Blockchain-based Authentication
or
"Beyond the Bubble: A Drupal Ethereum module"
#DrupalEthereum @digitaldonkey09
About me
- 20 years web development
- 10+ years with Drupal
- 2+ years in Ethereum
- Developer at ConsenSys
@digitaldonkey09
Overview
- Blockchain basics
- Ethereum Blockchain
- Blockchain Applications
- UX challenges
- Drupal Ethereum Module
- Authentication with Ethereum
Blockchain Basics
Imagine the Blockchain as a
"Decentralized & Distributed Consensus Database"
"0xd62e7da1d30af2abed70f0ec677fefe0a0db5774 owns 5 Bitcoin"
agree
agree
agree
agree
agree
agree
✘
Blockchain Basics
Decentralized
P2P consensus
No central authority
Any state change requires a cryptographically signed Transaction
Global ledger with immutable records
Data can be updated, but older revisions remain public
BLOCKCHAIN
Timestamps
Currency
Digital Signatures
Accounts
Immutable Ledger
Basic Blockchain components
BLOCKCHAIN
Timestamps
Currency
Digital Signatures
Accounts
Immutable Ledger
Transactions
Transactions, Blocks & chaining
- "Writing to Blockchain" requires a private key to sign a transaction
- Blocks
- contain a hash of the last block
- are created about every 17 seconds
time
Blockchain's promises
"Sharing Economy" of
Uber, Airbnb
Centralized User Data,
Facebook, Google
Reduce costs of
middlemen
Self-sovereign
user identity
Internet of
Information
Crypto enthusiasts see the new layer of trust and value as Web3.0
Visionary talk by Don Tapscott: How the Blockchain is changing money and business
Internet of
Trust and Value
Ethereum Blockchain
"Ethereum is an open-source,
public, blockchain-based
distributed computing
platform featuring smart
contract functionality"
Ethereum - Global or Private
Private Consortium
Blockchain
(permissions, privacy)
Global Public
Blockchain
Ethereum Blockchain
Decentralized
P2P consensus
No central authority
Cryptographically Signed Transactions
To change state (or 'write to') the blockchain
Immutable Distributed Ledger
Programmable
money:
Smart Contracts
What is a Smart Contract?
- Can run automatically when certain conditions are met
- Addressable, can handle money / escrow, Turing-complete
Contract crowdFound
if (time_is_out && account_balance) > $10,000
move account_balance to founded_account
else
move donation_account to original_donor
(pseudocode)
Smart contracts are programs with code and state stored on the blockchain
ETHEREUM BLOCKCHAIN
Timestamps
Currency
Digital Signatures
Accounts
Immutable Ledger
Ethereum Blochain components
Smart Contracts
Tokens
Multi-party Signatures
Registries
Oracles -
off-chain input
Summing up
- Ether is the currency in Ethereum
- Computations cost "gas" (payed in ether) to run
-> anti-spam and incentivizes miners to run the network - Data changes to a blockchain create immutable audit trails
- Blockchain data is public! (on public chains, if not encrypted)
- Smart Contracts: Code deployed to the blockchain that can control funds
-
Ethereum Improvement Proposals (EIPs) and Ethereum Requests for Comments (ERCs)
describe standards for the Ethereum platform, including core protocol specifications, client APIs, and contract standards.
Blockchain
Applications
- Peer-to-peer Music / [add our digital good here] markets
- Asset Management: Trade Processing and Settlement
- Supply chain records
- Voting, Self-governing organizations
- Tokenized ownership
- Sustainable Journalism
- Incentivizing Renewable Energy infrastructure
- Peer-to-peer Airbnb, Über, food delivery ... with lower fees
- Self-sovereign identity
Blockchain Applications
The decentralized long term perspective
or
How I imagine decentralized, localized business of the future
Übermorgen
Übermorgen
[German: The day after tomorrow]
How can we create standard for any kind of transportation business, which features transparency, diversity and fairness?
Übermorgen
approaching a decentralized transportation standard
DRIVER
PLATTFORM
CUSTOMER
STANDARD
Übermorgen
approaching a decentralized transportation standard
- Chooses a favorite platform
(like today with Über, Lift, RideShare, Food / package Delivery Service....) - The platform is the Trademark/Brand. It sets service type, quality, payment options
CUSTOMER
Übermorgen
approaching a decentralized transportation standard
DRIVER
- Driver is the service fulfilling entity
- owns his data with a private key
- may join multiple platforms
- data and history access-controlled by a Smart Contract he controls
- Can point to files published to a decentralized file system (IPFS, DAT, etc.)
- uses a Dapp to work with multiple platforms
- Provides various services like
- Taxi rides
- PickUp/delivery
- Long distance rides
Übermorgen
approaching a decentralized transportation standard
- Provides a marketplace for services like like taxi, rideshare, food or package delivery
- Ensures service quality by verifying Drivers
- May set requirements (black car, red bicycle, min 5 tons transport capacity ... )
- Takes escrow for the rides and is responsible for conflict resolution / customer service
- Takes it a predefined share as transaction fees
PLATTFORM
Übermorgen
approaching a decentralized transportation standard
- define Contracts and data standards for decentralized data
- find allies and work on a Ethereum Improvement Proposal (EIP) or (ERC)
- gather feedback from business people
- rethink, iterate...
STANDARD
Blockchain Applications
Lower hanging fruits
- Payments, Money transfers
- Paywall, Micropayment
- Donations, tipping
- Signature Systems
Verify-able, timestamped signatures for anything - Bounties
- Subscriptions Services (EIP-948)
User interaction
Ethereum Keys can
- Signing requires user interaction (if you don't host the keys )
- Signing Transactions (writing anything to the blockchain is a transaction, also sending money, deploying code)
- Signing text (Signatures, off chain)
- You may use the key for Encryption (not recommended)
-
Ethereum Address is derived from the private key
--> account is independent from the network
UX Challenge - Transaction Signers
- How to interact with a Dapp? (Decentralized Application)
- Literally the key for the user
- Metamask is most popular
- Connects via Infura.io or any other Ethereum node
- Key in the Browser. Uses seed phrase
- How we get to a standard for TX signers for a great audience?
- Lost keys have no PW reset
Ethereum wallets, Identity providers ...
"Web of wallets"
by Bobby Dresser (uPort)
The Front-end challenge
- How to make users not lose their key?
- Deal with Identity contracts (no ECverify available)
- integrate multiple wallets to allow users to chose
- is the user/wallet on the right network?
- unlocked account ? (if you need his address to interact)
- How onboard new users, which have no wallet?
- Idea of Metamask Mascara Wrapper
⇢ Experiment interaction UX
⇢ watch and help to develop standards for Dapp interaction
Digital Identity
Digital Identity Today
Is proprietary / Isn't self owned
- Facebook / Google
- Visa, Master, Bank account
-
Equifax-> Random hackers - State IDs / Passports
You pay for your "free" online identity by exposing your privacy
You can be excluded ("You may leave if you don't like the new Terms & conditions")
Self Sovereign Identity
The Idea of decentralized identifier (DID)
- You create a claim:
"My address is 949 Metropolitan Av, Brooklyn" - Others attest your claim:
"New York State verifies that this person is registered at this address with the offical NYS signature" - As a developer you would chose which attestation entities you consider trustworthy
Many people work on this
- uPort (ConsenSys)
- Blockstack
- http://www.weboftrust.info
- http://identity.foundation
- https://sovrin.org
- https://www.civic.com
Drupal Ethereum module
Drupal Ethereum Module
- Founded and abandoned in 2014
- New approach started 2016
- PHP Library (Ethereum-PHP)
- POC for signup with registry
-
Currently
- finalizing infrastructure
- UX research
Current web
Ideal decentralization
How to connect Drupal and Ethereum?
Semi-decentralization
Client side signing using Transaction-signers
Server just pulls data
(no private key on Server)
Architecture challenges
Ethereum-PHP Library
- Abstract Ethereum JsonRPC API
- strict Datatypes, keccak hash , EC-Verify in PHP
- SmartContract Objects
- Lots of tests, ability to test against smart contracts
- API documentation: http://ethereum-php.org
- https://packagist.org/packages/digitaldonkey/ethereum-php
- TODOs
- complex data types Arrays + Lists
- Testing framework for PHP library for various Ethereum clients
- Contract Event Listening
Mapping Ethereum to Drupal
Infrastructure modules
Servers (Ethereum-nodes)
List Servers, gather information (Server Entity)
Deployability, Testability
Accounts
Ethereum Addresses
Map Accounts to Drupal Accounts
➡ Identity for known user group
Transactions
Read (own contracts/known ABI)
Log TX based on Contract interaction
Process Events data in Drupal
Smart Contracts
Manage deploy as Drupal Admin
Provide ABI to process data in Drupal & frontend
Watch for Blockchain Events triggers by Contracts
Ethereum Module
current state
- Main
- Manage Networks
- Manage Servers
- Manage Contracts
- Submodule Ethereum Signup
- Submodule Ethereum User connector
- Iterating on Transaction signers
Why two
Authentication modules?
Ethereum Signup
Text
Text + Private Key => Signature
Text + Signature Text => Public Key (--> Ethereum Address)
Ethereum User Register
Two signup modules?
Ethereum Signup
- Challenge/response authentication
- No Blockchain interaction - no fee
Just Elliptic Curve cryptography - Uses externalauth module
Ethereum user connector
- Smart contract with registry
- May be changed to a paywall
- Transaction require little payment in Ether
- Example module for contract interaction
Experimental
Mascara & Dapp launcher
Visualize TX signer state
Initialize dapplet when requirements are met
Architecture summary
Current state
-
"User connector" (former POC)
connects Ethereum accounts and user profiles via registry contract ("paywall").Refactoring to new infrastructure. - "Signup"
currently in github branch feature-ethereum_signup - Docker's
https://github.com/digitaldonkey/docker-drupal-ethereum
Drupal Ethereum module
Roadmap
Finalizing infrastructure modules (MVP)
Drupal Ethereum module
Lots of Thanks to early
contributors & testers
and all others I talked to
(Commit stats refer to the various involved projects)
Questions & Thank You
-
Evaluate use cases, join discussion
https://gitter.im/drupal_ethereum
https://groups.drupal.org/ethereum - Tweet about #DrupalEthereum
thorsten.krug@consensys.net
@digitaldonkey09
The development of Drupal Ethereum Module
Has been sponsored by ConsenSys
@ConsenSys
https://consensys.net
https://slides.com/digitaldonkey/drupal-ethereum-drupalhackcamp
Beyond the Bubble – Blockchain Applications and the Drupal Ethereum Module
By Thorsten Krug
Beyond the Bubble – Blockchain Applications and the Drupal Ethereum Module
Presentation about Drupal Ethereum module at Drupal Hack Camp Bucharest 2018
- 2,576