12 June 2018
A cautionary tale of reinventing the wheel and history repeating itself in the name of blockchain…
Recently, at the European Identity & Cloud Conference (EIC) 2018, I delivered a talk titled ‘Lessons Learned from Integrating with Blockchain Identity Providers”. It’s probably the only time I’m going to give this talk, and it seemed to go down well if only as a cautionary tale, and as an example of past mistakes and failed technologies repeating themselves.
You can find the original slides on SlideShare.
Why Would I Do This?
Back in November/December, this little thing called Bitcoin had a dramatic surge in value, and as a result, there was a rush to put anything and everything “onto the blockchain”. Something about Web 3.0 and ICOs.
This all sounded very exciting to me, and I wanted to get involved. Now, I’m not going to pretend to be an expert on blockchain, but I still wanted to contribute in some way...
05 February 2018
Recently I’ve been looking into blockchain for decentralised identity and authentication. I’m not sure how I feel about blockchain for authentication yet, but I can definitely see the befits of having some sort of decentralised identity system. It turns out there are a lot of identity blockchain projects out there already, some even have released products (and yes, others already gone bust).
I like learning by doing, and from my initial research I’ve found Civic to be one of the more popular platforms. So, what I’m going to do is dig into the technical aspects of the Civic platform and, in a separate article, integrate with it using ASP.NET Core.
05 February 2018
This article pairs with another article: “Technical Review of Civic’s Secure Identity Platform”. The verdict is that the current implementation has some very strange design decisions that do not add anything to the overall security. Instead, a standardised approach should have been taken using OAuth or OpenID Connect, as opposed to the current self-rolled authentication protocol.
To get started with civic, I’m going to use it as an authentication method in an ASP.NET Core application. This will use the ASP.NET Core MVC Visual Studio template, with no authentication. Authentication is going to be triggered manually using a login button in the sites header.
You can find the completed proof of concept on GitHub.