Conceived as part of the mass media company’s recent ethereum “hackethons“, the tools will be available in beta via the BlockOne ID website starting next week. The goal, as explained by Thomson Reuters, is to allow developers to limit the use of decentralized applications (“dapps”) to users who accept the terms and conditions, making it easier to comply with common regulatory requirements, for example. Thomson Reuters head of engineering, applied innovation, Richard Collin, explained that BlockOneID combines standard authentication practices with the blockchain. Collin told CoinDesk:
“Is this user entitled to use me? We can tell them ‘yes’ or ‘no’, without them having to go off the blockchain.”
Collin compared the process to logging into eBay (or any standard web application) and accepting the terms and conditions, except in this case, the tools could be for any dapp where creators need a user to accept the terms to participate.
While it’s an experimental project (Thomson Reuters isn’t yet looking to monetize it), Collin said that it aligns with the company’s existing media and data delivery products. He cited other examples where Thomson Reuters provides a service by identifying users are before serving them content, for example, with stock prices or other data feeds.
As of next Monday, the tools will be available on Morden, the official ethereum testnet. But Collin said the company has plans to one day deploy it on the public network.
‘Register a dapp’
To begin, developers can use BlockOneID to “Register a dapp” by providing details such as a unique ID and a logo. When setting up the dApp, developers specify the terms that users need to meet in order to use a smart contract, then BlockOne ID interacts with ethereum under the hood.
“We’ll place a smart contract on the blockchain, which we will populate with the users that have gone through your terms and conditions,” Collin said.
The smart contract, he added, will contain all addresses that are allowed to use the app.
“In other words, totally anonymous users who’ve just rocked up with a keypair and some ether won’t be able to (ab)use your DApp,” the documentation explains.
Collin argued that this is something developers have historically had trouble with. “They didn’t know who was using their smart contracts. They couldn’t show they had done any diligence,” Collin said, suggested that the failure of the big ethereum project, The DAO, was one example of this. He offered a use case:
“Imagine I [have] a smart contract that accepts money for investing. I could limit the investors or people who have logged in through Facebook and my contract would only speak to those users.”
Once a dapp is registered on BlockOne ID, it’s available to users who accept the conditions.
That’s where BlockOne ID’s hosted ethereum wallet comes in. It’s a hierarchical deterministic (HD) wallet, where users can back up several private keys with a single “seed”, or passphrase composed of random words. The secure wallet structure is linked to a traditional OAuth 2.0 identity.
Users can verify their identity by signing up or logging in through OAuth using Google, Facebook, LinkedIn or Twitter, a familiar process for verifying identity, highlighting the company’s effort to build a user-friendly interface.
Once registered, users can login and accept the terms and agreements of using the app.
At a more technical level, Collin explained that BlockOneID combines standard ways of authentication with the blockchain:
“The whole idea is we have existing systems that provide identity for us, based on standard protocols like OAuth2. Here we combine those with a wallet to access the blockchain.”
But, Thomson Reuters won’t have access to a user’s private keys or passwords and are unable to act on a user’s behalf, according to Collin. A user still needs ether to pay the user fees on the network, required by all decentralized applications on the network. Although an ether balance is required, Collin said that the goal is a user-friendly service where users might not even realize that what they’re using is a blockchain app. Moving forward, Collin said they’re working on some tweaks to the user experience and other methods of confirming a member’s identity.
“I think that one of the areas we can develop is KYC and developing more interesting and trusted user identities.”