I think a decentralized, open source, Blockchain enabled SSO would be amazing.
https://atticlab.net/eos/
1 Like
Blockchain is becoming such a toxic buzzword I think you need to elaborate here and maybe provide some real-world examples.
Even if you can see the benefit assume that others will need to be convinced, or themselves convince other stakeholders that there’s a reason for such an approach over existing technologies.
What we don’t need is just another sign in button.
Convincing people to support EOS on the other hand is going to be an uphill battle. The impartiality of the governance of their blockchain is being drawn into question, and there’s far too smoke at this stage for there to be no fire.
It may be a while before any decentralized networks have generated sufficient trust for anyone to rely on them for IdM and authentication. Every time Facebook or Twitter admits to a compromise I see sites pull those sign-in options, and they’re some of the largest identity platforms online.
6 Likes
How can I trust a decentralized and therefore public database to take care of all my users credentials. How will that platform manage the escalation if all the Discourse instances implement such feature, one of the biggest problems of the blockchain is the enormous size as the time progresses and the slowness to handle the queries of all data.
I don’t see any advantage as using a blockchain as an SSO, and I see a lot of disadvantages.
Blockchain hasn’t been able to handle the load to what it was initially designed (handling non-mutable transactions), there’s no way it will handle gracefully mutables transactions as loging in and loging out. How would that handle if a user eliminates it account? How would you delete their data and comply with GDPR?
And that’s the challenge. A lot of what you’re talking about refers to specific blockchain implementations, rather than the overall model, and that’s part of the perception that any credible IdM/SSO built on blockchain will need to overcome.
Sorry I haven’t had an opportunity to respond. I still don’t have time now to respond as thoughtfully as your concern warrants. I will say I was not in any way endorsing the example I linked to in this post or a previous post were I also made refence to another effort, Civic Blockchain enabled SSO.
The theoretical premise of Blockchain is to my knowledge, not the factor but it’s implementation. The number of technologies we can’t use at this time due to that same reason is virtually endless.
Nonetheless, I have been researching a strategy with promise for creation of a roaming or mobile profile which may or but probably will not go into production including even narrowly prescribed use of Blockchain technology.
A huge number of individuals and teams are experimenting and so my question was to cast a wide net to capture more knowledge held by people as curious as I am. One can react skeptically towards an assertion without actually practicing skepticism, which requires asking questions from a position of disciplined neutrality. Since most people don’t question, much less state their biases as you considerately have, I don’t often invite people to such topics.
On several occasions, the concept of a Blockchain SSO would creep into my thoughts.
I am not married in any way to the production usage of Blockchain right now but I would like to experiment with it. My first thought along these lines was so long ago that I was certain someone already was doing it, and was proved entirely correct in that assumption on discovering Civic has a Blockchain SSO product.
Their literature was kind of scant on facts so I got hold of a rep and asked them to clarify issues of latency, scalability, durability, and whether it’s code was open source? They got weird and answered my question with their questioning me, why I needed to know? As you can guess then, I continue to have issues with both the implementation of the Blockchain technology and the culture surrounding it.
This is probably the closest you can get right now to what you’re after:
3 Likes
Please, don’t miss understand me, maybe I sounded a bit rude as I was writing from a mobile device. I think, Blockchain has some interesting usages, but I don’t see it feasible, as the idea of blockchain is having all the information publicly available. How are you going to really decentralize the SSO, how are you going to handle regulations of erasing the data of those that opt out, as blockchain registered are immutable.
Blockchains has some interesting usage in keeping static records, with some fundamental issues that will avoid a really widespread and long lasting application (specially scalability) that simply doesn’t work in my opinion in a SSO scenario. And that are my issues, privacy with a public record, how to decentralize, how to erase data of those who want to. This issues are specific to SSO, obviating Blockchain own issues.