Blockchain-based Authentication
or
"Beyond the Bubble: A Drupal Ethereum module"
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/4993845/HackCampLogo.png)
#DrupalEthereum @digitaldonkey09
About me
- 20 years web development
- 10+ years with Drupal
- 2+ years in Ethereum
- Developer at ConsenSys
@digitaldonkey09
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/4143623/twitter-128.png)
Overview
- Blockchain basics
- Ethereum Blockchain
- Blockchain Applications
- UX challenges
- Drupal Ethereum Module
- Authentication with Ethereum
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/3739258/EthEntAliance.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/4869612/cnbc-regulations.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/4869615/cnn.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/4869617/Fed.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/4869620/nyt-beyond-the-bubble.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/4869622/swiss-info.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/3742648/uk-gove-report.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/3739257/sheik-tweet.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/4870360/berners-lee-fortune.png)
Blockchain Basics
Imagine the Blockchain as a
"Decentralized & Distributed Consensus Database"
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/3721035/database-512.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/3721035/database-512.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/3721035/database-512.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/3721035/database-512.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/3721035/database-512.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/3721035/database-512.png)
"0xd62e7da1d30af2abed70f0ec677fefe0a0db5774 owns 5 Bitcoin"
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/3721113/speech-bubble-512.png)
agree
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/3721113/speech-bubble-512.png)
agree
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/3721216/speech-bubble-512-left.png)
agree
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/3721216/speech-bubble-512-left.png)
agree
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/3721216/speech-bubble-512-left.png)
agree
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/3721113/speech-bubble-512.png)
agree
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/3728392/Bitcoin_Logo.png)
✘
Blockchain Basics
Decentralized
P2P consensus
No central authority
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/3728318/network.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/3728324/Database-300x300.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/3728330/publickey.png)
Any state change requires a cryptographically signed Transaction
Global ledger with immutable records
Data can be updated, but older revisions remain public
BLOCKCHAIN
Timestamps
Currency
Digital Signatures
Accounts
Immutable Ledger
Basic Blockchain components
BLOCKCHAIN
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/4152581/transaction.png)
Timestamps
Currency
Digital Signatures
Accounts
Immutable Ledger
Transactions
Transactions, Blocks & chaining
- "Writing to Blockchain" requires a private key to sign a transaction
- Blocks
- contain a hash of the last block
- are created about every 17 seconds
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/4152581/transaction.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/4152580/TX-to-Block.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/4152580/TX-to-Block.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/4152580/TX-to-Block.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/4152580/TX-to-Block.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/4152591/TX-to-Block--dotted.png)
time
Blockchain's promises
"Sharing Economy" of
Uber, Airbnb
Centralized User Data,
Facebook, Google
Reduce costs of
middlemen
Self-sovereign
user identity
Internet of
Information
Crypto enthusiasts see the new layer of trust and value as Web3.0
Visionary talk by Don Tapscott: How the Blockchain is changing money and business
Internet of
Trust and Value
Ethereum Blockchain
"Ethereum is an open-source,
public, blockchain-based
distributed computing
platform featuring smart
contract functionality"
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/4346763/ethereum-logo.png)
Ethereum - Global or Private
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/4346749/private-chain.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/4346763/ethereum-logo.png)
Private Consortium
Blockchain
(permissions, privacy)
Global Public
Blockchain
Ethereum Blockchain
Decentralized
P2P consensus
No central authority
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/3728318/network.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/3728322/coin.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/3728330/publickey.png)
Cryptographically Signed Transactions
To change state (or 'write to') the blockchain
Immutable Distributed Ledger
Programmable
money:
Smart Contracts
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/3728324/Database-300x300.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/3728324/Database-300x300.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/3728324/Database-300x300.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/3728324/Database-300x300.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/3728324/Database-300x300.png)
What is a Smart Contract?
- Can run automatically when certain conditions are met
- Addressable, can handle money / escrow, Turing-complete
Contract crowdFound
if (time_is_out && account_balance) > $10,000
move account_balance to founded_account
else
move donation_account to original_donor
(pseudocode)
Smart contracts are programs with code and state stored on the blockchain
ETHEREUM BLOCKCHAIN
Timestamps
Currency
Digital Signatures
Accounts
Immutable Ledger
Ethereum Blochain components
Smart Contracts
Tokens
Multi-party Signatures
Registries
Oracles -
off-chain input
Summing up
- Ether is the currency in Ethereum
- Computations cost "gas" (payed in ether) to run
-> anti-spam and incentivizes miners to run the network - Data changes to a blockchain create immutable audit trails
- Blockchain data is public! (on public chains, if not encrypted)
- Smart Contracts: Code deployed to the blockchain that can control funds
-
Ethereum Improvement Proposals (EIPs) and Ethereum Requests for Comments (ERCs)
describe standards for the Ethereum platform, including core protocol specifications, client APIs, and contract standards.
Blockchain
Applications
- Peer-to-peer Music / [add our digital good here] markets
- Asset Management: Trade Processing and Settlement
- Supply chain records
- Voting, Self-governing organizations
- Tokenized ownership
- Sustainable Journalism
- Incentivizing Renewable Energy infrastructure
- Peer-to-peer Airbnb, Über, food delivery ... with lower fees
- Self-sovereign identity
Blockchain Applications
The decentralized long term perspective
or
How I imagine decentralized, localized business of the future
Übermorgen
Übermorgen
[German: The day after tomorrow]
How can we create standard for any kind of transportation business, which features transparency, diversity and fairness?
Übermorgen
approaching a decentralized transportation standard
DRIVER
PLATTFORM
CUSTOMER
STANDARD
Übermorgen
approaching a decentralized transportation standard
- Chooses a favorite platform
(like today with Über, Lift, RideShare, Food / package Delivery Service....) - The platform is the Trademark/Brand. It sets service type, quality, payment options
CUSTOMER
Übermorgen
approaching a decentralized transportation standard
DRIVER
- Driver is the service fulfilling entity
- owns his data with a private key
- may join multiple platforms
- data and history access-controlled by a Smart Contract he controls
- Can point to files published to a decentralized file system (IPFS, DAT, etc.)
- uses a Dapp to work with multiple platforms
- Provides various services like
- Taxi rides
- PickUp/delivery
- Long distance rides
Übermorgen
approaching a decentralized transportation standard
- Provides a marketplace for services like like taxi, rideshare, food or package delivery
- Ensures service quality by verifying Drivers
- May set requirements (black car, red bicycle, min 5 tons transport capacity ... )
- Takes escrow for the rides and is responsible for conflict resolution / customer service
- Takes it a predefined share as transaction fees
PLATTFORM
Übermorgen
approaching a decentralized transportation standard
- define Contracts and data standards for decentralized data
- find allies and work on a Ethereum Improvement Proposal (EIP) or (ERC)
- gather feedback from business people
- rethink, iterate...
STANDARD
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/4995489/DriverContract.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/4995575/PlatformContract.png)
Blockchain Applications
Lower hanging fruits
- Payments, Money transfers
- Paywall, Micropayment
- Donations, tipping
- Signature Systems
Verify-able, timestamped signatures for anything - Bounties
- Subscriptions Services (EIP-948)
User interaction
Ethereum Keys can
- Signing requires user interaction (if you don't host the keys )
- Signing Transactions (writing anything to the blockchain is a transaction, also sending money, deploying code)
- Signing text (Signatures, off chain)
- You may use the key for Encryption (not recommended)
-
Ethereum Address is derived from the private key
--> account is independent from the network
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/4156062/bw-lock-broken.png)
UX Challenge - Transaction Signers
- How to interact with a Dapp? (Decentralized Application)
- Literally the key for the user
- Metamask is most popular
- Connects via Infura.io or any other Ethereum node
- Key in the Browser. Uses seed phrase
- How we get to a standard for TX signers for a great audience?
- Lost keys have no PW reset
Ethereum wallets, Identity providers ...
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/5008877/MetamaskSignTX.png)
"Web of wallets"
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/5003112/web-of-wallets-v1.png)
by Bobby Dresser (uPort)
The Front-end challenge
- How to make users not lose their key?
- Deal with Identity contracts (no ECverify available)
- integrate multiple wallets to allow users to chose
- is the user/wallet on the right network?
- unlocked account ? (if you need his address to interact)
- How onboard new users, which have no wallet?
- Idea of Metamask Mascara Wrapper
⇢ Experiment interaction UX
⇢ watch and help to develop standards for Dapp interaction
Digital Identity
Digital Identity Today
Is proprietary / Isn't self owned
- Facebook / Google
- Visa, Master, Bank account
-
Equifax-> Random hackers - State IDs / Passports
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/4870264/fingerprint.png)
You pay for your "free" online identity by exposing your privacy
You can be excluded ("You may leave if you don't like the new Terms & conditions")
Self Sovereign Identity
The Idea of decentralized identifier (DID)
- You create a claim:
"My address is 949 Metropolitan Av, Brooklyn" - Others attest your claim:
"New York State verifies that this person is registered at this address with the offical NYS signature" - As a developer you would chose which attestation entities you consider trustworthy
Many people work on this
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/4870264/fingerprint.png)
- uPort (ConsenSys)
- Blockstack
- http://www.weboftrust.info
- http://identity.foundation
- https://sovrin.org
- https://www.civic.com
Drupal Ethereum module
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/3734009/Drupal-ethereum-module.png)
Drupal Ethereum Module
- Founded and abandoned in 2014
- New approach started 2016
- PHP Library (Ethereum-PHP)
- POC for signup with registry
-
Currently
- finalizing infrastructure
- UX research
Current web
Ideal decentralization
How to connect Drupal and Ethereum?
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/3728846/Ethereum-ideal.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/3733268/current-architecture.png)
Semi-decentralization
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/3300559/semi-decentralized.png)
Client side signing using Transaction-signers
Server just pulls data
(no private key on Server)
Architecture challenges
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/4158910/architecture-challenges.png)
Ethereum-PHP Library
- Abstract Ethereum JsonRPC API
- strict Datatypes, keccak hash , EC-Verify in PHP
- SmartContract Objects
- Lots of tests, ability to test against smart contracts
- API documentation: http://ethereum-php.org
- https://packagist.org/packages/digitaldonkey/ethereum-php
- TODOs
- complex data types Arrays + Lists
- Testing framework for PHP library for various Ethereum clients
- Contract Event Listening
Mapping Ethereum to Drupal
Infrastructure modules
Servers (Ethereum-nodes)
List Servers, gather information (Server Entity)
Deployability, Testability
Accounts
Ethereum Addresses
Map Accounts to Drupal Accounts
➡ Identity for known user group
Transactions
Read (own contracts/known ABI)
Log TX based on Contract interaction
Process Events data in Drupal
Smart Contracts
Manage deploy as Drupal Admin
Provide ABI to process data in Drupal & frontend
Watch for Blockchain Events triggers by Contracts
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/4346723/icon--nodes.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/4346724/icon--account.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/4346725/icon--smartContract.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/4346726/icon--signature.png)
Ethereum Module
current state
- Main
- Manage Networks
- Manage Servers
- Manage Contracts
- Submodule Ethereum Signup
- Submodule Ethereum User connector
- Iterating on Transaction signers
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/4873824/ManageNetwork-editNode.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/4873828/ManageNetwork.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/4873819/ManageContract.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/4873830/UserConnectorConfig.png)
Why two
Authentication modules?
Ethereum Signup
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/5000887/ChallengeResponseAuthDiagram.png)
Text
Text + Private Key => Signature
Text + Signature Text => Public Key (--> Ethereum Address)
Ethereum User Register
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/5000889/EthereumRegistryDiagram.png)
Two signup modules?
Ethereum Signup
- Challenge/response authentication
- No Blockchain interaction - no fee
Just Elliptic Curve cryptography - Uses externalauth module
Ethereum user connector
- Smart contract with registry
- May be changed to a paywall
- Transaction require little payment in Ether
- Example module for contract interaction
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/4346713/icon--signature-white.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/4346716/icon--smartContract-white.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/4871091/mascara-wrapper-ui.gif)
Experimental
Mascara & Dapp launcher
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/4871134/App-init-example.png)
Visualize TX signer state
Initialize dapplet when requirements are met
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/4871098/mascara-wrapper-UML.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/4873537/Drupal-architecture-diagram.png)
Architecture summary
Current state
-
"User connector" (former POC)
connects Ethereum accounts and user profiles via registry contract ("paywall").Refactoring to new infrastructure. - "Signup"
currently in github branch feature-ethereum_signup - Docker's
https://github.com/digitaldonkey/docker-drupal-ethereum
Drupal Ethereum module
Roadmap
Finalizing infrastructure modules (MVP)
Drupal Ethereum module
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/5010491/DrupalStreamboat.png)
Lots of Thanks to early
contributors & testers
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/4870672/contributors.png)
and all others I talked to
(Commit stats refer to the various involved projects)
Questions & Thank You
-
Evaluate use cases, join discussion
https://gitter.im/drupal_ethereum
https://groups.drupal.org/ethereum - Tweet about #DrupalEthereum
thorsten.krug@consensys.net
@digitaldonkey09
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/3733188/twitter-128.png)
The development of Drupal Ethereum Module
Has been sponsored by ConsenSys
@ConsenSys
![](https://s3.amazonaws.com/media-p.slid.es/uploads/76781/images/3733188/twitter-128.png)
https://consensys.net
https://slides.com/digitaldonkey/drupal-ethereum-drupalhackcamp
Beyond the Bubble – Blockchain Applications and the Drupal Ethereum Module
By Thorsten Krug
Beyond the Bubble – Blockchain Applications and the Drupal Ethereum Module
Presentation about Drupal Ethereum module at Drupal Hack Camp Bucharest 2018
- 2,469