# Sign in With Ethereum Community Call #7 ### Date: 2021/12/02 ### Agenda: - [General] Reader Notes & Updates - [General] Introductions - [Show & Tell] SIWE Updates - [General] Q&A ### Reader Notes & Updates - SIWE library is out and can be found [here](https://github.com/spruceid/siwe) - The [Discord](http://discord.gg/WjvuYqvm5Y) server is always open for questions and those that wish to participate. - We're working on support for different languages and integrations, please reach out if you're interested in a SIWE integration ### Introductions - [Austin Roberts] - With Rivet, normally Greg is here. The more technical counterpart of Rivet. - [Karl Mozurkewich] - Here as an independent community contributor. I work for OpenText and involved in many open source projects. We work on B2B federation exchange, OIDC heavy and we've had our eye on SSO integrations with DIDs for a while. It's very exciting to see this cohort mature. - [Gene Stakhov] - I've been on only one of these calls several weeks back. I'm also in the ECM space and I learned about this through ConsenSys' blockchain academy bootcamp. Still nascent in this (programming and blockchain) - however I can contribute, happy to do so! - [Caleb] - Working with a company called HID Global doing MFA. Also very much an Ethereum enthusiast on the side. Interested in following this and take what I learn and bring it into the fold at work. ### SIWE Updates - [Wayne] - Basically we're going to talk about three to four things. Because we've resolved a lot of the comments in the GitHub issue and the conversation moving to ETHMagicians, I'm going to go over the spec from the beginning to the end. We're not going to go too much into detail but we're going to go over the major sections. - The link to the pull request is on login.xyz, the discussions are on ETHMagicians. Most recently, Micah Zoltu was being thoughtful in thinking that private keys shouldn't be considered identities but rather, identifiers. Micah wanted to make sure there was support for smart contract based wallets so we can build more sophisticated identity systems. - [Review of the SIWE spec - covering the abstract, signing request, the ABNF defined message template, contract account support, ENS resolution, and guidelines for implementers] - On previous calls we had design goal recommendations and additional functional requirements. We have achieved rough consensus on the design goals - if nobody uses it, it isn't worth the effort. We also added a number of discussions and acknowledgments. If you've made contributions and aren't seen on the specification, reach out. - [Wayne] We've also created some test suites such as negative and positive tests for parsing validation. We also added a version field to adapt to a new format if needed. From the last community call we made minor changes like using a different `authority` for the domain - Sam Wilson made great comments about the intent on situations like this. Also we added a non-required but `should` suggestion to have phishing attack prevention from the wallet side. #### Other Language Implementations - [Wayne] We have two new languages being built simultaneously. We will be building the IdP in Rust, which we'll have an implementation for, and we're also implementing SIWE in Ruby. A lot of people use Ruby on Rails so you can `gem install siwe-rails` so people can sign into Ethereum into common Rails apps. After we figure out the final licensing we'll make it public. ### Q&A - [Brantly] - When merge on the EIP? - [Wayne] We're waiting for the maintainers and we need one more person to approve it. - [Brantly] - Thank you very much for all the work in the last mile. - [Rocco] - Just wanted to add a note about a [Figma community component](https://www.figma.com/community/file/1047625951123719630) that has been released. It includes two forms of the Sign-in with Ethereum button to copy and use as a component in any of your Figma design files. - [Wayne] - We want it so if anyone supports OAuth2 or OIDC should also easily allow Sign-In with Ethereum against a trusted IdP that is hosted by a neutral party. We want to make sure it's a neutral host so we're still discussing this but nothing stops us from getting this in a sandbox environment. - (Chat) [Karl Mozurkewich] - If it’s written in Rust we can host it ephemerally on an edge compute service such as fastly. - A lot of Web2 account systems assume email, but Ethereum accounts have the ability to be less information revealing than Web2 systems. You can generate a new one at any time - but we want to be able to reconcile Web2 systems that need email accounts. One possible solution is already having a trusted IdP and having an Ethereum address added with an already implied email. One easy system for something like Rails, you can add an Ethereum address as a link to an existing account and allow users to sign-in with either/or. - [Wayne] - One more update on how the thinking has progressed: it's possible to interpret the signing as a delegation to a session key. Imagine you have a new key that you can give a reduced set of privileges to. This allows you to achieve a similar UX to Web2. It's an interesting way to think about it. - [Tim Coulter] - I want to ask a question - I'm trying to build an application that stores user data encrypted locally in the client and optionally they can send. it to a server. If you can think of the interaction much like 1Password where you have your encrypted password data and your master password - where you can sync the encrypted data between the devices. I want your wallet to be a part of the encryption process. I don't know if that applies to this group - what you may have just mentioned may be the answer. - [Wayne] - I really like the direction of that. One of the limiting factors here is wallet standardization. MetaMask might be the only one to publish an encryption/decryption API as part of the model. - [Tim] - If there's a way to pick people's brains later, would love some time. I also posted a thread on Twitter about trying this if anyone is interested in tackling this. I saw the previous attempts at a standard which have been dropped. - [Wayne] - Coordination is the hardest part. - [Karl] - We're kickstarting a project that's a decentralized social media project that has an embedded wallet in a mobile app using DIDs and VCs. It's a user-focused kind of familiar experience but we're looking to also sign arbitrary data.