Closed Bug 1083012 Opened 10 years ago Closed 10 years ago

Blockchain-based global authentication system

Categories

(Core Graveyard :: Identity, defect)

defect
Not set
normal

Tracking

(Not tracked)

RESOLVED INVALID

People

(Reporter: mozilla, Unassigned)

References

()

Details

(Keywords: sec-want, Whiteboard: authentication, Persona)

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:32.0) Gecko/20100101 Firefox/32.0
Build ID: 20140924083558

Steps to reproduce:

I tried to find a usable system for global identity management.


Actual results:

All systems are based on service providers.

Drawbacks:
- Providers can go out of business
- Servers can fail by technical failures or Denial-of-Service attacks
- Different service providers mean different identities
- Service providers can (be forced to) forge identities



Expected results:

The Namecoin project has extended the Bitcoin blockchain-concept to self-register globally unique human-readable names and publish a data set for each globaly unique name (https://wiki.namecoin.info/index.php?title=Identity, https://en.wikipedia.org/wiki/Namecoin). As storage and signing of a blockchain are done decentralized the registrations and the content of the data set cannot be forged. So I suggest to implement a blockchain into mozilla products to register globally unique names and authenticate with services (asymmetric key pair of blockchain account).

Benefits:
- No providers -> no manipulation/discontinue of service
- No servers -> no outtages/DoS-vulnerability
- One globally unique identity per user
- Unlimited number of pseudonyms per user by additonal identities
- Secure login with asymmetric keys -> no password reuse/social engineering

As transport protocol I suggest RTCweb to allow browsers to participate without additional bridges/connectors.
Keywords: sec-want
OS: Linux → All
Hardware: x86_64 → All
Whiteboard: authentication, Persona
If you want to start a discussion about adding a feature to a mozilla product, please use a mailing list.

If you want to discuss identity, dev-identity might be a good start. Otherwise, maybe dev-platform?

Closing. Best of luck :-)
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → INVALID
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.