Bitident selected Metaverse blockchain because the platform to help its authentication system on the blockchain.
Carried out in MyETPWallet v0.8.0, Bitident protocol permits customers to login to compatibles web sites or functions in a totally decentralized approach, utilizing their Metaverse Avatar.
Bitident protocol makes identification simple to implement for builders in search of a decentralized authentication resolution.
With the intention to confirm the identification of a consumer, a request is shipped to her or him. The consumer can then use his Metaverse pockets to signal it and the requester can lastly confirm that the signature is matching the one of many Avatar.
Bitident printed a working demo on their official web site. This protocol could be built-in into any web site that wishes to make use of Metaverse Avatars with a view to login, as a substitute of the basic e-mail/password pair, or as a decentralized 2FA as a substitute of Google Authenticator or different 2FA options.
First, the consumer has to specify which Avatar he needs to make use of with a view to login. In that instance, I’ll login utilizing my Avatar ‘metaverse’:
A QR code will likely be generated: it incorporates my request, which is legitimate for five minutes.
The following step is to signal the request with the personal key of my Avatar. This may be finished within the Authentication web page of MyETPWallet.
I can then scan the QR code utilizing MyETPWallet app, or copy/paste the request if I’m utilizing my desktop.
The request will likely be decoded with a view to confirm its data earlier than signing. The primary data are:
- Supply: it’s the Avatar who created the request. in that instance, the Avatar is ‘bitident’ and the request was signed by him. My pockets has already routinely verified that the request is certainly accurately signed by the Avatar ‘bitident’. If the signature is flawed, an error message will seem.
- Avatar: the Avatar making an attempt to authenticate, on this case ‘metaverse’. Solely this Avatar can signal the request. If I don’t personal this Avatar, the pockets will notify me that I can’t signal this request.
- Host: the request will likely be returned to the host after being signed.
- Remaining time: remaining time until the request expires.
- Callback: the total URL the place the signed request will likely be returned.
- Time of request: when the request was created by the supply.
- Timeout: the host can determine for the way lengthy the request is stay. On this demo, it expires after 5 minutes (300 seconds).
After verifying the request data, primarily the supply and host, you possibly can sort your password and signal the request which will likely be despatched again to the callback URL. This step solely indicators the request utilizing your personal key, however by no means reveals your personal key or another data to the requester. Signing the request is enough for the requester to confirm that you simply personal the Avatar.
I can now return to bitident and see that my identification was profitable:
In an actual use case, this can be utilized to login to an trade or another web site utilizing my Avatar as an authentication system.