Account Management Using OneName

written in Identity, OneName

How many website accounts have you created over the last few years? Take a moment and really think about it.

If you are anything like me this number is probably somewhere past 100. In recent years signing up got a little better since services like OAuth gave us the tools to at least re-use some of the wasted seconds signing up for a service and use this account for the next service we want to register to. The problem with this solution though is that your account and thus identify is still managed by a centralised entity.

A few days ago however OneName popped up. They claim to be an easy way to receive bitcoins by giving people who want to pay you just a username. The technology behind the service however is capable of doing much more then that. OneName is not just a website; it is a a identity management tool based on the Namecoin blockchain.

In essence the thing named OneName is two different things all together:

  1. The OneName protocol: A protocol for managing identities.
  2. The site: A block-explorer for viewing these identities.

The first one is the most interesting one since it gives us a decentralised solution for OAuth like services. Imagine the following.

You have registered an OneName identity. OneName spend a lot of time getting their interfaces right so creating your own identity is actually pretty darn simple. Under the hood your OneName identity is protected by private key that only you have access to. You are the owner of this identity and only you can manage it.

Third-party websites can use the fact that your identity is governed by a private/public keypair by generating a unique challenge that you should sign using your private key that your identity is based on. If you pass the challenge it’s proof you own this identity and it is safe to log you in as said user. This has a couple of benefits:

  1. Less passwords. The only thing you need to keep protected is your private key. The only password you will need is the one unlocking this key.
  2. Less sign-ups / seperate accounts. Most sites need the data that’s already locked away in your profile [1] anyway so having a seperate sign-up and login action probably isn’t required anymore.

It does introduce one big downside, losing access to your private key or ,even worse, somebody stealing it might give access to a lot of your accounts all at once. This begs the question if having one account to rule them all is even something we should strife for to begin with…

[1] See “Profile Format v0.2” on the OneName readme.