Sign in With Ethereum Community Call #11

# Sign in With Ethereum Community Call #11 ### Date: 2022/03/01 ### Agenda: - [General] Reader Notes & Updates - [General] Introductions - [Show & Tell] SIWE Updates (core library updates (Ruby, Rails, Go), OIDC updates (auth0 / ENS), documentation updates, discourse updates) - [Q&A] ## Relevant Links - [Documentation Portal](https://docs.login.xyz) - [`siwe-go` in progress](https://github.com/spruceid/siwe-go) - [ENS proposal](https://discuss.ens.domains/t/a-credibly-neutral-sign-in-with-ethereum-identity-provider-server/11001) ## Reader Notes and Updates - SIWE library is out and can be found [here](https://github.com/spruceid/siwe). - The [Discord](http://discord.gg/WjvuYqvm5Y) server is always open for questions and those that wish to participate. - We're working on support for different languages and plugins, please reach out if you're interested in a SIWE integration. - Documentation: if you're about to embark, let us know what you think would be best to include! All feedback is welcome. ## Introductions - [Queenie] - From imToken, a wallet from Asia. I registered for this meeting quite a long time ago and I was based in Singapore so the time difference never worked. This time I was attending ETHDenver so I'm still in New York and have a chance to be here. - [Maverick] - I've been building in the space since 2017, most recently just left DecentDAO (a venture studio) and now I'm working on decentralized identity. I was originally on the first few calls and haven't checked in since, excited to be back. - [CRNFT] - My name is Lukas I'm a cofounder of CRNFT, a curation protocol. We're working on a marketplace and are a community of architects, designers, and artists. - [Karl M] - Just getting caught up, excited to see where Sign-In with Ethereum is at. Some B2B projects in the identity space and federation, have some contributions there. Also my hands in some consumer facing identity projects as well. ## Updates - [Rocco] - We've had a number of core library updates from our side. Recently, a couple of announcements include the release of our Ruby library, as well as three Rails examples on how to integrate SIWE into a Rails app. They can both be found in the Sign-In with Ethereum documentation. All the repositories have been made public with open licensing for anyone to take off the shelf. - [Wayne] - It was challenging implementing some of these because a lot of these web frameworks expect some kind of identity provider but we're implementing direct authentication. You have to either fib that you have an IdP for example to get it working. Since we got it working for SIWE, if people want to add support for WebAuthN, you would follow the same exact path. We're pretty happy about this and looking forward to feedback. - We also tried to design it so that it was minimally invasive so if you wanted to drop a table to get rid of the integration, you can. We also tried to nix the requirement to have an email in some frameworks - your identity is your email typically, so even though we can allow SIWE for some of these, they might need an email for core features. - [Rocco] - A lot of the pieces around Ruby on Rails was informed by traditional applications that use it as a framework. Afri who manages the Ethereum-Ruby implementation was instrumental in getting this past the finish line so shoutout to him. - Along with the other library updates, as mentioned in the January blog post, we've also been working on a Go library. We're in the final stages of making sure it's all working and that the functionality is there. I believe we're also working on the packaging for this as well - hopefully this should be 'released' this week with a blog as well. - In terms of libraries, we're also finalizing our NextAuth implementation. As we mentioned in our previous post, apps that use Next.js would be able to use this as an authentication strategy. - [Wayne] - One thing I want to add - conversation that comes up: how is this related to DIDs. In some interpretations, this is DID authentication. If you take the stance that public keys are DIDs, you can authenticate with a new method that's based on Sign-In with Ethereum. Basically there's a lot of flexibility in the spec for VCs, VPs, etc. Depends on what you mean by DID Authentication, but there's a fair argument that Ethereum addresses can be DIDs even without key rotation. - [Rocco] - Just want to move onto a few more updates: the documentation portal has some updates like the Community Highlights section for contributing members with guides and libraries. There's some external apps being highlighted here as well. Would love if anyone is working on these, to let me know and I can get them included in this section. Also in the documentation, we've since added a code of conduct. This applies to the community call and the public channel in the Discord. Take a look at it, read it, and make sure you understand it. - Continuing to hop right through things, we are putting up a proposal with the ENS community to have a community-run IdP that's managed by a DAO and contracted party. - [Wayne] - Basically when you're signing in with an intermediary, there might not be incentive compatibility. Having an IdP run by a non-profit or DAO could be a really good consideration. We prefer direct authentication, but sometimes this isn't the case for more traditional applications. When we were trying to implement support for Rails and other providers, they expect an intermediary to shuffle the data around. People do use IdPs and they can add another one super easily if they can speak the OIDC protocol. - Maybe we can just support that in a credibly neutral way and add SIWE. It defeats the purpose if a private company hosts it, so we think it's most appropriate for the community to host it so it's more geared towards decentralization. We can also build the server in a way that's information minimizing for those interactions. We can also hire 3rd party auditors for reporting and provide straightforward upgrade paths. - [Rocco] - As part of the last updates, a few new blog posts have gone out in support of SIWE (importance of sessions and capabilities). Lastly, we are in the completion stage of our discourse plugin which we went through hell and high-water to get it running. (demonstration of Discourse plugin). As part of this, a user can authenticate using their Ethereum account. Users still need to verify and associate an email with an account, but the core authentication happens using SIWE. The plugin currently supports MetaMask and WalletConnect. When you first sign up, you can use your public key or ens name as your username, but you can set it to whatever you want. ## Questions - [Queenie] - There are some other similar solutions in the market right now like Torus and Magic, and I think they're quite aggressive after raising a ton of money from VCs. What are the next plans and go-to-market strategy here? - [Wayne] - If you're looking at Magic and Torus, they're doing it the other way around - starting from a Web2 account and authenticating into Web3 services. - In terms of adoption, you have to figure out the benefit for people and with any standard that's network effects. The more folks adopt, the more wallets will be interested in supporting and providing a superior experience for users. You can make something more attractive, or make it easier to adopt. - [Rocco] - Might be good to mention the community IdP and any comments or concerns around it. - [Wayne] It's an experiment - we need to figure out how to run it in the most decentralized way possible. That's why we made it so lightweight. The state you need to manage is minimized, so that level of portability and low overhead was our plan to make it easy for any organization to be able to run it and manage it. Spruce serving as a vendor here can be switched at any time.