Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Authentication: Ethereum and Smart Contracts, Part 4

DZone's Guide to

Authentication: Ethereum and Smart Contracts, Part 4

In this fourth and final part of our series, we conclude by giving a summary of all the points covered throughout these posts.

· Security Zone
Free Resource

Discover how to protect your applications from known and unknown vulnerabilities.

Welcome to the conclusion of our series! In this quick article, we'll sum up what we've learned over the course of our series on Ethereum and Smart Contracts in Part 1, Part 2, and Part 3. Enjoy!

Conclusion

We have taken our simple authentication for Ethereum accounts concept from our previous post and expanded it to make it more convenient. Let's review our design goals from the beginning of this post:

  • It should allow users with an Ethereum address to use that address to log in to a third-party website (that supports this login method). After registration, users can log in to any site implementing this protocol using their Ethereum address or email address.
  • It should be easy to use and reasonably easy to setup. It is simpler than our previous example and simple enough for typical Ethereum users: one mobile app to install, one transaction to execute once.
  • It should not compromise the security of the user's Ethereum account. Logins are now handled using a separate Ethereum account so the user does not need to expose his valuable Ethereum account.
  • It should allow users to recover their credentials in case of loss or theft. In the case of theft of the mobile device, the user can create a mapping to a new account for logins using his primary Ethereum address.
  • It should not require knowledge of contracts or manually calling contract methods. The mobile wallet app and Metamask combined to isolate users from interacting with contracts directly.
  • It should have reasonable latency for a login system (no more than a couple of seconds). Logins are only affected by network latency between the authentication server and the mobile device. In other words, they are as fast as any login system.
  • It should not cost users gas (or money) to log in. Users only spend Ether once when first setting up their account. After that, logins to any third party websites do not use gas or Ether.
  • It should be reasonably easy for developers to implement in their apps. Developers can implement this by calling two endpoints of a RESTful API. Really simple.

Not bad for our initial research into integrating Ethereum with classic technologies. This shows Ethereum can be integrated into traditional applications today. The platform works, and the concept of decentralized applications is picking up steam.

If you enjoyed this series on Ethereum and Smart Contracts, check out Sebastian Peyrott's article series on Ethereum and Blockchain, which we subdivided into four parts that discuss the basics of blockchain technology, Smart Contracts and Ethereum's programming language, Solidify, current and potential uses of blockchain technology, and how to use Ethereum's blockchain to create a login system

Find out how Waratek’s award-winning virtualization platform can improve your web application security, development and operations without false positives, code changes or slowing your application.

Topics:
security ,blockchain ,ethereum ,smart contracts

Published at DZone with permission of Sebastián Peyrott, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

THE DZONE NEWSLETTER

Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

X

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}