Web3 needs a new way to log in: Ethereum will replace centralized identity providers

Web3 needs a new way to log in: Ethereum will replace centralized identity providers

Loading

EIP-4361 allows users to use their own private key (with the corresponding address) for authentication instead of using a combination of username and password.

Original title: “Login with Ethereum: An Alternative to a Centralized Identity Provider”
Written by: Maarten Zuidhoorn
Translation: ChinaDeFi

The era of email/password login is coming to an end.

Web3 needs a new way to log in: Ethereum will replace centralized identity providers

Usually when logging in to the “Web2” service, we need to use a user name or email address and password. The service can then look up our username or email address in their internal database to see if the corresponding password matches the one we provided. Generate a random key for further authentication, usually stored in a cookie.

A new specification EIP-4361: Log in with Ethereum, hoping to change the way we log in to Web2 services by using common methods of Web3 services (such as wallets and DApps).

How does it work?

EIP-4361 describes the authentication method of existing Web2 services that use signed messages. Instead of using a combination of username and password, users can use their own private key (with the corresponding address) for authentication. For example, you can use your own private key to sign such a message:

Example.com wants you to sign in with your Ethereum account:

0x4bbeEB066eD09B7AEd07bF39EEe0460DFa261520

URI: https://example.com/login

Version: 1

Chain ID: 1

Nonce: 12345

Issued At: 2021-11-01T12:25:24Z

Web3 needs a new way to log in: Ethereum will replace centralized identity providers

Sign the authentication message on MyCrypto.

EIP-4361 uses the Enhanced Backus-Naur Form (ABNF) to define a standardized format for these authentication messages, and the service that wants to log in can verify these messages. This format follows the EIP-191 specification, which has been widely supported by many wallets. No password is required to log in, just sign the message with the private key, and you’re done. The server can verify the message and generate a key to store in a cookie.

Use ENS to disperse data

EIP-4361 is cleverly integrated with the Ethereum Name Service (ENS). If an address has a main ENS name (also called reverse record) set, the service can look up the main ENS name and parse the data based on it. For example, you can store your preferred user name, avatar, email address, or any other information in the ENS name. ENS also allows users to specify addresses of other networks, such as Bitcoin and Litecoin:

Web3 needs a new way to log in: Ethereum will replace centralized identity providers Some possible fields related to the ENS name

In this way, you can control your own data and do not need Web2 services to store this information about users. This may lead to the use of authenticated and signed EIP-191 messages to log in to authenticated applications as a standard in the future, completely eliminating the email/password combination.

Web3 needs a new way to log in: Ethereum will replace centralized identity providers

This model is essentially a decentralized, 100% normal operation, user data-owned “Gravatar”. The data is not held by a private entity, but is published to the Ethereum blockchain for use by application programs. The user will have an identity in multiple applications, and all applications will be authenticated through the user’s signature wallet.

Source link: blog.mycrypto.com

Disclaimer: As a blockchain information platform, the articles published on this site only represent the author’s personal views, and have nothing to do with the position of ChainNews. The information, opinions, etc. in the article are for reference only, and are not intended as or regarded as actual investment advice.

Adblock test (Why?)