Thomson Reuters has announced it is planning to launch BlockOne ID, a new ID verification platform for blockchain developers. The set of tools will allow developers to control an access to their ethereum smart contracts.
The beta version of the developer tools will become available next week. As the company noted, only appropriately authenticated users will be able to use developers’ decentralized applications (dapps).
“When your DApp uses BlockOne ID, only logged-in users may use your dapp to make changes to the blockchain. In other words, totally anonymous users who’ve just rocked up with a keypair and some Ether won’t be able to (ab)use your dapp,” the company explained in a documentation.
Security is one of the main issues that worry developers, taking into account the recent DAO attack, which resulted in a theft of $60 million. Developers earlier had no information about the users of their smart contracts and didn’t know if they made any changes to the blockchain.
With BlockOne ID, dapps are protected from hacking attacks as only logged in users can utilize non-constant methods in smart contracts. Besides, only the section of their wallet will be visible to the dapp. Meantime, the signing occurs in a TR-domain popup and the dapp code will not have an access to the private keys of users.
“All transactions sent by your dapp are intercepted by BlockOne ID’s signing hook, which pops up a browser window hosted from a TR domain where the user enters their wallet password, and the transaction is signed on the user’s machine,” the documentation reads.
“At the smart contract level, the registration of your dapp with BlockOne ID causes the creation of an “entitlement contract” for your dapp. The non-constant (state-changing) methods in your contracts may call a query method on this entitlement contract (which checks that the account sending the transaction is registered to use that dapp) prior to allowing them to perform any changes to the blockchain.”
To use the platform, developers have to register a dapp via BlockOne ID, fill out the form with their dapp name, ID, and logo. Then, they have to add terms and conditions, which will be displayed when users first try to use a smart contract. After the registration is completed, the dapp becomes available to users who accepted the terms and conditions.
To verify their identity, users can log in via OAuth 2.0, which is supported by Facebook, Google, Twitter, and LinkedIn.
As the company noted, it may introduce further developments into the platform and improve dapp developer and user experience. The potential improvements include the ability to see the users who are registered to use your dapp, the ability to revoke access to your dapp by certain users, as well as transaction signing by a BlockOne ID mobile app what will enable the release of mobile dapps.