptography provides a more secure method for authentication where the users secret is never shared.
The problem with public key infrastructure is that managing private keys securely is complex, but this complexity is now being addressed in the cryptocurrency ecosystem which makes it possible to safely implement a better authentication system.
Resources
Supply a functional regexp!
- 1: that parses the request string
- 2: that parses the metadata scope